Commit Graph

370 Commits

Author SHA1 Message Date
990ce64971 node_exporter: use TLS and basic auth
Some checks failed
continuous-integration/drone/push Build is failing
2020-11-23 23:42:15 +01:00
333c4b82e9 yanic: make suitable for grafana host
Some checks failed
continuous-integration/drone/push Build is failing
2020-11-23 22:22:23 +01:00
1b4ed18171 nginx: add default to not break web_gw
Some checks failed
continuous-integration/drone/push Build is failing
2020-11-23 19:52:14 +01:00
1f0b671545 mesh_wg: new role for VXLAN over WG meshing
Some checks failed
continuous-integration/drone/push Build is failing
This is still work in progress, as such it is only enabled on the test
gateway.
2020-11-23 19:44:52 +01:00
97c095f75f interfaces: cleanup / use more ifupdown2 features
All checks were successful
continuous-integration/drone/push Build is passing
2020-11-23 19:03:13 +01:00
ac35c8c635 yanic: fix config template
All checks were successful
continuous-integration/drone/push Build is passing
change needed to be compatible with current upstream
2020-11-23 19:02:19 +01:00
4c020cea41 unify whitespace before }}
All checks were successful
continuous-integration/drone/push Build is passing
2020-11-16 23:18:52 +01:00
56e026ba14 dhcp: cleanup/unify whitespace usage
All checks were successful
continuous-integration/drone/push Build is passing
2020-11-05 18:54:26 +01:00
ae6b1bc58a dns: use dedicated certificate for dnsdist 2020-11-05 18:54:01 +01:00
29627c5e36 dns: use dnsdist from upstream repo 2020-11-05 18:53:33 +01:00
f6c4f927f4 dns: also offer DoT
All checks were successful
continuous-integration/drone/push Build is passing
2020-11-04 23:16:27 +01:00
1464ef73cb new host: grafana.regensburg.freifunk.net
new role: influxdb
2020-11-04 23:15:34 +01:00
af56fd8dcd nginx: support ip anonymization
All checks were successful
continuous-integration/drone/push Build is passing
2020-10-20 15:59:08 +02:00
2070c32a26 dns_auth: new role
All checks were successful
continuous-integration/drone/push Build is passing
also apply role to ns1.regensburg.freifunk.net
2020-10-20 15:26:50 +02:00
dd93bd6b11 dns: use list instead of with_items
All checks were successful
continuous-integration/drone/push Build is passing
2020-10-08 22:31:20 +02:00
1b12b54a8d common: use list instead of with_items
All checks were successful
continuous-integration/drone/push Build is passing
2020-10-08 22:30:36 +02:00
40a64d1e77 netbox: fix syntax error
All checks were successful
continuous-integration/drone/push Build is passing
2020-10-08 22:29:54 +02:00
b239dfb38f interfaces: use ipfdown2 version 3.0.0 2020-10-08 12:31:03 +02:00
3582e84b09 git: remove role, integrate into common
All checks were successful
continuous-integration/drone/push Build is passing
2020-10-06 10:33:48 +02:00
dc6f2e1e5b web-svc: rename to web_svc
All checks were successful
continuous-integration/drone/push Build is passing
2020-10-06 10:17:06 +02:00
610498fc31 web-gw: rename to web_gw 2020-10-06 10:16:33 +02:00
0de11eb6ed gw-admin-ssh-keys: rename to root_keys
All checks were successful
continuous-integration/drone/push Build is passing
2020-10-06 10:14:45 +02:00
d7291018a4 fastd-exporter: rename to fastd_exporter 2020-10-06 10:13:54 +02:00
c29bed27dc exit-ip: rename to exit_ip 2020-10-06 10:13:16 +02:00
3b501e041a arp-cache: rename to arp_cache 2020-10-06 10:12:47 +02:00
3d12cf0a7e mesh-interfaces: rename to interfaces
All checks were successful
continuous-integration/drone/push Build is passing
2020-10-06 10:05:53 +02:00
7602303543 [role/netbox] Add recursive chown task
All checks were successful
continuous-integration/drone/push Build is passing
Recursively update group-/ownership of netbox directory after unpacking the source and
requiering modules into venv
2020-09-09 18:12:45 +02:00
09099faaeb [role/netbox] enhance readability
Break long lines by using ansible YAML notation
2020-09-09 18:04:24 +02:00
d647550425 netbox: new host and role
Some checks failed
continuous-integration/drone/push Build is failing
2020-07-19 12:43:12 +02:00
bc061dff94 apt: use list instead of with_items
All checks were successful
continuous-integration/drone/push Build is passing
2020-06-23 21:45:56 +02:00
bad435fad4 cleanup: use systemd module for daemon-reloaed 2020-06-22 13:24:53 +02:00
69ba0b9b38 Update role acertmgr add var acertmgr_version
Defining variable acertmgr_version from role defaults, allows version
string to be overridden. Role defaults are set in connection: local scope.
