ansible-Scripts to build new VPN-Gateways

ansible freifunk-bremen-gateway ic-vpn infrastructure

Python 51.9%
Shell 32.9%
Gherkin 9.7%
PHP 4.9%
HTML 0.6%

Find a file

mortzu 37228a3d1c Updated restic role to reflect the actual state of setup		2024-07-18 20:14:31 +02:00
behave	behave: add very basic tests for Huginn and Grafana	2020-08-31 22:12:45 +02:00
filter_plugins	backbone-gre: Bring up interfaces immediately	2016-04-03 02:15:00 +02:00
group_vars	Merge vaulted vars into regular group_vars	2024-07-08 18:19:10 +02:00
lib	lib/hosts.py: Use builtin ipaddress module instead of ipcalc	2024-07-08 18:06:52 +02:00
library	Fix writing of secret.conf	2022-05-21 16:34:01 +02:00
playbooks	Remove obsolete monitoring role and playbook	2024-07-08 19:47:43 +02:00
roles	Updated restic role to reflect the actual state of setup	2024-07-18 20:14:31 +02:00
scripts	Reencrypt for janeric	2021-09-27 11:31:30 +02:00
site@3c89298127	[BUGFIX] change ipv6 prefix without infrastructur	2018-04-26 15:50:24 +02:00
vagrant	Add vagrant configuration	2015-07-29 00:12:54 +02:00
.ansible-lint	Added ansible-lint config	2021-09-26 18:46:56 +02:00
.gitignore	add requirements.txt, for easy installation of Python dependencies	2022-05-25 19:11:32 +02:00
.gitmodules	Add site configuration as submodule	2015-08-22 17:45:00 +02:00
ansible.cfg	ansible.cfg: Removed quotation marks on ansible_managed as they get applyed to files	2024-03-17 15:25:59 +01:00
hosts	Add vpn10	2024-07-08 19:41:43 +02:00
README.md	Remove icvpn role and variables	2024-07-08 17:59:52 +02:00
requirements.txt	lib/hosts.py: Use builtin ipaddress module instead of ipcalc	2024-07-08 18:06:52 +02:00
vault_passphrase.gpg	Reencrypt for janeric	2021-09-27 11:31:30 +02:00

README.md

Ansible Freifunk Bremen

In this repository are playbooks for deploying services on Freifunk Bremen machines.

Dependencies

With PyPI:

virtualenv pythonenv
source pythonenv/bin/activate
pip install -r requirements.txt

Or as Debian/Ubuntu packages:

apt-get install python-dnspython ca-certificates

Playbooks

services: Generic service host for Freifunk Bremen community.
vpnserver: vpnserver sets up a Freifunk Bremen gateway.

Site-Conf

Community related variables are defined in site/site.conf and group_vars/all.yml. This variables are used by the ansible-tasks.

pgp_keyserver:        'pool.sks-keyservers.net'
site_git_root:        'https://github.com/FreifunkBremen'
site_city:            'bremen'
site_domain:          'bremen.freifunk.net'
site_vpn_prefix:      'vpn'
icvpn_as:             65196
fastd_peers_limit:    150

Other communities need to modify this variables.

Hosts

The hosts-file defines all machines where our services are deployed on as well as community related variables. For other communities the variables are to be changed. Variables:

ipv6_local_network  = "fd75:3707:b8c2::/64",

Hosts:

vpn0*.bremen.freifunk.net

with exit_ipv4=gre and ansible_ssh_port=* (both optional).

Gateway Playbook

Playbook vpnserver sets up a Freifunk Bremen gateway. When executed additional variabels need to be defined. For example to set up a Freifunk gateway on vpn05 the following command is used:

ansible-playbook playbooks/vpnserver.yml --limit=vpn05.bremen.freifunk.net

For detailed information about the roles see README.md inside of the role.

Afterwork

After setting up a vpnserver you have to do something by hand.

Create DNS-Entries

In Bremen you need a VPN-Entry and NTP-Entry.

Add fastd-public-key to site.confg

You got your key from running

fastd --show-key -c /etc/fastd/{{site_code}}/fastd.conf

Then add it to your site.conf - From Bremen you found it here

Do not forget to add NTP-Server either.

Add bgp internal routing

Ask to other VPN-Owner to run ansible again. On this way the other vpns got the new internal routing in bird and bird6. See here