From fa3d2ea0f19270979358cd8e0324dc32a58fb6a8 Mon Sep 17 00:00:00 2001
From: Paul Maruhn <paulmaruhn@posteo.de>
Date: Sat, 29 Feb 2020 03:04:06 +0100
Subject: [PATCH] update and fix stuff
---
group_vars/all.yml | 2 +-
host_vars/huextertor.yml | 15 ++--
host_vars/kaisertor.yml | 15 ++--
revert_and_setup.sh | 6 +-
.../files/etc/bind/named.conf.local | 17 +++++
.../files/etc/bind/named.conf.options | 22 ++++++
roles/debian_base/files/etc/bind/named_.conf | 19 +++++
roles/debian_base/files/etc/named.conf | 73 -------------------
.../systemd/system/update-ffhl-dns.service | 2 +-
.../host/huextertor/etc/openvpn/hideio.conf | 20 -----
.../etc/openvpn/hideio/TrustedRoot.pem | 23 ------
roles/debian_base/files/post-merge/ffhl-dns | 2 +-
roles/debian_base/tasks/ffhl-dns.yml | 4 +-
roles/debian_base/tasks/main.yml | 1 +
.../templates/network/10-internet.link.j2 | 5 ++
.../templates/network/12-ffhl.network.j2 | 2 +-
todo.md | 2 +-
17 files changed, 90 insertions(+), 140 deletions(-)
create mode 100644 roles/debian_base/files/etc/bind/named.conf.local
create mode 100644 roles/debian_base/files/etc/bind/named.conf.options
create mode 100644 roles/debian_base/files/etc/bind/named_.conf
delete mode 100644 roles/debian_base/files/etc/named.conf
delete mode 100644 roles/debian_base/files/host/huextertor/etc/openvpn/hideio.conf
delete mode 100755 roles/debian_base/files/host/huextertor/etc/openvpn/hideio/TrustedRoot.pem
create mode 100644 roles/debian_base/templates/network/10-internet.link.j2
diff --git a/group_vars/all.yml b/group_vars/all.yml
index 17041d6..ffbd175 100644
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@@ -2,4 +2,4 @@ radvd_prefixes:
- fdef:ffc0:3dd7::/64
- 2001:67c:2d50::/64
dhcpd_subnet: 10.130.0.0
-dhcpd_netmask: 255.255.240.0
+dhcpd_netmask: 255.255.0.0
diff --git a/host_vars/huextertor.yml b/host_vars/huextertor.yml
index 88e5507..d56342f 100644
--- a/host_vars/huextertor.yml
+++ b/host_vars/huextertor.yml
@@ -1,8 +1,9 @@
ip4: 10.130.0.252
-ip6: 2001:67c:2d50::d01
-ip6_ula: fdef:ffc0:3dd7::d01
-fastd_mesh_mac: de:ad:ca:fe:aa:bb
-fastd_gw_mac: de:ad:ca:fe:bb:dd
-freifunk_mac: de:ad:ca:fe:cc:dd
-dhcpd_start: 10.130.12.63
-dhcpd_end: 10.130.15.255
+ip6: 2001:67c:2d50::bb
+ip6_ula: fdef:ffc0:3dd7::bb
+fastd_mesh_mac: de:ad:ca:fe:bb:bb
+fastd_gw_mac: de:ad:ca:fe:bb:cc
+freifunk_mac: de:ad:ca:fe:bb:aa
+dhcpd_start: 10.130.24.1
+dhcpd_end: 10.130.31.254
+internet_iface_mac: 52:54:00:57:84:a3
diff --git a/host_vars/kaisertor.yml b/host_vars/kaisertor.yml
index 98e37c2..0c54b77 100644
--- a/host_vars/kaisertor.yml
+++ b/host_vars/kaisertor.yml
@@ -1,8 +1,9 @@
ip4: 10.130.0.255
-ip6: 2001:67c:2d50::b01
-ip6_ula: fdef:ffc0:3dd7::b01
-fastd_mesh_mac: de:ad:ca:fe:aa:aa
-fastd_gw_mac: de:ad:ca:fe:bb:bb
-freifunk_mac: de:ad:ca:fe:cc:bb
-dhcpd_start: 10.130.1.0
-dhcpd_end: 10.130.4.190
+ip6: 2001:67c:2d50::aa
+ip6_ula: fdef:ffc0:3dd7::aa
+fastd_mesh_mac: de:ad:ca:fe:aa:bb
+fastd_gw_mac: de:ad:ca:fe:aa:cc
+freifunk_mac: de:ad:ca:fe:aa:aa
