Commit Graph

370 Commits

Author SHA1 Message Date
7c405d3b91 dns_resolver: make available for public
Some checks failed
continuous-integration/drone/push Build is failing
2021-09-01 17:34:45 +02:00
1da5ef70e5 dns_auth: dns_resolver: use bullseye system packages
Some checks failed
continuous-integration/drone/push Build is failing
2021-09-01 17:34:03 +02:00
c196bc4483 prometheus: add retention setting
Some checks failed
continuous-integration/drone/push Build is failing
2021-08-31 19:09:12 +02:00
8fabdc2550 netbox: bump version to 3.0.0
Some checks failed
continuous-integration/drone/push Build is failing
2021-08-31 19:02:20 +02:00
Bastian Mäuser
5ad344163d Fix Yanic behaviour on Statserver
Some checks failed
continuous-integration/drone/push Build is failing
2021-08-19 14:08:12 +02:00
0a696c67db netbox: add missing handler
Some checks failed
continuous-integration/drone/push Build is failing
2021-08-17 13:17:16 +02:00
70ce064aa5 apt: add gnupg2
Some checks failed
continuous-integration/drone/push Build is failing
used to run apt-key via ansible
2021-08-16 17:17:21 +02:00
9c9258863a docker: use ansible_distribution_release
Some checks failed
continuous-integration/drone/push Build is failing
2021-08-16 17:15:15 +02:00
Bastian Mäuser
29cc08a8be exip_ip: add rule to avoid VPN loops
Some checks failed
continuous-integration/drone/push Build is failing
2021-08-03 18:21:43 +02:00
44fc0e626e exit_ip: add support for NAT pools 2021-08-03 18:19:26 +02:00
fd33a9c571 Install dummy endpoint for connectivity tests
Some checks failed
continuous-integration/drone/push Build is failing
2021-07-25 17:30:58 +02:00
0f19c36624 add mesh via vxlan over wireguard to gw11 and gw21
Some checks failed
continuous-integration/drone/push Build is failing
2021-07-23 18:21:05 +02:00
e1429adae1 interfaces: use more appropriate post-up instead of up
Some checks failed
continuous-integration/drone/push Build is failing
2021-07-23 14:21:10 +02:00
87ddc40259 fastd_exporter: add dependency on go
Some checks failed
continuous-integration/drone/push Build is failing
2021-07-23 13:11:41 +02:00
7034448b08 interfaces: use newer ifupdown2 version to fix gw mode
Some checks failed
continuous-integration/drone/push Build is failing
2021-07-23 13:11:07 +02:00
8b501255fb fastd: remove deprecated method xsalsa20-poly1305
Some checks failed
continuous-integration/drone/push Build is failing
2021-07-22 16:56:59 +02:00
5c34da3e62 respondd: bump to version 4fd2e3e6
Some checks failed
continuous-integration/drone/push Build is failing
2021-07-22 08:33:14 +02:00
bf3784af19 node_exporter: bump to version 1.2.0
Some checks failed
continuous-integration/drone/push Build is failing
2021-07-20 16:27:33 +02:00
f5db4f6daf netbox: bump to version 2.11.9
Some checks failed
continuous-integration/drone/push Build is failing
2021-07-13 09:19:04 +02:00
b28004bf35 netbox: run upgrade script 2021-07-13 09:18:26 +02:00
ce397c7a62 netbox: bump version to 2.11.7
Some checks failed
continuous-integration/drone/push Build is failing
2021-07-05 16:11:30 +02:00
92b6f4bbd9 arp_cache: increase v6 entries
Some checks failed
continuous-integration/drone/push Build is failing
2021-06-22 22:59:46 +02:00
c33111a9fb netbox: fix paths in netbox-rq service file
Some checks failed
continuous-integration/drone/push Build is failing
2021-06-22 19:05:22 +02:00
9a153e9644 interfaces: try to fix boot order (again)
Some checks failed
continuous-integration/drone/push Build is failing
After and Berfore as per https://github.com/CumulusNetworks/ifupdown2/pull/190/files
2021-06-16 15:32:43 +02:00
01ab94aa27 web_svc: improve caching for tiles
Some checks failed
continuous-integration/drone/push Build is failing
2021-06-14 16:54:09 +02:00
9e369291b6 exit_ip: add rate limit to v6 nd
