update and fix stuff

group_vars/all.yml

@@ -2,4 +2,4 @@ radvd_prefixes:
   - fdef:ffc0:3dd7::/64
   - 2001:67c:2d50::/64
 dhcpd_subnet: 10.130.0.0
-dhcpd_netmask: 255.255.240.0
+dhcpd_netmask: 255.255.0.0

host_vars/huextertor.yml

 ip4: 10.130.0.252
-ip6: 2001:67c:2d50::d01
-ip6_ula: fdef:ffc0:3dd7::d01
-fastd_mesh_mac: de:ad:ca:fe:aa:bb
-fastd_gw_mac: de:ad:ca:fe:bb:dd
-freifunk_mac: de:ad:ca:fe:cc:dd
-dhcpd_start: 10.130.12.63
-dhcpd_end: 10.130.15.255
+ip6: 2001:67c:2d50::bb
+ip6_ula: fdef:ffc0:3dd7::bb
+fastd_mesh_mac: de:ad:ca:fe:bb:bb
+fastd_gw_mac: de:ad:ca:fe:bb:cc
+freifunk_mac: de:ad:ca:fe:bb:aa
+dhcpd_start: 10.130.24.1
+dhcpd_end: 10.130.31.254
+internet_iface_mac: 52:54:00:57:84:a3

host_vars/kaisertor.yml

 ip4: 10.130.0.255
-ip6: 2001:67c:2d50::b01
-ip6_ula: fdef:ffc0:3dd7::b01
-fastd_mesh_mac: de:ad:ca:fe:aa:aa
-fastd_gw_mac: de:ad:ca:fe:bb:bb
-freifunk_mac: de:ad:ca:fe:cc:bb
-dhcpd_start: 10.130.1.0
-dhcpd_end: 10.130.4.190
+ip6: 2001:67c:2d50::aa
+ip6_ula: fdef:ffc0:3dd7::aa
+fastd_mesh_mac: de:ad:ca:fe:aa:bb
+fastd_gw_mac: de:ad:ca:fe:aa:cc
+freifunk_mac: de:ad:ca:fe:aa:aa
+dhcpd_start: 10.130.16.1
+dhcpd_end: 10.130.23.254
+internet_iface_mac: 52:54:00:57:84:a3

revert_and_setup.sh

@@ -3,10 +3,10 @@
 set -e
 
 # virsh snapshot-revert --domain ffhl-test-gateway --current
-virsh snapshot-revert --domain ffhl-test-gateway 1579128050
+virsh snapshot-revert --domain ffhl-gw01 --current
 echo "restarting timesyncd and ntp"
 ssh -q root@10.8.1.50 systemctl restart systemd-timesyncd
-ssh -q root@10.8.1.50 systemctl restart ntp
+# ssh -q root@10.8.1.50 systemctl restart ntp
 echo "waiting..."
 sleep 7
 
@@ -14,4 +14,4 @@ echo "removing artifacts"
 rm -rf artifacts
 
 echo "run the playbook"
-ansible-playbook -vvvv -i hosts debian_setup.yml
+ansible-playbook -vvvv -i hosts_new debian_setup.yml

roles/debian_base/files/etc/bind/named.conf.local

+zone "ffhl" IN {
+	type master;
+	file "ffhl/ffhl.zone";
+	allow-transfer { any; };
+};
+
+zone "130.10.in-addr.arpa" IN {
+	type master;
+	file "ffhl/10.130.zone";
+	allow-transfer { any; };
+};
+
+zone "7.d.d.3.0.c.f.f.f.e.d.f.ip6.arpa" IN {
+	type master;
+	file "ffhl/fdef:ffc0:3dd7.zone";
+	allow-transfer { any; };
+};

roles/debian_base/files/etc/bind/named.conf.options

+options {
+	directory "/var/cache/bind";
+	auth-nxdomain yes;
+	datasize default;
+	listen-on { any; };
+	listen-on-v6 { any; };
+
+	allow-recursion {
+		::1/128;
+		127.0.0.1/8;
+		2001:67c:2d50::/48;
+		fdef:ffc0:3dd7::/48;
+		10.130.0.0/16;
+	};
+
+	allow-transfer { none; };
+	allow-update { none; };
+	version none;
+	hostname none;
+	server-id none;
+	empty-zones-enable yes;
+};

roles/debian_base/files/etc/bind/named_.conf

+zone "0.0.127.in-addr.arpa" IN {
+	type master;
+	file "127.0.0.zone";
+};
+
+zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" {
+	type master;
+	file "localhost.ip6.zone";
+};
+
+zone "255.in-addr.arpa" IN {
+	type master;
+	file "empty.zone";
+};
+
+zone "0.in-addr.arpa" IN {
+	type master;
+	file "empty.zone";
+};

