Files
@ b7fbfca60bae
Branch filter:
Location: freifunk/Ansible-Configuration/gateway/all_gw_config.yml
b7fbfca60bae
3.7 KiB
text/x-yaml
fix: allow for passwordless sudo
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 | ---
# Defining the remote server where the package will be deployed
- name: "Deploy new gateway config"
hosts: gateway
remote_user: root
become: true
become_method: ansible.builtin.sudo
tasks:
# Network interfaces
- name: Setup network interfaces (bridge + bat0)
ansible.builtin.copy:
src: "{{ server_config_dir }}/interface/freifunk.j2"
dest: /etc/network/interfaces.d/freifunk
owner: root
group: root
mode: '0644'
tags: networking
- name: Pull up new interfaces
ansible.builtin.command: /usr/sbin/ifup -a
tags: networking
# iptables
- name: Copy iptables rulesv4
ansible.builtin.copy:
src: "{{ server_config_dir }}/iptables/rules.v4"
dest: /etc/iptables/rules.v4
owner: root
group: root
mode: "0644"
tags: iptables
- name: Restart iptables-persistent
ansible.builtin.service:
name: "netfilter-persistent"
state: "restarted"
enabled: true
tags: iptables
# dnsmasq
- name: Setup dnsmasq config w/ IPv4 ranges
ansible.builtin.template:
src: "{{ server_config_dir }}/dnsmasq/fflux.j2"
dest: /etc/dnsmasq.d/fflux
owner: root
group: root
mode: "0644"
tags: dns
- name: Make sure dnsmasq is started
ansible.builtin.service:
name: "dnsmasq"
state: "started"
enabled: "true"
tags: dns
- name: Reload dnsmasq
ansible.builtin.service:
name: "dnsmasq"
state: "reloaded"
tags: dns
# fastd
- name: Setup fastd (fflux) config w/ MAC address
ansible.builtin.template:
src: "{{ server_config_dir }}/fastd/fastd.conf.j2"
dest: /etc/fastd/fflux/fastd.conf
owner: root
group: root
mode: "0644"
tags: fastd
- name: Copy fastd private key
ansible.builtin.copy:
src: "~/keys/{{ inventory_hostname }}.conf"
dest: /etc/fastd/fflux/secret.conf
owner: root
group: root
mode: "0640"
- name: List all peers but ourselves
ansible.builtin.find:
path: "{{ server_config_dir }}/fastd/peers-gw/"
excludes: "{{ inventory_hostname }}"
delegate_to: localhost
register: peers_to_copy
tags: fastd
- name: Copy fastd peers
ansible.builtin.copy:
src: "{{ item.path }}"
dest: /etc/fastd/fflux/peers-gw/
owner: root
mode: "0644"
with_items: "{{ peers_to_copy.files }}"
tags: fastd
- name: Make sure global fastd is stopped
ansible.builtin.service:
name: "fastd"
state: "stopped"
enabled: false
- name: Start fastd@fflux
ansible.builtin.service:
name: "fastd@fflux"
state: "restarted"
enabled: true
tags: fastd
# respondd
- name: Configure respondd.service file
ansible.builtin.lineinfile:
path: /opt/mesh-announce/respondd.service
regexp: "^ExecStart="
line: "ExecStart=/opt/mesh-announce/respondd.py -d /opt/mesh-announce/providers -f /opt/mesh-announce/respondd.conf"
state: present
tags: respondd
- name: Symbolic link for respondd.service
ansible.builtin.file:
src: /opt/mesh-announce/respondd.service
dest: /etc/systemd/system/respondd.service
owner: root
group: root
state: link
force: true
tags: config
- name: Reload systemd daemon
ansible.builtin.systemd_service:
daemon_reload: true
tags: respondd
- name: Re-Start + Enable respondd
ansible.builtin.service:
name: respondd
state: "restarted"
enabled: true
tags: respondd
|