freifunk/Ansible-Configuration Changeset - b94f71a59bc9 · Chaos Computer Club Lëtzebuerg Projects

Changeset - b94f71a59bc9

Parent rev.

Child rev.

[Not reviewed]

0 0 3

Max Wahl (Fantawams) - 3 years ago 2022-02-16 17:25:45
fantawams@c3l.lu

Added Gateway initial and specific script.

3 files changed with 483 insertions and 0 deletions:

gateway/ReadMe.md

gateway/all_gw_config.yml

gateway/initial_gw_setup.yml

408

0 comments (0 inline, 0 general)

gateway/ReadMe.md

➞

Show inline comments

@@ new file 100644 @@
 This will install fflux gateways.
 auth file need to be added manually.
 For new gateways, please update ansible host fles and concerning ips and mac addresses. Also new fastd keys need to be generated manually.
 Update Firmware sync script.

gateway/all_gw_config.yml

➞

Show inline comments

@@ new file 100644 @@
 ---
 # Defining the remote server where the package will be deployed
 - hosts: test
   remote_user: root
   become: yes
   become_method: sudo
   tasks:
 # create the Freifunk bridge interface file
 # copy fflux-test interface file to remote host
     - name: Copy interface file with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/server_config/gw_configs/fflux-test/freifunk
         dest: /etc/network/interfaces.d/freifunk
         owner: root
         group: root
         mode: '0644'
 # create dnsmasq file
 # copy fflux-test dnsmasq file to remote host
     - name: Copy dnsmasq file with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/server_config/gw_configs/fflux-test/fflux
         dest: /etc/dnsmasq.d/fflux
         owner: root
         group: root
         mode: '0644'
 # create fastd config file
 # copy fflux-test dnsmasq file to remote host
     - name: Copy fastd config file with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/server_config/gw_configs/fflux-test/fastd.conf
         dest: /etc/fastd/fflux/fastd.conf
         owner: root
         group: root
         mode: '0644'
 # create respondd config file
 # copy fflux-test respondd file to remote host
     - name: Copy respondd config file with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/server_config/gw_configs/fflux-test/respondd.conf
         dest: /opt/mesh-announce/respondd.conf
         owner: root
         group: root
         mode: '0644'
 # Reload deamon
     - name: reload systemd
       command: systemctl daemon-reload
 # STart respondd
     - name: start respondd
       command: systemctl start respondd
 # Enable respondd
     - name: enable respondd
       command: systemctl enable respondd
 # syncronize gateway peers
 # Reboot and reconnect
     - name: Reboot host and wait for it to restart
       reboot:
         msg: "Reboot initiated by Ansible"
         connect_timeout: 5
         reboot_timeout: 600
         pre_reboot_delay: 0
         post_reboot_delay: 30
         test_command: whoami