Some checks failed
continuous-integration/drone/push Build is failing
values were provided by awlnx
2021-06-14 16:46:00 +02:00
f8380524ec tileserver: pull on deployment, fix path for 3.1.x 2021-06-08 22:07:40 +02:00
4da5ac5ab6 use auto discovered python instead of legacy 2021-06-08 21:17:45 +02:00
6cf940b71f netbox: bump version to 2.11.4 2021-05-31 16:34:15 +02:00
cc0c0823e9 netbox: bump version to 2.10.6 2021-03-10 16:36:08 +01:00
b517df3151 Set Telegraf Config Permissions to 740
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-12 14:23:36 +01:00
Bastian Mäuser
e7d3167f51 Write hostname instead of fqdn
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-10 19:16:16 +01:00
Bastian Mäuser
755c1c5af1 Add Telegraf Role
Some checks failed
continuous-integration/drone/push Build is failing
2021-01-10 19:11:32 +01:00
d4a9ccf43d netbox: bump to 2.10.1 and add systemd service
Some checks failed
continuous-integration/drone/push Build is failing
2020-12-16 19:32:58 +01:00
0484e91693 dns_auth: support dns slaves
Some checks failed
continuous-integration/drone/push Build is failing
2020-12-07 17:18:07 +01:00
19faa44f0c mesh_wg: adjust MTU to min values rather than max
Some checks failed
continuous-integration/drone/push Build is failing
2020-12-02 23:39:15 +01:00
ebe2eac3a7 dns_*: prevent DoH
Some checks failed
continuous-integration/drone/push Build is failing
by returning NXDOMAIN for use-application-dns.net
2020-11-28 23:39:47 +01:00
1c0d2f25d2 dns_*: use dnsdist as frontend 2020-11-28 23:36:50 +01:00
5cd6b06053 mesh_wg: increase the mtu so wg has to fragment
Some checks failed
continuous-integration/drone/push Build is failing
2020-11-25 18:28:22 +01:00
5422d3ad82 dns_*: remove TLS on localhost
Some checks failed
continuous-integration/drone/push Build is failing
2020-11-25 18:27:25 +01:00
0baec7972f stats: migrate to new host, enable for dnsdist
Some checks failed
continuous-integration/drone/push Build is failing
2020-11-25 18:26:28 +01:00
f955ce6119 web_svc: more caching
Some checks failed
continuous-integration/drone/push Build is failing
2020-11-24 22:41:09 +01:00
bf1b7e434d dns_resolver: new role for resolver only
Some checks failed
continuous-integration/drone/push Build is failing
2020-11-24 22:40:48 +01:00
f882c6e41a grafana: fix typo
Some checks failed
continuous-integration/drone/push Build is failing
2020-11-24 21:04:40 +01:00
d0ff422b67 dns_split: rename from dns 2020-11-24 20:52:14 +01:00
6534749691 grafana: add switch to install rendering deps
Some checks failed
continuous-integration/drone/push Build is failing
2020-11-24 20:36:35 +01:00
3baf4139ac web_*: cleanup, add VXoWG api endpoint
Some checks failed
continuous-integration/drone/push Build is failing
2020-11-24 20:29:53 +01:00
e8435cdd9b apt: fix unattended upgrads and apt download speed 2020-11-24 20:09:18 +01:00
309105d948 Add NGINX Role tailored for stateserver usage
Some checks failed
continuous-integration/drone/push Build is failing
2020-11-24 18:22:03 +01:00
46406323c1 rename grafana to stats
Some checks failed
continuous-integration/drone/push Build is failing
2020-11-24 14:03:55 +01:00
990ce64971 node_exporter: use TLS and basic auth
Some checks failed
continuous-integration/drone/push Build is failing
2020-11-23 23:42:15 +01:00
333c4b82e9 yanic: make suitable for grafana host
Some checks failed
continuous-integration/drone/push Build is failing
2020-11-23 22:22:23 +01:00
1b4ed18171 nginx: add default to not break web_gw
Some checks failed
continuous-integration/drone/push Build is failing
2020-11-23 19:52:14 +01:00
1f0b671545 mesh_wg: new role for VXLAN over WG meshing
Some checks failed
continuous-integration/drone/push Build is failing
This is still work in progress, as such it is only enabled on the test
gateway.
