freifunk/Ansible-Configuration Changeset - ac8ee952fe17 · Chaos Computer Club Lëtzebuerg Projects

Changeset - ac8ee952fe17

Parent rev.

Child rev.

[Not reviewed]

0 1 0

x - 21 months ago 2023-08-24 02:24:37
xbr@c3l.lu

fix: move systemd-resolved config

1 file changed with 31 insertions and 29 deletions:

gateway/initial_gw_setup.yml

0 comments (0 inline, 0 general)

gateway/initial_gw_setup.yml

➞

Show inline comments

@@ @@ -15,48 +15,78 @@ @@
       ansible.builtin.apt:
         update_cache: true
         pkg:
           - git
           - bridge-utils
           - ntp
           - dnsmasq
           - iptables-persistent
           - openvpn
           - fastd
           - build-essential
           - pkg-config
           - checkinstall
           - libnl-3-dev
           - libnl-genl-3-dev
           - linux-headers-amd64
           - systemd-resolved # We current use it later, but we don't really need it
           - dkms
           - lsb-release
           - ethtool
           - python3
           - wget # for fastd-blacklist
       tags: update
     # fix systemd-resolved's default config
     - name: Stop systemd-resolved
       ansible.builtin.service:
         name: "systemd-resolved"
         state: "stopped"
       tags: config
     - name: Copy resolved.conf
       ansible.builtin.copy:
         src: "{{ server_config_dir }}/systemd-resolved/resolved.conf"
         dest: /etc/systemd/resolved.conf
         owner: root
         group: root
         mode: "0644"
       tags: config
     - name: Create a symbolic link for resolv.conf, replacing the initial resolv.conf
       ansible.builtin.file:
         src: /run/systemd/resolve/resolv.conf
         dest: /etc/resolv.conf
         owner: root
         group: root
         state: link
         force: true
       tags: config
     - name: Start systemd-resolved
       ansible.builtin.service:
         name: "systemd-resolved"
         state: "started"
         enabled: "true"
       tags: config
     - name: Add the routing table for freifunk
       ansible.builtin.blockinfile:
         path: /etc/iproute2/rt_tables
         backup: true
         block: |
           # freifunk
 lux
 icvpn
 vpn
       tags: config
     # Modules
     - name: Load `br_netfilter` kernel module
       community.general.modprobe:
         name: "br_netfilter"
         persistent: "present"
         state: "present"
     - name: Add `nf_conntrack` to modules
       community.general.modprobe:
         name: "nf_conntrack"
         state: "present"
         persistent: "present"
       tags: config
@@ @@ -296,77 +326,49 @@ @@
       tags: config
     - name: Symbolic link for respondd.service
       ansible.builtin.file:
         src: /opt/mesh-announce/respondd.service
         dest: /etc/systemd/system/respondd.service
         owner: root
         group: root
         state: link
         force: true
       tags: config
     - name: Copy respondd.conf template w/ IP + Hardware
       ansible.builtin.template:
         src: "{{ server_config_dir }}/respondd.conf.j2"
         dest: /opt/mesh-announce/respondd.conf
         owner: root
         mode: "0644"
       tags: config
     - name: Enable + Start respondd.service
       ansible.builtin.service:
         name: "respondd"
         state: "started"
         enabled: "true"
       tags: config
     # Disables systemd-resolved Stub Listener
     - name: Stop systemd-resolved
       ansible.builtin.service:
         name: "systemd-resolved"
         state: "stopped"
       tags: config
     - name: Copy resolved.conf
       ansible.builtin.copy:
         src: "{{ server_config_dir }}/systemd-resolved/resolved.conf"
         dest: /etc/systemd/resolved.conf
         owner: root
         group: root
         mode: "0644"
       tags: config
     - name: Create a symbolic link for resolv.conf, replacing the initial resolv.conf
       ansible.builtin.file:
         src: /run/systemd/resolve/resolv.conf
         dest: /etc/resolv.conf
         owner: root
         group: root
         state: link
         force: true
       tags: config
     - name: Start systemd-resolved
       ansible.builtin.service:
         name: "systemd-resolved"
         state: "started"
         enabled: "true"
       tags: config
     # dnsmasq
     - name: Make sure dnsmasq is started
       ansible.builtin.service:
         name: "dnsmasq"
         state: "started"
         enabled: "true"
       tags: config
     - name: Reload dnsmasq
       ansible.builtin.service:
         name: "dnsmasq"
         state: "reloaded"
       tags: config
     # Crontab
     - name: Add check_gateway to cron
       ansible.builtin.cron:
         name: "check if gateway is online"
         user: root
         job: "/usr/local/bin/check_gateway.sh > /dev/null 2>&1"
         state: "present"
         minute: "*"
         hour: "*"
         day: "*"
         month: "*"
         weekday: "*"

0 comments (0 inline, 0 general)