gateway/initial_gw_setup.yml

➞

Show inline comments

@@ new file 100644 @@
 ---
 # Defining the remote server where the package will be deployed
 - hosts: test
   remote_user: root
   become: yes
   become_method: sudo
   vars:
 #    domain: '{{ domain.name }}'
     batman: 2021.4
   tasks:
 # edit sources.list
 #    - name: add the correct dkms source
 #      blockinfile:
 #        path: /etc/apt/sources.list
 #        backup: yes
 #        block: |
 #          # backports
 #          deb http://deb.debian.org/debian bullseye-backports main
 # Installing the sudo, git, vim and python3 packadges on ther servers
     - name: Install a list of packages
       apt:
         pkg:
         - git
         - bridge-utils
         - ntp
         - dnsmasq
         - iptables-persistent
         - openvpn
         - fastd
         - build-essential
         - pkg-config
         - checkinstall
         - libnl-3-dev
         - libnl-genl-3-dev
         - linux-headers-amd64
         - dkms
         - lsb-release
         - ethtool
         - python3
 # Updating all packages to their latest version
     - name: Update all packages to their latest version
       apt:
         name: "*"
         state: latest
 # Reboot and reconnect
     - name: Reboot host and wait for it to restart
       reboot:
         msg: "Reboot initiated by Ansible"
         connect_timeout: 5
         reboot_timeout: 600
         pre_reboot_delay: 0
         post_reboot_delay: 30
         test_command: whoami
 # edit routing tables
     - name: add the routing table ports for freifunk
       blockinfile:
         path: /etc/iproute2/rt_tables
         backup: yes
         block: |
           # freifunk
 lux
 icvpn
 vpn
 # edit rsysctl config
     - name: add the freifunk settings to sysctl config
       blockinfile:
         path: /etc/sysctl.conf
         backup: yes
         block: |
           # Freifunk specific settings
           net.ipv4.ip_forward=1
           net.bridge.bridge-nf-call-arptables = 0
           net.bridge.bridge-nf-call-ip6tables = 0
           net.bridge.bridge-nf-call-iptables = 0
           net.ipv6.conf.all.forwarding=1
           net.ipv6.conf.all.autoconf = 1
           net.ipv6.conf.default.autoconf = 0
           net.ipv6.conf.eth0.autoconf = 1
           net.ipv6.conf.all.accept_ra = 1
           net.ipv6.conf.default.accept_ra = 0
           net.ipv6.conf.eth0.accept_ra = 1
           net.ipv4.conf.default.rp_filter = 2
 # load kernel module
     - name: Load kernel module
       become: true
       become_user: root
       shell: modprobe br_netfilter
 # edit the module list
     - name: add nf conntrack to modules
       blockinfile:
         path: /etc/modules
         backup: yes
         block: |
           nf_conntrack
 # reload sysctl config
     - name: Reload sysctl config
       become: true
       become_user: root
       shell: sysctl -p /etc/sysctl.conf
 # Reboot and reconnect
     - name: Reboot host and wait for it to restart
       reboot:
         msg: "Reboot initiated by Ansible"
         connect_timeout: 5
         reboot_timeout: 600
         pre_reboot_delay: 0
         post_reboot_delay: 30
         test_command: whoami
 # create the Freifunk bridge interface file
 # copy default interface file to remote host
     - name: Copy interface file with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/server_config/interface/freifunk
         dest: /etc/network/interfaces.d/freifunk
         owner: root
         group: root
         mode: '0644'
 # create IPV4 Iptables rules
 # copy default IPV4 iptables rules file to remote host
     - name: Copy rulesv4 file with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/server_config/iptables/rules.v4
         dest: /etc/iptables/rules.v4
         owner: root
         group: root
         mode: '0644'
 # create dnsmasq file
 # copy default dnsmasq file to remote host
     - name: Copy dnsmasq file with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/server_config/dnsmasq/fflux
         dest: /etc/dnsmasq.d/fflux
         owner: root
         group: root
         mode: '0644'
 # Create directory fflux in fatsd
     - name: Create the directory fflux in fastd if it does not exist
       ansible.builtin.file:
         path: /etc/fastd/fflux
         state: directory
         mode: '0755'
 # create fastd config file
 # copy default dnsmasq file to remote host
     - name: Copy fastd config file with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/server_config/fastd/fastd.conf
         dest: /etc/fastd/fflux/fastd.conf
         owner: root
         group: root
         mode: '0644'
 # Create directory  peers-gw in fatsd
     - name: Create the directory peers-gw in fastd/fflux if it does not exist
       ansible.builtin.file:
         path: /etc/fastd/fflux/peers-gw
         state: directory
         mode: '0755'
 # create fastd blacklist script
 # copy fastd blacklist script to remote host
     - name: Copy fastd blacklist script with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/scripts/fastd-blacklist.sh
         dest: /etc/fastd/fflux/fastd-blacklist.sh
         owner: root
         group: root
         mode: '0755'
 # change fasts autostart to all
 # copy default fastd default file to remote host
     - name: Copy fastd config file with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/server_config/fastd/fastd
         dest: /etc/default/fastd
         owner: root
         group: root
         mode: '0644'
 # Remove client directory from openvpn
     - name: Remove client directory
       ansible.builtin.file:
         path: /etc/openvpn/client
         state: absent
 # Remove server from openvpn
     - name: Remove server directory
       ansible.builtin.file:
         path: /etc/openvpn/server