This also shortens long line to make this role linter compliant
2020-06-22 13:22:23 +02:00
eaf2b36e95 Mitigate lint E204 in roles nginx, web-gw and web-svc 2020-06-22 13:22:23 +02:00
e2b9ae548c nginx: don't use "== True" 2020-06-20 17:23:59 +02:00
9f3945dcc9 acertmgr: ansible style fix 2020-06-20 00:22:26 +02:00
e601249cb4 nginx: enable gzip for proxied responses 2020-06-19 23:15:37 +02:00
462a1128ff docker: only apply explicitly where needed 2020-06-19 21:15:19 +02:00
6db08c74bd node_exporter: bump version 2020-06-18 18:07:44 +02:00
3cd6c0b1dc tileserver: simplify restart handler 2020-06-18 18:07:13 +02:00
55b9801aa4 nginx: hide version 2020-06-18 18:06:43 +02:00
d888969b3c Reload systemd before restarting services 2020-06-18 08:42:50 +02:00
ac8ece705f nginx: update global settings 2020-06-18 00:22:50 +02:00
b1c898cce8 web-svc: tiles: increase cache size 2020-06-17 23:46:42 +02:00
aa278534da web-svc: tiles: remove unused extra domains 2020-06-17 23:46:07 +02:00
541441e6ef web-svc: cache for more than 10 minutes 2020-06-17 21:20:51 +02:00
4c75e48244 web-svc: forward to new tileserver 2020-06-17 20:54:27 +02:00
22f2a8e3db unifi: add role for unifi controller 2020-06-17 20:53:51 +02:00
e7b55ce809 tileserver: new role to serve map tile 2020-06-17 20:44:52 +02:00
88e2c60888 web-svc: improve proxy config 2020-06-17 13:32:51 +02:00
84f9372410 web-svc: make nginx settings completely configurable 2020-06-17 10:52:58 +02:00
cb26f4c745 web-gw: sync settings between http and https 2020-06-16 23:47:37 +02:00
aa6aa4650b implement web service reverse proxy 2020-06-16 23:42:14 +02:00
ea2aaee4dc docker: new role that is common to all docker VMs 2020-06-16 22:54:53 +02:00
0d5f9d3d1c acertmgr: switch vom git clone to deb package 2020-06-16 22:46:46 +02:00
ea9cef86c5 Add Updatepath for 11s releases, remove legacy mapping 2020-05-29 23:25:59 +02:00
3c20fc825a common: fix missing handler 2020-05-28 10:25:09 +02:00
cd6386d58b remove confluence 2020-05-28 10:24:40 +02:00
1af46b5e28 prometheus: cleanup 2020-05-28 10:23:36 +02:00
d710bd841b mesh-interfaces: fix ifupdown2 service file (again) 2020-05-24 18:25:53 +02:00
f6c6742e1f prometheus: collect statistics from proxmox 2020-05-24 18:25:23 +02:00
aec38f1dd4 exit-ip: explicitly enable IPv4 forwarding for the primary interface 2020-02-20 09:45:46 +01:00
d68d29e0eb common: set journald and logratete.conf rentention to 7 days 2020-02-17 12:25:23 +01:00
4c1d4a485e common: use new-style network interface names 2020-02-16 01:17:48 +01:00
88122cc5ed mesh-interfaces: try to fix network target dependency problems 2020-02-16 01:00:48 +01:00
d60af77439 exit-ip: let ansible determine external interface 2020-02-11 12:28:31 +01:00
e9defd4236 web-gw: sync http and https 2020-02-04 10:23:23 +01:00
44211ceee6 mesh-interfaces: add TODO 2020-02-04 10:20:12 +01:00
e69f2249b0 Change IP of respondd receiver to Xavers new Host 2020-01-19 16:41:46 +01:00
238ec8a4b3 mesh-interfaces: fix whitespace 2019-12-16 22:32:37 +01:00
73f1c246de common: install mtr-tiny 2019-12-16 22:32:05 +01:00
5ac2e63877 nignx: fix whitespace 2019-12-15 23:49:34 +01:00
63c3f1f461 go: bump version 2019-12-15 23:49:19 +01:00
48726f6460 mesh-interfaces: set multicast router on bat-if
as per https://gluon.readthedocs.io/en/v2019.1.x/releases/v2019.1.html#gateway-recommendations
2019-12-15 23:07:18 +01:00
