Remove bridge from setup (#12)

* get rid of br-ffsh * switch to bat0 only * fastd v22 * fix missing semicolon * fix naming of mac adresses * delete network config * change network task * update hostname from inventory, put extra info in neofetch * add migration setp for network
ffsh · Sep 4, 2021 · e59afcd · e59afcd
1 parent edf9bac
commit e59afcd
Show file tree

Hide file tree

Showing 19 changed files with 1,030 additions and 86 deletions.
diff --git a/ansible.cfg b/ansible.cfg
@@ -1,2 +1,2 @@
 [defaults]
-inventory = hosts
+inventory = hosts.yml
diff --git a/hosts b/hosts
diff --git a/hosts.yml b/hosts.yml
@@ -0,0 +1,88 @@
+gateways:
+  hosts:
+    barnitz:
+      ansible_ssh_host: 195.201.117.146
+      external_ipv4: 195.201.117.146
+      external_interface: eth0
+      ffsh_ipv4_space: 10.144.48.0/20
+      ffsh_map_name: GW_Barnitz
+      ffsh_ipv6_address: fddf:0bf7:80::48:1
+      ffsh_ipv4_address: 10.144.48.1
+      dhcp_range: 10.144.48.2-10.144.63.254
+      ffsh_bat_mac: 00:5b:27:80:00:48
+      ffsh_fastd_mac: 00:5b:27:81:00:48
+      owner: ulf
+    beste:
+      ansible_ssh_host: 88.99.35.208
+      external_ipv4: 88.99.35.208
+      external_interface: eth0
+      ffsh_ipv4_space: 10.144.64.0/20
+      ffsh_map_name: GW_Beste
+      ffsh_ipv6_address: fddf:0bf7:80::64:1
+      ffsh_ipv4_address: 10.144.64.1
+      dhcp_range: 10.144.64.2-10.144.79.254
+      ffsh_bat_mac: 00:5b:27:80:00:64
+      ffsh_fastd_mac: 00:5b:27:81:00:64
+      owner: ulf
+    bille: 
+      ansible_ssh_host: 5.181.50.231
+      external_ipv4: 5.181.50.231
+      external_interface: eth0
+      ffsh_ipv4_space: 10.144.80.0/20
+      ffsh_map_name: GW_Bille
+      ffsh_ipv6_address: fddf:0bf7:80::80:1
+      ffsh_ipv4_address: 10.144.80.1
+      dhcp_range: 10.144.80.2-10.144.79.254
+      ffsh_bat_mac: 00:5b:27:80:00:80
+      ffsh_fastd_mac: 00:5b:27:81:00:80
+      owner: felix
+    brunsbach:
+      ansible_ssh_host: 37.221.192.238
+      external_ipv4: 37.221.192.238
+      external_interface: eth0
+      ffsh_ipv4_space: 10.144.96.0/20
+      ffsh_map_name: GW_Brunsbach
+      ffsh_ipv6_address: fddf:0bf7:80::96:1
+      ffsh_ipv4_address: 10.144.96.1
+      dhcp_range: 10.144.96.2-10.144.111.254
+      ffsh_bat_mac: 00:5b:27:80:00:96
+      ffsh_fastd_mac: 00:5b:27:81:00:96 
+      owner: benjamin
+    heilsau: 
+      ansible_ssh_host: 95.216.157.253
+      external_ipv4: 95.216.157.253
+      external_interface: eth0
+      ffsh_ipv4_space: 10.144.112.0/20
+      ffsh_map_name: GW_Heilsau
+      ffsh_ipv6_address: fddf:0bf7:80::112:1
+      ffsh_ipv4_address: 10.144.112.1
+      dhcp_range: 10.144.112.2-10.144.127.254
+      ffsh_bat_mac: 00:5b:27:80:01:12
+      ffsh_fastd_mac: 00:5b:27:81:01:12
+      owner: ulf
+    sylsbek:
+      ansible_ssh_host: 195.128.103.225
+      external_ipv4: 195.128.103.225
+      external_interface: eth0
+      ffsh_ipv4_space: 10.144.192.0/20
+      ffsh_map_name: GW_Sylsbek
+      ffsh_ipv6_address: fddf:0bf7:80::192:1
+      ffsh_ipv4_address: 10.144.192.1
+      dhcp_range: 10.144.192.2-10.144.207.254
+      ffsh_bat_mac: 00:5b:27:80:01:92
+      ffsh_fastd_mac: 00:5b:27:81:01:92
+      owner: ulf
+    trave: 
+      ansible_ssh_host: 88.99.86.15
+      external_ipv4: 88.99.86.15
+      external_interface: eth0
+      ffsh_ipv4_space: 10.144.208.0/20
+      ffsh_map_name: GW_Trave
+      ffsh_ipv6_address: fddf:0bf7:80::208:1
+      ffsh_ipv4_address: 10.144.208.1
+      dhcp_range: 10.144.208.2-10.144.223.254
+      ffsh_bat_mac: 00:5b:27:80:02:08
+      ffsh_fastd_mac: 00:5b:27:81:02:08
+      owner: ulf
+  vars:
+    ansible_user: root
diff --git a/roles/dhcp/files/isc-dhcp-server.service b/roles/dhcp/files/isc-dhcp-server.service
@@ -0,0 +1,3 @@
+[Unit]
+After[email protected]
+
diff --git a/roles/dhcp/tasks/main.yml b/roles/dhcp/tasks/main.yml
@@ -23,9 +23,24 @@
   lineinfile:
     path: /etc/default/isc-dhcp-server
     regexp: 'INTERFACESv4=""'
-    line: INTERFACESv4="br-ffsh"
+    line: INTERFACESv4="bat0"
+- name: Creates directory
+  file:
+    path: /etc/systemd/system/isc-dhcp-server.service.d/
+    state: directory
+    mode: '0644'
+    owner: root
+    group: root
+- name: Change dhcp service
+  copy:
+    src: files/isc-dhcp-server.service
+    dest: /etc/systemd/system/isc-dhcp-server.service.d/override.conf
+    mode: '0644'
+    owner: root
+    group: root
 - name: Enable and restart service
   systemd:
       enabled: yes
+      daemon_reload: yes
       state: restarted
       name: isc-dhcp-server
diff --git a/roles/fastd/tasks/main.yml b/roles/fastd/tasks/main.yml
@@ -1,8 +1,13 @@
+- name: Enable bullseye backports
+  lineinfile:
+    path: /etc/apt/sources.list
+    regexp: '# deb http://deb.debian.org/debian bullseye-backports main contrib non-free'
+    line: deb http://deb.debian.org/debian bullseye-backports main contrib non-free
 - name: Update apt cache
   ansible.builtin.apt:
     update_cache: yes
-    name: ['fastd']
-  when: not ansible_check_mode
+- name: Install fastd
+  ansible.builtin.command: apt install -t bullseye-backports fastd -y
 - name: Add ffsh system user
   user:
     name: ffsh

