freifunk/Ansible-Configuration Changeset - 3d5ec49f81f4 · Chaos Computer Club Lëtzebuerg Projects

Changeset - 3d5ec49f81f4

Parent rev.

Child rev.

[Not reviewed]

0 1 0

x - 21 months ago 2023-08-15 02:26:43
xbr@c3l.lu

feat: copy hideme-down during gw setup

1 file changed with 8 insertions and 0 deletions:

gateway/initial_gw_setup.yml

0 comments (0 inline, 0 general)

gateway/initial_gw_setup.yml

➞

Show inline comments

@@ @@ -38,372 +38,380 @@ @@
         - lsb-release
         - ethtool
         - python3
 # Updating all packages to their latest version
     - name: Update all packages to their latest version
       apt:
         name: "*"
         state: latest
 # Reboot and reconnect
     - name: Reboot host and wait for it to restart
       reboot:
         msg: "Reboot initiated by Ansible"
         connect_timeout: 5
         reboot_timeout: 600
         pre_reboot_delay: 0
         post_reboot_delay: 30
         test_command: whoami
 # edit routing tables
     - name: add the routing table ports for freifunk
       blockinfile:
         path: /etc/iproute2/rt_tables
         backup: yes
         block: |
           # freifunk
 lux
 icvpn
 vpn
 # edit rsysctl config
     - name: add the freifunk settings to sysctl config
       blockinfile:
         path: /etc/sysctl.conf
         backup: yes
         block: |
           # Freifunk specific settings
           net.ipv4.ip_forward=1
           net.ipv4.icmp_errors_use_inbound_ifaddr=1
           net.bridge.bridge-nf-call-arptables = 0
           net.bridge.bridge-nf-call-ip6tables = 0
           net.bridge.bridge-nf-call-iptables = 0
           net.ipv6.conf.all.forwarding=1
           net.ipv6.conf.all.autoconf = 1
           net.ipv6.conf.default.autoconf = 0
           net.ipv6.conf.eth0.autoconf = 1
           net.ipv6.conf.all.accept_ra = 1
           net.ipv6.conf.default.accept_ra = 0
           net.ipv6.conf.eth0.accept_ra = 1
           net.ipv4.conf.default.rp_filter = 2
 # load kernel module
     - name: Load kernel module
       become: true
       become_user: root
       shell: modprobe br_netfilter
 # edit the module list
     - name: add nf conntrack to modules
       blockinfile:
         path: /etc/modules
         backup: yes
         block: |
           nf_conntrack
 # reload sysctl config
     - name: Reload sysctl config
       become: true
       become_user: root
       shell: sysctl -p /etc/sysctl.conf
 # Reboot and reconnect
     - name: Reboot host and wait for it to restart
       reboot:
         msg: "Reboot initiated by Ansible"
         connect_timeout: 5
         reboot_timeout: 600
         pre_reboot_delay: 0
         post_reboot_delay: 30
         test_command: whoami
 # create the Freifunk bridge interface file
 # copy default interface file to remote host
     - name: Copy interface file with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/server_config/interface/freifunk
         dest: /etc/network/interfaces.d/freifunk
         owner: root
         group: root
         mode: '0644'
 # create IPV4 Iptables rules
 # copy default IPV4 iptables rules file to remote host
     - name: Copy rulesv4 file with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/server_config/iptables/rules.v4
         dest: /etc/iptables/rules.v4
         owner: root
         group: root
         mode: '0644'
 # create dnsmasq file
 # copy default dnsmasq file to remote host
     - name: Copy dnsmasq file with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/server_config/dnsmasq/fflux
         dest: /etc/dnsmasq.d/fflux
         owner: root
         group: root
         mode: '0644'
 # Create directory fflux in fatsd
     - name: Create the directory fflux in fastd if it does not exist
       ansible.builtin.file:
         path: /etc/fastd/fflux
         state: directory
         mode: '0755'
 # create fastd config file
 # copy default dnsmasq file to remote host
     - name: Copy fastd config file with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/server_config/fastd/fastd.conf
         dest: /etc/fastd/fflux/fastd.conf
         owner: root
         group: root
         mode: '0644'
 # Create directory  peers-gw in fatsd
     - name: Create the directory peers-gw in fastd/fflux if it does not exist
       ansible.builtin.file:
         path: /etc/fastd/fflux/peers-gw
         state: directory
         mode: '0755'
 # create fastd blacklist script
 # copy fastd blacklist script to remote host
     - name: Copy fastd blacklist script with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/scripts/fastd-blacklist.sh
         dest: /etc/fastd/fflux/fastd-blacklist.sh
         owner: root
         group: root
         mode: '0755'
 # change fasts autostart to all
 # copy default fastd default file to remote host
     - name: Copy fastd config file with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/server_config/fastd/fastd
         dest: /etc/default/fastd
         owner: root
         group: root
         mode: '0644'
 # Remove client directory from openvpn
     - name: Remove client directory
       ansible.builtin.file:
         path: /etc/openvpn/client
         state: absent
 # Remove server from openvpn
     - name: Remove server directory
       ansible.builtin.file:
         path: /etc/openvpn/server
         state: absent
 # create hideme config
 # copy the default hidme config to remote host
     - name: Copy hideme config with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/server_config/openvpn/hideme.conf
         dest: /etc/openvpn/hideme.conf
         owner: root
         group: root
         mode: '0644'
