--- - name: Initial Gateway Setup hosts: test remote_user: root become: true become_method: ansible.builtin.sudo vars: batman: 2022.2 tasks: - name: Install a list of packages ansible.builtin.apt: update_cache: true pkg: - git - bridge-utils - ntp - dnsmasq - iptables-persistent - openvpn - fastd - build-essential - pkg-config - checkinstall - libnl-3-dev - libnl-genl-3-dev - linux-headers-amd64 - dkms - lsb-release - ethtool - python3 # Updating all packages to their latest version - name: Update all packages to their latest version ansible.builtin.apt: update_cache: true upgrade: "yes" # Reboot and reconnect - name: Reboot host and wait for it to restart ansible.builtin.reboot: msg: "Reboot initiated by Ansible" connect_timeout: 5 reboot_timeout: 600 pre_reboot_delay: 0 post_reboot_delay: 30 test_command: whoami # edit routing tables - name: Add the routing table ports for freifunk ansible.builtin.blockinfile: path: /etc/iproute2/rt_tables backup: true block: | # freifunk 33 lux 42 icvpn 100 vpn # edit rsysctl config - name: Add the freifunk settings to sysctl config ansible.builtin.blockinfile: path: /etc/sysctl.conf backup: true block: | # Freifunk specific settings net.ipv4.ip_forward=1 net.ipv4.icmp_errors_use_inbound_ifaddr=1 net.bridge.bridge-nf-call-arptables = 0 net.bridge.bridge-nf-call-ip6tables = 0 net.bridge.bridge-nf-call-iptables = 0 net.ipv6.conf.all.forwarding=1 net.ipv6.conf.all.autoconf = 1 net.ipv6.conf.default.autoconf = 0 net.ipv6.conf.eth0.autoconf = 1 net.ipv6.conf.all.accept_ra = 1 net.ipv6.conf.default.accept_ra = 0 net.ipv6.conf.eth0.accept_ra = 1 net.ipv4.conf.default.rp_filter = 2 # load kernel module - name: Load kernel module become: true become_user: root ansible.builtin.shell: modprobe br_netfilter # edit the module list - name: Add nf conntrack to modules ansible.builtin.blockinfile: path: /etc/modules backup: true block: | nf_conntrack # reload sysctl config - name: Reload sysctl config become: true become_user: root ansible.builtin.shell: sysctl -p /etc/sysctl.conf # Reboot and reconnect - name: Reboot host and wait for it to restart ansible.builtin.reboot: msg: "Reboot initiated by Ansible" connect_timeout: 5 reboot_timeout: 600 pre_reboot_delay: 0 post_reboot_delay: 30 test_command: whoami # create the Freifunk bridge interface file # copy default interface file to remote host - name: Copy interface file with owner and permissions ansible.builtin.copy: src: /home/fflux/Infrastructure-Intern/server_config/interface/freifunk dest: /etc/network/interfaces.d/freifunk owner: root group: root mode: '0644' # create IPV4 Iptables rules # copy default IPV4 iptables rules file to remote host - name: Copy rulesv4 file with owner and permissions ansible.builtin.copy: src: /home/fflux/Infrastructure-Intern/server_config/iptables/rules.v4 dest: /etc/iptables/rules.v4 owner: root group: root mode: '0644' # create dnsmasq file # copy default dnsmasq file to remote host - name: Copy dnsmasq file with owner and permissions ansible.builtin.copy: src: /home/fflux/Infrastructure-Intern/server_config/dnsmasq/fflux dest: /etc/dnsmasq.d/fflux owner: root group: root mode: '0644' # Create directory fflux in fatsd - name: Create the directory fflux in fastd if it does not exist ansible.builtin.file: path: /etc/fastd/fflux state: directory mode: '0755' # create fastd config file # copy default dnsmasq file to remote host - name: Copy fastd config file with owner and permissions ansible.builtin.copy: src: /home/fflux/Infrastructure-Intern/server_config/fastd/fastd.conf dest: /etc/fastd/fflux/fastd.conf owner: root group: root mode: '0644' # Create directory peers-gw in fatsd - name: Create the directory peers-gw in fastd/fflux if it does not exist ansible.builtin.file: path: /etc/fastd/fflux/peers-gw state: directory mode: '0755' # create fastd blacklist script # copy fastd blacklist script to remote host - name: Copy fastd blacklist script with owner and permissions ansible.builtin.copy: src: /home/fflux/Infrastructure-Intern/scripts/fastd-blacklist.sh dest: /etc/fastd/fflux/fastd-blacklist.sh owner: root group: root mode: '0755' # change fasts autostart to all # copy default fastd default file to remote host - name: Copy fastd config file with owner and permissions ansible.builtin.copy: src: /home/fflux/Infrastructure-Intern/server_config/fastd/fastd dest: /etc/default/fastd owner: root group: root mode: '0644' # Remove client directory from openvpn - name: Remove client directory ansible.builtin.file: path: /etc/openvpn/client state: absent # Remove server from openvpn - name: Remove server directory ansible.builtin.file: path: /etc/openvpn/server state: absent # create hideme config # copy the default hidme config to remote host - name: Copy hideme config with owner and permissions ansible.builtin.copy: src: /home/fflux/Infrastructure-Intern/server_config/openvpn/hideme.conf dest: /etc/openvpn/hideme.conf owner: root group: root mode: '0644' # create hideme-up script # copy hideme-up script to remote host - name: Copy hideme-up script with owner and permissions