+dhcpd_start: 10.130.16.1
+dhcpd_end: 10.130.23.254
+internet_iface_mac: 52:54:00:57:84:a3
diff --git a/revert_and_setup.sh b/revert_and_setup.sh
index ac9813c..d7a7e2a 100755
--- a/revert_and_setup.sh
+++ b/revert_and_setup.sh
@@ -3,10 +3,10 @@
set -e
# virsh snapshot-revert --domain ffhl-test-gateway --current
-virsh snapshot-revert --domain ffhl-test-gateway 1579128050
+virsh snapshot-revert --domain ffhl-gw01 --current
echo "restarting timesyncd and ntp"
ssh -q root@10.8.1.50 systemctl restart systemd-timesyncd
-ssh -q root@10.8.1.50 systemctl restart ntp
+# ssh -q root@10.8.1.50 systemctl restart ntp
echo "waiting..."
sleep 7
@@ -14,4 +14,4 @@ echo "removing artifacts"
rm -rf artifacts
echo "run the playbook"
-ansible-playbook -vvvv -i hosts debian_setup.yml
+ansible-playbook -vvvv -i hosts_new debian_setup.yml
diff --git a/roles/debian_base/files/etc/bind/named.conf.local b/roles/debian_base/files/etc/bind/named.conf.local
new file mode 100644
index 0000000..f24c71c
--- /dev/null
+++ b/roles/debian_base/files/etc/bind/named.conf.local
@@ -0,0 +1,17 @@
+zone "ffhl" IN {
+ type master;
+ file "ffhl/ffhl.zone";
+ allow-transfer { any; };
+};
+
+zone "130.10.in-addr.arpa" IN {
+ type master;
+ file "ffhl/10.130.zone";
+ allow-transfer { any; };
+};
+
+zone "7.d.d.3.0.c.f.f.f.e.d.f.ip6.arpa" IN {
+ type master;
+ file "ffhl/fdef:ffc0:3dd7.zone";
+ allow-transfer { any; };
+};
diff --git a/roles/debian_base/files/etc/bind/named.conf.options b/roles/debian_base/files/etc/bind/named.conf.options
new file mode 100644
index 0000000..0587a30
--- /dev/null
+++ b/roles/debian_base/files/etc/bind/named.conf.options
@@ -0,0 +1,22 @@
+options {
+ directory "/var/cache/bind";
+ auth-nxdomain yes;
+ datasize default;
+ listen-on { any; };
+ listen-on-v6 { any; };
+
+ allow-recursion {
+ ::1/128;
+ 127.0.0.1/8;
+ 2001:67c:2d50::/48;
+ fdef:ffc0:3dd7::/48;
+ 10.130.0.0/16;
+ };
+
+ allow-transfer { none; };
+ allow-update { none; };
+ version none;
+ hostname none;
+ server-id none;
+ empty-zones-enable yes;
+};
diff --git a/roles/debian_base/files/etc/bind/named_.conf b/roles/debian_base/files/etc/bind/named_.conf
new file mode 100644
index 0000000..61ccbc2
--- /dev/null
+++ b/roles/debian_base/files/etc/bind/named_.conf
@@ -0,0 +1,19 @@
+zone "0.0.127.in-addr.arpa" IN {
+ type master;
+ file "127.0.0.zone";
+};
+
+zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" {
+ type master;
+ file "localhost.ip6.zone";
+};
+
+zone "255.in-addr.arpa" IN {
+ type master;
+ file "empty.zone";
+};
+
+zone "0.in-addr.arpa" IN {
+ type master;
+ file "empty.zone";
+};
diff --git a/roles/debian_base/files/etc/named.conf b/roles/debian_base/files/etc/named.conf
deleted file mode 100644
index a878271..0000000
--- a/roles/debian_base/files/etc/named.conf
+++ /dev/null
@@ -1,73 +0,0 @@
-options {
- directory "/var/named";
- pid-file "/var/run/named/named.pid";
- auth-nxdomain yes;
- datasize default;
- listen-on { any; };
- listen-on-v6 { any; };
-
- allow-recursion {
- ::1/128;