625d92c0d0 respondd: update service file 2019-12-15 23:00:07 +01:00
ebf184d1f3 exit-ip: fix missing default value 2019-12-15 22:39:52 +01:00
778f9649e1 respondd: update to current master
required in order to be compatible with gluon 2019.1
2019-12-15 22:33:52 +01:00
Bastian Maeuser
4f9d4fd10a Change Updateserver 2019-12-09 15:32:10 +01:00
a7423d02be Remove proxmox 2019-10-10 09:40:41 +02:00
9b9a086d51 common: install ipmitool on Proxmox hosts 2019-10-09 21:09:26 +02:00
7db68dfcec prometheus: update for buster 2019-10-07 15:36:50 +02:00
64663f74d3 common: handle proxmox differently, install acpi, fix network interface
names
2019-10-07 15:35:54 +02:00
2297707bed Attempt to force better distribution of clients 2019-05-09 23:01:16 +02:00
e4a2882331 Block FastD Connections to the Client Bridge 2019-05-09 22:23:35 +02:00
0a3792c219 Added f2b as default 2019-04-27 15:30:22 +02:00
10738aa721 Added IP to logging for helping mitigate Shortcuts 2019-04-27 15:09:14 +02:00
009639b6a2 Blacklist refined, More shortcutters added 2019-04-27 14:44:14 +02:00
4b216f8d1f Adjusted Permissions 2019-03-27 15:16:32 +01:00
fff7a8d27f fixed fileextension 2019-03-27 15:14:23 +01:00
8ad83aa956 Implement proper Blacklist Configuration to fastd 2019-03-27 14:47:33 +01:00
52e0c7115a Add Domainshortcutter Key to Blacklist 2019-03-27 14:47:07 +01:00
282576c086 Implement functional Blacklist Script 2019-03-27 14:46:44 +01:00
8f9d46beaf fastd: fix daemon failing to start after reboot 2019-03-27 13:31:38 +01:00
b166c3fcd4 acertmgr: update to 0.8.2 2019-03-21 22:35:11 +01:00
0d47a786e8 common: remove gentoo prompt 2019-03-08 08:12:12 +01:00
bb65fc04c9 acertmgr: update to 0.8.1 2019-03-07 15:52:56 +01:00
9cbc88e4ec rename certmgr -> acertmgr 2019-03-07 15:09:08 +01:00
5ee1e577be nginx: cleanup whitespace 2019-03-07 15:05:38 +01:00
c116891c4c grafana: update repo location 2019-03-07 10:52:52 +01:00
Bastian Maeuser
30b1f402e9 Added Backup gw's, todo: dhcp range calculation, go installation 2018-12-13 17:21:01 +01:00
9240f4ee64 Removed uselessness and enabled Powerdns Recursor to make DNS6 2018-08-08 22:34:30 +02:00
Bastian Maeuser
e26836e7a1 Bind Powerdns to :: to allow for v6 recursion 2018-08-08 10:48:31 +02:00
05a9eccc14 fastd: run as user fastd 2018-07-26 17:59:49 +02:00
1425383a90 prometheus: add fastd statistics 2018-07-26 11:32:07 +02:00
0148513a65 radvd: fix wrong file name (introduced last cleanup) 2018-07-26 11:08:25 +02:00
bc1fadd083 fast-exporter: export fastd statistics 2018-07-26 11:08:03 +02:00
f40a674a0d Batman: remove dkms support 2018-07-26 11:00:06 +02:00
3477a59405 Cleanup (mostly whitespace and style) 2018-07-26 10:57:58 +02:00
f67fc116da Batman multicast_mode 0 2018-07-22 00:44:38 +02:00
ca0ce99437 Changed MTU 2018-07-21 17:18:18 +02:00
76b0c8d73f Renamed exit-ipv4 to exit-ip, added TCP-MSS Clamping for V4 and V6 2018-07-21 02:02:32 +02:00
608db4bb44 Substract Batman Overhead from v6 radvd MTU Link announce 2018-07-21 01:45:36 +02:00
012ba4de03 Added TCPMSS Clamping for IPv4 2018-07-21 01:40:20 +02:00
c00b5f854e Add new prometheus/grafana roles 2018-07-19 16:29:44 +02:00
b8cf1837e9 Fix too small ARP/ND cache 2018-07-19 16:28:52 +02:00
c80bb7c3d4 common: sync with binary kitchen role 2018-07-17 13:15:51 +02:00
c4204b60e1 Fix spelling 2018-07-17 12:37:33 +02:00