2020-11-23 19:44:52 +01:00
97c095f75f interfaces: cleanup / use more ifupdown2 features
All checks were successful
continuous-integration/drone/push Build is passing
2020-11-23 19:03:13 +01:00
ac35c8c635 yanic: fix config template
All checks were successful
continuous-integration/drone/push Build is passing
change needed to be compatible with current upstream
2020-11-23 19:02:19 +01:00
4c020cea41 unify whitespace before }}
All checks were successful
continuous-integration/drone/push Build is passing
2020-11-16 23:18:52 +01:00
56e026ba14 dhcp: cleanup/unify whitespace usage
All checks were successful
continuous-integration/drone/push Build is passing
2020-11-05 18:54:26 +01:00
ae6b1bc58a dns: use dedicated certificate for dnsdist 2020-11-05 18:54:01 +01:00
29627c5e36 dns: use dnsdist from upstream repo 2020-11-05 18:53:33 +01:00
f6c4f927f4 dns: also offer DoT
All checks were successful
continuous-integration/drone/push Build is passing
2020-11-04 23:16:27 +01:00
1464ef73cb new host: grafana.regensburg.freifunk.net
new role: influxdb
2020-11-04 23:15:34 +01:00
af56fd8dcd nginx: support ip anonymization
All checks were successful
continuous-integration/drone/push Build is passing
2020-10-20 15:59:08 +02:00
2070c32a26 dns_auth: new role
All checks were successful
continuous-integration/drone/push Build is passing
also apply role to ns1.regensburg.freifunk.net
2020-10-20 15:26:50 +02:00
dd93bd6b11 dns: use list instead of with_items
All checks were successful
continuous-integration/drone/push Build is passing
2020-10-08 22:31:20 +02:00
1b12b54a8d common: use list instead of with_items
All checks were successful
continuous-integration/drone/push Build is passing
2020-10-08 22:30:36 +02:00
40a64d1e77 netbox: fix syntax error
All checks were successful
continuous-integration/drone/push Build is passing
2020-10-08 22:29:54 +02:00
b239dfb38f interfaces: use ipfdown2 version 3.0.0 2020-10-08 12:31:03 +02:00
3582e84b09 git: remove role, integrate into common
All checks were successful
continuous-integration/drone/push Build is passing
2020-10-06 10:33:48 +02:00
dc6f2e1e5b web-svc: rename to web_svc
All checks were successful
continuous-integration/drone/push Build is passing
2020-10-06 10:17:06 +02:00
610498fc31 web-gw: rename to web_gw 2020-10-06 10:16:33 +02:00
0de11eb6ed gw-admin-ssh-keys: rename to root_keys
All checks were successful
continuous-integration/drone/push Build is passing
2020-10-06 10:14:45 +02:00
d7291018a4 fastd-exporter: rename to fastd_exporter 2020-10-06 10:13:54 +02:00
c29bed27dc exit-ip: rename to exit_ip 2020-10-06 10:13:16 +02:00
3b501e041a arp-cache: rename to arp_cache 2020-10-06 10:12:47 +02:00
3d12cf0a7e mesh-interfaces: rename to interfaces
All checks were successful
continuous-integration/drone/push Build is passing
2020-10-06 10:05:53 +02:00
7602303543 [role/netbox] Add recursive chown task
All checks were successful
continuous-integration/drone/push Build is passing
Recursively update group-/ownership of netbox directory after unpacking the source and
requiering modules into venv
2020-09-09 18:12:45 +02:00
09099faaeb [role/netbox] enhance readability
Break long lines by using ansible YAML notation
2020-09-09 18:04:24 +02:00
d647550425 netbox: new host and role
Some checks failed
continuous-integration/drone/push Build is failing
2020-07-19 12:43:12 +02:00
bc061dff94 apt: use list instead of with_items
All checks were successful
continuous-integration/drone/push Build is passing
2020-06-23 21:45:56 +02:00
bad435fad4 cleanup: use systemd module for daemon-reloaed 2020-06-22 13:24:53 +02:00
69ba0b9b38 Update role acertmgr add var acertmgr_version
Defining variable acertmgr_version from role defaults, allows version
string to be overridden. Role defaults are set in connection: local scope.