         state: absent
 # create hideme config
 # copy the default hidme config to remote host
     - name: Copy hideme config with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/server_config/openvpn/hideme.conf
         dest: /etc/openvpn/hideme.conf
         owner: root
         group: root
         mode: '0644'
 # create hideme-up script
 # copy hideme-up script to remote host
     - name: Copy hideme-up script with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/scripts/hideme-up
         dest: /etc/openvpn/hideme-up
         owner: root
         group: root
         mode: '0755'
 # create update resolv conf
 # copy update-resolv.conf script to remote host
     - name: Copy update-resolv.conf with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/server_config/openvpn/update-resolv-conf
         dest: /etc/openvpn/update-resolv-conf
         owner: root
         group: root
         mode: '0755'
 # Create for batman installation
     - name: Create directory for batman installation
       ansible.builtin.file:
         path: /usr/src/batman-adv-{{batman}}
         state: directory
         mode: '0755'
 # Clone and check out batman repo
     - name: Clone and check out batman git repo
       ansible.builtin.git:
         repo: 'https://git.open-mesh.org/batman-adv.git'
         dest: /usr/src/batman-adv-{{batman}}
         version: v{{batman}}
 # create dkms conf
 # copy dkms conf to remote host
     - name: Copy dkms.conf with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/server_config/dkms/dkms.conf
         dest: /usr/src/batman-adv-{{batman}}
         owner: root
         group: root
         mode: '0644'
 # create dkms install script
 # copy dkms install script to remote host
     - name: Copy dkms install script with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/scripts/install_dkms.sh
         dest: /usr/local/bin
         owner: root
         group: root
         mode: '0744'
 # create build batclt script
 # copy build batctl script to remote host
     - name: Copy build batctl script with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/scripts/build_batctl.sh
         dest: /usr/local/bin
         owner: root
         group: root
         mode: '0744'
 # Run batman scripts
     - name: Run install_dkms.sh
       command: bash /usr/local/bin/install_dkms.sh
     - name: Run build_batctl.sh
       command: /usr/local/bin/build_batctl.sh
 # edit the module list
     - name: add batman-adv to modules
       blockinfile:
         path: /etc/modules
         backup: yes
         block: |
           nf_conntrack
           batman-adv
     - name: Creating a file with content
       copy:
         dest: "/etc/modules-load.d/freifunk.conf"
         content: |
           ebtables
           batman_adv
 # Reboot and reconnect
     - name: Reboot host and wait for it to restart
       reboot:
         msg: "Reboot initiated by Ansible"
         connect_timeout: 5
         reboot_timeout: 600
         pre_reboot_delay: 0
         post_reboot_delay: 30
         test_command: whoami
 # create check gateway script
 # copy check gateway script to remote host
     - name: Copy check gateway script with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/scripts/check_gateway.sh
         dest: /usr/local/bin
         owner: root
         group: root
         mode: '0755'
 # create check vpn script
 # copy check vpn script to remote host
     - name: Copy check vpn script with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/scripts/check_vpn.sh
         dest: /usr/local/bin
         owner: root
         group: root
         mode: '0755'
 # Clone mesh-announce repo
     - name: Clone mesh-announce git repo
       ansible.builtin.git:
         repo: 'https://github.com/ffnord/mesh-announce'
         dest: /opt/mesh-announce
 # create respondd service
 # copy respondd service script to remote host
     - name: Copy respondd service script with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/scripts/respondd.service
         dest: /opt/mesh-announce/respondd.service
         owner: root
         group: root
         mode: '0755'
 # Create symlink for respondd service
     - name: Create a symbolic link
       ansible.builtin.file:
         src: /opt/mesh-announce/respondd.service
         dest: /etc/systemd/system/respondd.service
         owner: root
         group: root
         state: link
         force: yes
 # Stop respondd
     - name: stop systemd-resolved
       command: systemctl stop systemd-resolved
 # create resolved conf
 # copy resolved conf to remote host
     - name: Copy resolved.conf with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/server_config/systemd-resolved/resolved.conf
         dest: /etc/systemd/resolved.conf
         owner: root
         group: root
         mode: '0644'
 # Create symlink for resolved.con
     - name: Create a symbolic link
       ansible.builtin.file:
         src: /run/systemd/resolve/resolv.conf
         dest: /etc/resolv.conf
         owner: root
         group: root
         state: link
         force: yes
 # Start respondd
     - name: start systemd-resolved
       command: systemctl start systemd-resolved
 # create default crontab
 # copy default crontab to remote host
     - name: Copy crontab with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/server_config/crontab/crontab
         dest: /etc/crontab
         owner: root
         group: root
         mode: '0644'
 # Reboot and reconnect
     - name: Reboot host and wait for it to restart
       reboot:
         msg: "Reboot initiated by Ansible"
         connect_timeout: 5
         reboot_timeout: 600
         pre_reboot_delay: 0
         post_reboot_delay: 30
         test_command: whoami

0 comments (0 inline, 0 general)