ansible.builtin.copy: src: /home/fflux/Infrastructure-Intern/scripts/hideme-up dest: /etc/openvpn/hideme-up owner: root group: root mode: '0755' - name: Copy hideme-down script with owner and permissions ansible.builtin.copy: src: /home/fflux/Infrastructure-Intern/scripts/hideme-down dest: /etc/openvpn/hideme-down owner: root group: root mode: '0755' # create update resolv conf # copy update-resolv.conf script to remote host - name: Copy update-resolv.conf with owner and permissions ansible.builtin.copy: src: /home/fflux/Infrastructure-Intern/server_config/openvpn/update-resolv-conf dest: /etc/openvpn/update-resolv-conf owner: root group: root mode: '0755' # Create for batman installation - name: Create directory for batman installation ansible.builtin.file: path: /usr/src/batman-adv-{{ batman }} state: directory mode: '0755' # Clone and check out batman repo - name: Clone and check out batman git repo ansible.builtin.git: repo: 'https://git.open-mesh.org/batman-adv.git' dest: /usr/src/batman-adv-{{ batman }} version: v{{ batman }} # create dkms conf # copy dkms conf to remote host - name: Copy dkms.conf with owner and permissions ansible.builtin.copy: src: /home/fflux/Infrastructure-Intern/server_config/dkms/dkms.conf dest: /usr/src/batman-adv-{{ batman }} owner: root group: root mode: '0644' # create dkms install script # copy dkms install script to remote host - name: Copy dkms install script with owner and permissions ansible.builtin.copy: src: /home/fflux/Infrastructure-Intern/scripts/install_dkms.sh dest: /usr/local/bin owner: root group: root mode: '0744' # create build batclt script # copy build batctl script to remote host - name: Copy build batctl script with owner and permissions ansible.builtin.copy: src: /home/fflux/Infrastructure-Intern/scripts/build_batctl.sh dest: /usr/local/bin owner: root group: root mode: '0744' # Run batman scripts - name: Run install_dkms.sh ansible.builtin.command: bash /usr/local/bin/install_dkms.sh - name: Run build_batctl.sh ansible.builtin.command: /usr/local/bin/build_batctl.sh # edit the module list - name: Add batman-adv to modules ansible.builtin.blockinfile: path: /etc/modules backup: true block: | nf_conntrack batman-adv - name: Creating a file with content ansible.builtin.copy: dest: "/etc/modules-load.d/freifunk.conf" content: | ebtables batman_adv # Reboot and reconnect - name: Reboot host and wait for it to restart ansible.builtin.reboot: msg: "Reboot initiated by Ansible" connect_timeout: 5 reboot_timeout: 600 pre_reboot_delay: 0 post_reboot_delay: 30 test_command: whoami # create check gateway script # copy check gateway script to remote host - name: Copy check gateway script with owner and permissions ansible.builtin.copy: src: /home/fflux/Infrastructure-Intern/scripts/check_gateway.sh dest: /usr/local/bin owner: root group: root mode: '0755' # create check vpn script # copy check vpn script to remote host - name: Copy check vpn script with owner and permissions ansible.builtin.copy: src: /home/fflux/Infrastructure-Intern/scripts/check_vpn.sh dest: /usr/local/bin owner: root group: root mode: '0755' # Clone mesh-announce repo - name: Clone mesh-announce git repo ansible.builtin.git: repo: 'https://github.com/ffnord/mesh-announce' dest: /opt/mesh-announce # TODO: Verify that there has been no update! version: 40be9a18ee91fa058478bc04105cbd79fd70279e # create respondd service # copy respondd service script to remote host - name: Copy respondd service script with owner and permissions ansible.builtin.copy: src: /home/fflux/Infrastructure-Intern/scripts/respondd.service dest: /opt/mesh-announce/respondd.service owner: root group: root mode: '0755' # Create symlink for respondd service - name: Create a symbolic link ansible.builtin.file: src: /opt/mesh-announce/respondd.service dest: /etc/systemd/system/respondd.service owner: root group: root state: link force: true # Stop respondd - name: Stop systemd-resolved ansible.builtin.service: name: "systemd-resolved" state: "stopped" # create resolved conf # copy resolved conf to remote host - name: Copy resolved.conf with owner and permissions ansible.builtin.copy: src: /home/fflux/Infrastructure-Intern/server_config/systemd-resolved/resolved.conf dest: /etc/systemd/resolved.conf owner: root group: root mode: '0644' # Create symlink for resolved.con - name: Create a symbolic link ansible.builtin.file: src: /run/systemd/resolve/resolv.conf dest: /etc/resolv.conf owner: root group: root state: link force: true # Start respondd - name: Start systemd-resolved ansible.builtin.service: name: "systemd-resolved" state: "started" # create default crontab # copy default crontab to remote host - name: Copy crontab with owner and permissions ansible.builtin.copy: src: /home/fflux/Infrastructure-Intern/server_config/crontab/crontab dest: /etc/crontab owner: root group: root mode: '0644' # Reboot and reconnect - name: Reboot host and wait for it to restart ansible.builtin.reboot: msg: "Reboot initiated by Ansible" connect_timeout: 5 reboot_timeout: 600 pre_reboot_delay: 0 post_reboot_delay: 30 test_command: whoami