This also shortens long line to make this role linter compliant
2020-06-22 13:22:23 +02:00
eaf2b36e95 Mitigate lint E204 in roles nginx, web-gw and web-svc 2020-06-22 13:22:23 +02:00
e2b9ae548c nginx: don't use "== True" 2020-06-20 17:23:59 +02:00
9f3945dcc9 acertmgr: ansible style fix 2020-06-20 00:22:26 +02:00
e601249cb4 nginx: enable gzip for proxied responses 2020-06-19 23:15:37 +02:00
462a1128ff docker: only apply explicitly where needed 2020-06-19 21:15:19 +02:00
6db08c74bd node_exporter: bump version 2020-06-18 18:07:44 +02:00
3cd6c0b1dc tileserver: simplify restart handler 2020-06-18 18:07:13 +02:00
55b9801aa4 nginx: hide version 2020-06-18 18:06:43 +02:00
d888969b3c Reload systemd before restarting services 2020-06-18 08:42:50 +02:00
ac8ece705f nginx: update global settings 2020-06-18 00:22:50 +02:00
b1c898cce8 web-svc: tiles: increase cache size 2020-06-17 23:46:42 +02:00
aa278534da web-svc: tiles: remove unused extra domains 2020-06-17 23:46:07 +02:00
541441e6ef web-svc: cache for more than 10 minutes 2020-06-17 21:20:51 +02:00
4c75e48244 web-svc: forward to new tileserver 2020-06-17 20:54:27 +02:00
22f2a8e3db unifi: add role for unifi controller 2020-06-17 20:53:51 +02:00
e7b55ce809 tileserver: new role to serve map tile 2020-06-17 20:44:52 +02:00
88e2c60888 web-svc: improve proxy config 2020-06-17 13:32:51 +02:00
84f9372410 web-svc: make nginx settings completely configurable 2020-06-17 10:52:58 +02:00
cb26f4c745 web-gw: sync settings between http and https 2020-06-16 23:47:37 +02:00
aa6aa4650b implement web service reverse proxy 2020-06-16 23:42:14 +02:00
ea2aaee4dc docker: new role that is common to all docker VMs 2020-06-16 22:54:53 +02:00
0d5f9d3d1c acertmgr: switch vom git clone to deb package 2020-06-16 22:46:46 +02:00
ea9cef86c5 Add Updatepath for 11s releases, remove legacy mapping 2020-05-29 23:25:59 +02:00
3c20fc825a common: fix missing handler 2020-05-28 10:25:09 +02:00
cd6386d58b remove confluence 2020-05-28 10:24:40 +02:00
1af46b5e28 prometheus: cleanup 2020-05-28 10:23:36 +02:00
d710bd841b mesh-interfaces: fix ifupdown2 service file (again) 2020-05-24 18:25:53 +02:00
f6c6742e1f prometheus: collect statistics from proxmox 2020-05-24 18:25:23 +02:00
aec38f1dd4 exit-ip: explicitly enable IPv4 forwarding for the primary interface 2020-02-20 09:45:46 +01:00
d68d29e0eb common: set journald and logratete.conf rentention to 7 days 2020-02-17 12:25:23 +01:00
4c1d4a485e common: use new-style network interface names 2020-02-16 01:17:48 +01:00
88122cc5ed mesh-interfaces: try to fix network target dependency problems 2020-02-16 01:00:48 +01:00
d60af77439 exit-ip: let ansible determine external interface 2020-02-11 12:28:31 +01:00