roles/debian_base/files/etc/named.conf

-options {
-	directory "/var/named";
-	pid-file "/var/run/named/named.pid";
-	auth-nxdomain yes;
-	datasize default;
-	listen-on { any; };
-	listen-on-v6 { any; };
-
-	allow-recursion {
-		::1/128;
-		127.0.0.1/8;
-		2001:67c:2d50::/48;
-		fdef:ffc0:3dd7::/48;
-		10.130.0.0/16;
-	};
-
-	allow-transfer { none; };
-	allow-update { none; };
-	version none;
-	hostname none;
-	server-id none;
-	empty-zones-enable yes;
-};
-
-zone "localhost" IN {
-	type master;
-	file "localhost.zone";
-};
-
-zone "0.0.127.in-addr.arpa" IN {
-	type master;
-	file "127.0.0.zone";
-};
-
-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" {
-	type master;
-	file "localhost.ip6.zone";
-};
-
-zone "255.in-addr.arpa" IN {
-	type master;
-	file "empty.zone";
-};
-
-zone "0.in-addr.arpa" IN {
-	type master;
-	file "empty.zone";
-};
-
-zone "." IN {
-	type hint;
-	file "root.hint";
-};
-
-zone "ffhl" IN {
-	type master;
-	file "ffhl/ffhl.zone";
-	allow-transfer { any; };
-};
-
-zone "130.10.in-addr.arpa" IN {
-	type master;
-	file "ffhl/10.130.zone";
-	allow-transfer { any; };
-};
-
-zone "7.d.d.3.0.c.f.f.f.e.d.f.ip6.arpa" IN {
-	type master;
-	file "ffhl/fdef:ffc0:3dd7.zone";
-	allow-transfer { any; };
-};
-
-include "/etc/named_ffdns.conf";

roles/debian_base/files/etc/systemd/system/update-ffhl-dns.service

 [Service]
 Type=oneshot
-WorkingDirectory=/var/named/ffhl
+WorkingDirectory=/var/cache/bind
 ExecStart=/usr/bin/git pull

roles/debian_base/files/host/huextertor/etc/openvpn/hideio.conf

-client
-dev hideio
-dev-type tun
-proto udp
-remote nl.hide.io 3478
-cipher AES-128-CBC
-resolv-retry infinite
-nobind
-persist-key
-persist-tun
-mute-replay-warnings
-ca hideio/TrustedRoot.pem
-verb 3
-auth-user-pass hideio/password.txt
-reneg-sec 0
-
-auth-retry nointeract
-mtu-test
-script-security 2
-route-nopull

roles/debian_base/files/host/huextertor/etc/openvpn/hideio/TrustedRoot.pem

------BEGIN CERTIFICATE-----
-MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs
-MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
-d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
-ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL
-MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3
-LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug
-RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm
-+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW
-PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM
-xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB
-Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3
-hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg
-EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF
-MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA
-FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec
-nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z
-eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF
-hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2
-Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
-vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
-+OkuE6N36B9K
------END CERTIFICATE-----

roles/debian_base/files/post-merge/ffhl-dns

 #!/bin/sh
 
-systemctl reload named.service
+systemctl reload bind9.service
 
 exit 0

roles/debian_base/tasks/ffhl-dns.yml

 ---
-- git: repo=https://github.com/freifunk-luebeck/ffhl-dns.git dest=/var/named/ffhl
-- copy: src=post-merge/ffhl-dns dest=/var/named/ffhl/.git/hooks/post-merge mode=a+x
+- git: repo=https://gitlab.com/freifunk-luebeck/ffhl-dns.git dest=/var/cache/bind/ffhl
+- copy: src=post-merge/ffhl-dns dest=/var/cache/bind/ffhl/.git/hooks/post-merge mode=a+x

roles/debian_base/tasks/main.yml

@@ -33,6 +33,7 @@
   block:
     - template: src=network/10-ffhl.netdev.j2 dest=/etc/systemd/network/10-ffhl.netdev
     - template: src=network/12-ffhl.network.j2 dest=/etc/systemd/network/12-ffhl.network
+    - template: src=network/10-internet.link.j2 dest=/etc/systemd/network/12-internet.link
 
 # sometimes disabled (dunno why)
 - name: enable systemd-networkd

roles/debian_base/templates/network/10-internet.link.j2

+[Match]
+MACAddress={{ internet_iface_mac }}
+
+[Link]
+Name=internet

roles/debian_base/templates/network/12-ffhl.network.j2

@@ -3,7 +3,7 @@ Name=ffhl
 
 [Network]
 IPForward=yes
-Address={{ ip4 }}/20
+Address={{ ip4 }}/16
 Address={{ ip6 }}/64
 Address={{ ip6_ula }}/64
 

todo.md

@@ -3,6 +3,6 @@ Things for a working Gateway:
 - [x] fastd
 - [x] batman
 - [ ] DHCP
-- [ ] radvd
+- [x] radvd
 - [ ] BGP
 - [x] prometheus