c3dec96f0e Removed AdvRouterAddr from ULA 2018-07-15 20:40:07 +02:00
7092e62d45 Default peer-limit for instance of 70 2018-07-15 01:56:28 +02:00
de337f1ad0 Added Stable Updater 2018-07-14 11:41:32 +02:00
b44e9dc450 Install node_exporter to enable monitoring 2018-07-12 10:35:15 +02:00
dc0c97b29f implemented proposed changes 2018-07-10 18:14:13 +02:00
057976b868 Cleaned up config.toml 2018-07-10 01:03:22 +02:00
90de6cebbe Yanic Update, changes to Config file, yanicToyanic config 2018-07-09 22:38:49 +02:00
bc1828e2d6 Fix confluence service file 2018-02-28 14:31:46 +01:00
91a450e336 Use systemd service for confluence 2018-02-28 14:23:53 +01:00
7d6ce37e54 Added Option to Build Batman DKMS Modules from Upstream Code 2018-02-25 23:21:40 +01:00
af77b4f71a Added Role to add GW Admin SSH Keys 2018-02-25 23:08:31 +01:00
6064619f86 update go version 2018-02-07 17:47:58 +01:00
cd4656fbaf mesh-interfaces: fix networking.service to finally unfuck systemd start
ordering
2018-02-06 13:56:22 +01:00
9720f98384 mesh-interfaces: do not create backup files, this will break things 2018-02-06 13:50:20 +01:00
Bastian Mäuser
40a8040047 removed bloat and doing dkms in ansible now 2018-02-04 20:06:39 +01:00
Bastian Mäuser
cf9f284f16 Missing conditionals fixed 2018-02-04 18:34:22 +01:00
Bastian Mäuser
1c7be4b822 Added batman-adv-dkms build option 2018-02-04 18:32:45 +01:00
Bastian Mäuser
09156deb66 Changed Yanic repo to ffrgb for for updating.. 2018-01-28 13:50:20 +01:00
Bastian Mäuser
7f7c55eb34 Added Proxy f/ firmware, Yanic Influx feeding 2018-01-28 13:40:01 +01:00
Bastian Mäuser
f21991e25e Added Verbose Information. TBD: Proper Updater 2018-01-28 13:39:33 +01:00
Bastian Mäuser
67baba2b43 web-gw proxypass for relocator 2018-01-27 20:24:56 +01:00
Bastian Mäuser
270b3b4c63 removed rendundant info 2018-01-25 23:20:50 +01:00
Bastian Mäuser
3b277eaa68 added Global V6 to FF bridge 2018-01-25 22:38:19 +01:00
Bastian Mäuser
82d709127b Added Global V6 to radvd 2018-01-25 22:38:00 +01:00
Bastian Mäuser
7932b33041 IPv4 Reverse Delegation added 2018-01-24 01:28:12 +01:00
Bastian Mäuser
4cd37e4c4c Merge branch 'radvd' 2018-01-24 00:56:28 +01:00
Bastian Mäuser
8e0e9133e3 Added Gateway ip's to Zone Template 2018-01-24 00:51:13 +01:00
Bastian Mäuser
7b41607839 Small fix 2018-01-24 00:49:46 +01:00
Bastian Mäuser
9bd490092f Enable IPV6 Routing for Bird 2018-01-24 00:30:43 +01:00
Bastian Mäuser
3282afe85c fix missing { 2018-01-24 00:13:06 +01:00
Bastian Mäuser
a601f1bb31 Added ansible Tag 2018-01-24 00:00:19 +01:00
Bastian Mäuser
7ed228992d Added radvd 2018-01-23 23:57:23 +01:00
Bastian Mäuser
a60021a860 Global MTU 2018-01-23 23:56:25 +01:00
Bastian Mäuser
a54af53a25 added global mtu 2018-01-23 23:55:05 +01:00
c85fa8d9f1 bird: IPv6 backbone L3 routing 2018-01-23 18:51:45 +01:00
6fd416051e bird: IPv4 backbone L3 routing 2018-01-23 18:45:11 +01:00
8d92dc9c82 gre tunnels between gateways 2018-01-22 21:57:19 +01:00
f1b9e3f72c Support multiple fastd interfaces 2018-01-21 20:46:21 +01:00
7b8ba46d5d fix whitespace 2018-01-21 16:55:09 +01:00
1a3f775731 Update 'roles/dhcpd/templates/dhcpd.conf.j2' 2018-01-20 22:57:56 +01:00
0a03d7c989 Update 'roles/mesh-interfaces/templates/mesh.conf.j2'
Changed OGM to 5s
2018-01-20 20:02:25 +01:00
908fe6aa85 Update 'roles/fastd/defaults/main.yml'
Avoid fragmentation of every single IPV6 payload.