e9defd4236 web-gw: sync http and https 2020-02-04 10:23:23 +01:00
44211ceee6 mesh-interfaces: add TODO 2020-02-04 10:20:12 +01:00
e69f2249b0 Change IP of respondd receiver to Xavers new Host 2020-01-19 16:41:46 +01:00
238ec8a4b3 mesh-interfaces: fix whitespace 2019-12-16 22:32:37 +01:00
73f1c246de common: install mtr-tiny 2019-12-16 22:32:05 +01:00
5ac2e63877 nignx: fix whitespace 2019-12-15 23:49:34 +01:00
63c3f1f461 go: bump version 2019-12-15 23:49:19 +01:00
48726f6460 mesh-interfaces: set multicast router on bat-if
as per https://gluon.readthedocs.io/en/v2019.1.x/releases/v2019.1.html#gateway-recommendations
2019-12-15 23:07:18 +01:00
625d92c0d0 respondd: update service file 2019-12-15 23:00:07 +01:00
ebf184d1f3 exit-ip: fix missing default value 2019-12-15 22:39:52 +01:00
778f9649e1 respondd: update to current master
required in order to be compatible with gluon 2019.1
2019-12-15 22:33:52 +01:00
Bastian Maeuser
4f9d4fd10a Change Updateserver 2019-12-09 15:32:10 +01:00
a7423d02be Remove proxmox 2019-10-10 09:40:41 +02:00
9b9a086d51 common: install ipmitool on Proxmox hosts 2019-10-09 21:09:26 +02:00
7db68dfcec prometheus: update for buster 2019-10-07 15:36:50 +02:00
64663f74d3 common: handle proxmox differently, install acpi, fix network interface
names
2019-10-07 15:35:54 +02:00
2297707bed Attempt to force better distribution of clients 2019-05-09 23:01:16 +02:00
e4a2882331 Block FastD Connections to the Client Bridge 2019-05-09 22:23:35 +02:00
0a3792c219 Added f2b as default 2019-04-27 15:30:22 +02:00
10738aa721 Added IP to logging for helping mitigate Shortcuts 2019-04-27 15:09:14 +02:00
009639b6a2 Blacklist refined, More shortcutters added 2019-04-27 14:44:14 +02:00
4b216f8d1f Adjusted Permissions 2019-03-27 15:16:32 +01:00
fff7a8d27f fixed fileextension 2019-03-27 15:14:23 +01:00
8ad83aa956 Implement proper Blacklist Configuration to fastd 2019-03-27 14:47:33 +01:00
52e0c7115a Add Domainshortcutter Key to Blacklist 2019-03-27 14:47:07 +01:00
282576c086 Implement functional Blacklist Script 2019-03-27 14:46:44 +01:00
8f9d46beaf fastd: fix daemon failing to start after reboot 2019-03-27 13:31:38 +01:00
b166c3fcd4 acertmgr: update to 0.8.2 2019-03-21 22:35:11 +01:00
0d47a786e8 common: remove gentoo prompt 2019-03-08 08:12:12 +01:00
bb65fc04c9 acertmgr: update to 0.8.1 2019-03-07 15:52:56 +01:00
9cbc88e4ec rename certmgr -> acertmgr 2019-03-07 15:09:08 +01:00
5ee1e577be nginx: cleanup whitespace 2019-03-07 15:05:38 +01:00
c116891c4c grafana: update repo location 2019-03-07 10:52:52 +01:00
Bastian Maeuser
30b1f402e9 Added Backup gw's, todo: dhcp range calculation, go installation 2018-12-13 17:21:01 +01:00
9240f4ee64 Removed uselessness and enabled Powerdns Recursor to make DNS6 2018-08-08 22:34:30 +02:00