diff --git a/roles/fastd/templates/fastd.conf b/roles/fastd/templates/fastd.conf
@@ -17,6 +17,7 @@ mode tap;
 mtu 1426;
 
 # Set the methods (aes128-gcm preferred, salsa2012+umac preferred for nodes)
+method "null@l2tp";
 method "null";
 method "salsa2012+umac";
 
@@ -39,16 +40,22 @@ on verify "true";
 
 # Configure a shell command that is run when fastd comes up
 on up "
- ip link set dev $INTERFACE address {{  ffsh_map_mac }}
+ ip link set dev $INTERFACE address {{  ffsh_fastd_mac }}
  ip link set dev $INTERFACE up
- ip link set dev br-ffsh up
+
+ batctl meshif bat0 if add $INTERFACE
  ip link add dev bat0 type batadv
+ ip addr add {{ ffsh_ipv4_address}}/16 dev bat0
+ ip addr add {{ ffsh_ipv6_address}}/64 dev bat0
+ ip link set address {{ ffsh_bat_mac }} dev bat0
+ batctl meshif bat0 orig_interval 10000
+ batctl meshif bat0 gw_mode server 100mbit/100mbit
+ ip rule add from all fwmark 0x1 table 42
+
  ip link set dev bat0 up
  sh /etc/fastd/ffsh/iptables_ffsh.sh
 ";
 
 on down "
  ip link set dev $INTERFACE down
- ip link set dev br-ffsh down
- ip link set dev bat0 down
 ";
diff --git a/roles/fastd/templates/iptables.sh b/roles/fastd/templates/iptables.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-/sbin/ip route add 10.144.0.0/16 dev br-ffsh src {{ ffsh_ipv4_address }} table 42
+/sbin/ip route add 10.144.0.0/16 dev bat0 src {{ ffsh_ipv4_address }} table 42
 
 # Reject forwarded outgoing packets on external WAN interface to private IP addresses
 /sbin/iptables -I FORWARD -d 10.0.0.0/8 -o {{ external_interface }} -j REJECT

diff --git a/roles/hostname/tasks/main.yml b/roles/hostname/tasks/main.yml
@@ -0,0 +1,5 @@
+---
+- name: Set the hostname
+  ansible.builtin.hostname:
+    name: "{{ inventory_hostname }}"
+    use: debian
diff --git a/roles/motd/files/00-header b/roles/motd/files/00-header
@@ -1,4 +1,3 @@
 #!/bin/bash
 
-/usr/bin/neofetch --config "/root/.config/neofetch/config.conf"
-batctl -v
+/usr/bin/neofetch --config "/root/.config/neofetch/config.conf"
diff --git a/roles/motd/tasks/main.yml b/roles/motd/tasks/main.yml
@@ -12,10 +12,12 @@
     group: root
     mode: '0644'
 - name: Adjust neofetch config
-  lineinfile:
-    path: /root/.config/neofetch/config.conf
-    regexp: 'image_source="auto"'
-    line: 'image_source="/root/.config/neofetch/ffsh-logo.txt"'
+  template:
+    src: templates/config.conf
+    dest: /root/.config/neofetch/config.conf
+    owner: root
+    group: root
+    mode: '0644'
 - name: Set motd header
   copy:
     src: files/00-header