- 127.0.0.1/8;
- 2001:67c:2d50::/48;
- fdef:ffc0:3dd7::/48;
- 10.130.0.0/16;
- };
-
- allow-transfer { none; };
- allow-update { none; };
- version none;
- hostname none;
- server-id none;
- empty-zones-enable yes;
-};
-
-zone "localhost" IN {
- type master;
- file "localhost.zone";
-};
-
-zone "0.0.127.in-addr.arpa" IN {
- type master;
- file "127.0.0.zone";
-};
-
-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" {
- type master;
- file "localhost.ip6.zone";
-};
-
-zone "255.in-addr.arpa" IN {
- type master;
- file "empty.zone";
-};
-
-zone "0.in-addr.arpa" IN {
- type master;
- file "empty.zone";
-};
-
-zone "." IN {
- type hint;
- file "root.hint";
-};
-
-zone "ffhl" IN {
- type master;
- file "ffhl/ffhl.zone";
- allow-transfer { any; };
-};
-
-zone "130.10.in-addr.arpa" IN {
- type master;
- file "ffhl/10.130.zone";
- allow-transfer { any; };
-};
-
-zone "7.d.d.3.0.c.f.f.f.e.d.f.ip6.arpa" IN {
- type master;
- file "ffhl/fdef:ffc0:3dd7.zone";
- allow-transfer { any; };
-};
-
-include "/etc/named_ffdns.conf";
diff --git a/roles/debian_base/files/etc/systemd/system/update-ffhl-dns.service b/roles/debian_base/files/etc/systemd/system/update-ffhl-dns.service
index 0ab4a9d..0f128f7 100644
--- a/roles/debian_base/files/etc/systemd/system/update-ffhl-dns.service
+++ b/roles/debian_base/files/etc/systemd/system/update-ffhl-dns.service
@@ -1,4 +1,4 @@
[Service]
Type=oneshot
-WorkingDirectory=/var/named/ffhl
+WorkingDirectory=/var/cache/bind
ExecStart=/usr/bin/git pull
diff --git a/roles/debian_base/files/host/huextertor/etc/openvpn/hideio.conf b/roles/debian_base/files/host/huextertor/etc/openvpn/hideio.conf
deleted file mode 100644
index 90ff7b6..0000000
--- a/roles/debian_base/files/host/huextertor/etc/openvpn/hideio.conf
+++ /dev/null
@@ -1,20 +0,0 @@
-client
-dev hideio
-dev-type tun
-proto udp
-remote nl.hide.io 3478
-cipher AES-128-CBC
-resolv-retry infinite
-nobind
-persist-key
-persist-tun
-mute-replay-warnings
-ca hideio/TrustedRoot.pem
-verb 3
-auth-user-pass hideio/password.txt
-reneg-sec 0
-
-auth-retry nointeract
-mtu-test
-script-security 2
-route-nopull
diff --git a/roles/debian_base/files/host/huextertor/etc/openvpn/hideio/TrustedRoot.pem b/roles/debian_base/files/host/huextertor/etc/openvpn/hideio/TrustedRoot.pem
deleted file mode 100755
index 9e6810a..0000000
--- a/roles/debian_base/files/host/huextertor/etc/openvpn/hideio/TrustedRoot.pem
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs
-MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
-d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
-ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL
-MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3
-LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug
-RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm
-+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW
-PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM
-xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB
-Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3
-hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg
-EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF
-MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA
-FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec
-nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z
-eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF
-hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2
-Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
-vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
-+OkuE6N36B9K
------END CERTIFICATE-----
diff --git a/roles/debian_base/files/post-merge/ffhl-dns b/roles/debian_base/files/post-merge/ffhl-dns
index 4a1bd3e..e5419ba 100755
--- a/roles/debian_base/files/post-merge/ffhl-dns
+++ b/roles/debian_base/files/post-merge/ffhl-dns
@@ -1,5 +1,5 @@
#!/bin/sh
-systemctl reload named.service
+systemctl reload bind9.service
exit 0
diff --git a/roles/debian_base/tasks/ffhl-dns.yml b/roles/debian_base/tasks/ffhl-dns.yml
index 44fa5c5..ca7bdfa 100644
--- a/roles/debian_base/tasks/ffhl-dns.yml
+++ b/roles/debian_base/tasks/ffhl-dns.yml
@@ -1,3 +1,3 @@
---
-- git: repo=https://github.com/freifunk-luebeck/ffhl-dns.git dest=/var/named/ffhl
-- copy: src=post-merge/ffhl-dns dest=/var/named/ffhl/.git/hooks/post-merge mode=a+x
+- git: repo=https://gitlab.com/freifunk-luebeck/ffhl-dns.git dest=/var/cache/bind/ffhl
+- copy: src=post-merge/ffhl-dns dest=/var/cache/bind/ffhl/.git/hooks/post-merge mode=a+x
diff --git a/roles/debian_base/tasks/main.yml b/roles/debian_base/tasks/main.yml
index 2513d6e..58c8078 100644
--- a/roles/debian_base/tasks/main.yml
+++ b/roles/debian_base/tasks/main.yml
@@ -33,6 +33,7 @@
block:
- template: src=network/10-ffhl.netdev.j2 dest=/etc/systemd/network/10-ffhl.netdev
- template: src=network/12-ffhl.network.j2 dest=/etc/systemd/network/12-ffhl.network
+ - template: src=network/10-internet.link.j2 dest=/etc/systemd/network/12-internet.link
# sometimes disabled (dunno why)
- name: enable systemd-networkd
diff --git a/roles/debian_base/templates/network/10-internet.link.j2 b/roles/debian_base/templates/network/10-internet.link.j2
new file mode 100644
index 0000000..1072857
--- /dev/null
+++ b/roles/debian_base/templates/network/10-internet.link.j2
@@ -0,0 +1,5 @@
+[Match]
+MACAddress={{ internet_iface_mac }}
+
+[Link]
+Name=internet
diff --git a/roles/debian_base/templates/network/12-ffhl.network.j2 b/roles/debian_base/templates/network/12-ffhl.network.j2
index e82136f..45d85f4 100644
--- a/roles/debian_base/templates/network/12-ffhl.network.j2
+++ b/roles/debian_base/templates/network/12-ffhl.network.j2
@@ -3,7 +3,7 @@ Name=ffhl
[Network]
IPForward=yes
-Address={{ ip4 }}/20
+Address={{ ip4 }}/16
Address={{ ip6 }}/64
Address={{ ip6_ula }}/64
diff --git a/todo.md b/todo.md
index b252e8a..3be118b 100644
--- a/todo.md
+++ b/todo.md
@@ -3,6 +3,6 @@ Things for a working Gateway:
- [x] fastd
- [x] batman
- [ ] DHCP
-- [ ] radvd
+- [x] radvd
- [ ] BGP
- [x] prometheus
--
GitLab