 # create hideme-up script
 # copy hideme-up script to remote host
     - name: Copy hideme-up script with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/scripts/hideme-up
         dest: /etc/openvpn/hideme-up
         owner: root
         group: root
         mode: '0755'
     - name: Copy hideme-down script with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/scripts/hideme-down
         dest: /etc/openvpn/hideme-down
         owner: root
         group: root
         mode: '0755'
 # create update resolv conf
 # copy update-resolv.conf script to remote host
     - name: Copy update-resolv.conf with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/server_config/openvpn/update-resolv-conf
         dest: /etc/openvpn/update-resolv-conf
         owner: root
         group: root
         mode: '0755'
 # Create for batman installation
     - name: Create directory for batman installation
       ansible.builtin.file:
         path: /usr/src/batman-adv-{{batman}}
         state: directory
         mode: '0755'
 # Clone and check out batman repo
     - name: Clone and check out batman git repo
       ansible.builtin.git:
         repo: 'https://git.open-mesh.org/batman-adv.git'
         dest: /usr/src/batman-adv-{{batman}}
         version: v{{batman}}
 # create dkms conf
 # copy dkms conf to remote host
     - name: Copy dkms.conf with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/server_config/dkms/dkms.conf
         dest: /usr/src/batman-adv-{{batman}}
         owner: root
         group: root
         mode: '0644'
 # create dkms install script
 # copy dkms install script to remote host
     - name: Copy dkms install script with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/scripts/install_dkms.sh
         dest: /usr/local/bin
         owner: root
         group: root
         mode: '0744'
 # create build batclt script
 # copy build batctl script to remote host
     - name: Copy build batctl script with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/scripts/build_batctl.sh
         dest: /usr/local/bin
         owner: root
         group: root
         mode: '0744'
 # Run batman scripts
     - name: Run install_dkms.sh
       command: bash /usr/local/bin/install_dkms.sh
     - name: Run build_batctl.sh
       command: /usr/local/bin/build_batctl.sh
 # edit the module list
     - name: add batman-adv to modules
       blockinfile:
         path: /etc/modules
         backup: yes
         block: |
           nf_conntrack
           batman-adv
     - name: Creating a file with content
       copy:
         dest: "/etc/modules-load.d/freifunk.conf"
         content: |
           ebtables
           batman_adv
 # Reboot and reconnect
     - name: Reboot host and wait for it to restart
       reboot:
         msg: "Reboot initiated by Ansible"
         connect_timeout: 5
         reboot_timeout: 600
         pre_reboot_delay: 0
         post_reboot_delay: 30
         test_command: whoami
 # create check gateway script
 # copy check gateway script to remote host
     - name: Copy check gateway script with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/scripts/check_gateway.sh
         dest: /usr/local/bin
         owner: root
         group: root
         mode: '0755'
 # create check vpn script
 # copy check vpn script to remote host
     - name: Copy check vpn script with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/scripts/check_vpn.sh
         dest: /usr/local/bin
         owner: root
         group: root
         mode: '0755'
 # Clone mesh-announce repo
     - name: Clone mesh-announce git repo
       ansible.builtin.git:
         repo: 'https://github.com/ffnord/mesh-announce'
         dest: /opt/mesh-announce
 # create respondd service
 # copy respondd service script to remote host
     - name: Copy respondd service script with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/scripts/respondd.service
         dest: /opt/mesh-announce/respondd.service
         owner: root
         group: root
         mode: '0755'
 # Create symlink for respondd service
     - name: Create a symbolic link
       ansible.builtin.file:
         src: /opt/mesh-announce/respondd.service
         dest: /etc/systemd/system/respondd.service
         owner: root
         group: root
         state: link
         force: yes
 # Stop respondd
     - name: stop systemd-resolved
       command: systemctl stop systemd-resolved
 # create resolved conf
 # copy resolved conf to remote host
     - name: Copy resolved.conf with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/server_config/systemd-resolved/resolved.conf
         dest: /etc/systemd/resolved.conf
         owner: root
         group: root
         mode: '0644'
 # Create symlink for resolved.con
     - name: Create a symbolic link
       ansible.builtin.file:
         src: /run/systemd/resolve/resolv.conf
         dest: /etc/resolv.conf
         owner: root
         group: root
         state: link
         force: yes
 # Start respondd
     - name: start systemd-resolved
       command: systemctl start systemd-resolved
 # create default crontab
 # copy default crontab to remote host
     - name: Copy crontab with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/server_config/crontab/crontab
         dest: /etc/crontab
         owner: root
         group: root
         mode: '0644'
 # Reboot and reconnect
     - name: Reboot host and wait for it to restart
       reboot:
         msg: "Reboot initiated by Ansible"
         connect_timeout: 5
         reboot_timeout: 600
         pre_reboot_delay: 0
         post_reboot_delay: 30
         test_command: whoami

0 comments (0 inline, 0 general)