2018-01-20 20:01:09 +01:00
45e90b0a5d Update 'roles/dns/templates/bind/ffrgb.zone.j2'
Director Services added.
2018-01-18 21:33:23 +01:00
f830046541 unfuck systemd startup issues 2018-01-18 14:48:41 +01:00
1e4b24e94b yanic: only install if binary is missing 2018-01-18 12:52:54 +01:00
6f22bde725 make sure nf_conntrack is loaded early on 2018-01-18 12:52:12 +01:00
e4a8e9431f dns: also restart auth server on changes 2018-01-18 12:51:54 +01:00
2d1f3c568d dns: serve ffrgb zone towards mesh 2018-01-18 12:47:56 +01:00
ceffd29bed dns: also listen on ipv6 2018-01-18 10:09:24 +01:00
f2c357ea72 Start yanic and respondd after network 2018-01-17 14:18:44 +01:00
2c92d4a379 Remove yanic push service 2018-01-17 14:13:24 +01:00
005fd47b1a Only fetch and unpack go if binary is missing 2018-01-17 11:35:24 +01:00
dc115c319b go: make version configureable, use 1.8.5 2018-01-17 10:41:02 +01:00
c2c8acea51 respondd: pin git version/tag 2018-01-17 09:27:32 +01:00
e86dd3b0cb do net set fd on bridge (not working anyway) 2018-01-16 23:28:14 +01:00
3d216afaf3 Fix ipv6 ULA by removing explicit mac addr from bridge 2018-01-16 23:16:55 +01:00
ea3823cb22 web-gw: fix permissoins on /var/www/html 2018-01-15 20:19:24 +01:00
4095975934 exit-ipv4: make sure nf_conntrack is loaded 2018-01-15 20:19:03 +01:00
fc3958bfb3 Change respondd upstream repository 2018-01-15 18:45:09 +01:00
25f9362b89 yanic: adjust config file to upstream changes 2018-01-15 12:32:51 +01:00
fc6d027a4f Update 'roles/fastd/templates/fastd.conf.j2'
null method for performance mode
2018-01-14 23:13:34 +01:00
5384ce802a fastd: make sure at least a dummy blacklist.sh is available 2018-01-14 20:23:08 +01:00
cb615fa1b6 certmgr: update to current version 2018-01-14 19:15:29 +01:00
7036590d01 cmmon: install net-tools (netstat) and psmisc (killall) 2018-01-14 19:05:25 +01:00
5d63113f41 cleanup (template -> file) 2018-01-10 16:35:20 +01:00
d0706c84bb web-gw: setup reverse proxy for firmware downloads 2018-01-10 15:54:30 +01:00
4c2ff47a28 Fix restart command for confluence certificates 2017-11-23 10:30:25 +01:00
40bd3cf30e Cleanup web-gw and nginx 2017-11-16 19:02:26 +01:00
6770035a61 Unbreank yanic service 2017-11-09 21:44:38 +01:00
af446ed4e9 Unbreak yanic installation 2017-11-09 21:31:39 +01:00
34ce42c73b Cleanup fastd role 2017-11-09 21:21:19 +01:00
b57bc04e1c Fixed MAC addresses for br/bat-interfaces 2017-11-09 21:05:47 +01:00
6a0c6ff476 Disable mouse in vim 2017-09-19 09:26:08 +02:00
10e9ed9fd6 Cleanup 2017-07-11 17:48:05 +02:00
a0ef587a41 Add web-server for gateways 2017-07-03 21:18:45 +02:00
72357d34fa Minimize changes to upstream default config 2017-07-03 12:58:18 +02:00
632ccfc8ca Require debian stretch, drop backports, cleanup 2017-06-30 11:59:14 +02:00
f9a407391c Add gw_mode to batman interface 2017-06-15 16:48:07 +02:00
6cccf81de2 Add yanic role (mostly copy&paste from Bremen) 2017-06-11 20:26:34 +02:00
6f071c524a Fix respondd service 2017-06-11 20:15:28 +02:00
fc75edb757 Add missing dependency 2017-06-11 20:06:29 +02:00
77b895ad56 Style cleanup 2017-04-05 22:02:56 +02:00
7b640e17d4 Fix path to arp 2017-04-05 22:01:37 +02:00
3e6f2f1b5b Update nginx config to support confluence 6.x 2017-04-05 17:12:07 +02:00