-
-
Notifications
You must be signed in to change notification settings - Fork 4
/
freifunk.ffbsee.yml
288 lines (267 loc) · 5.6 KB
/
freifunk.ffbsee.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
---
# auto load vault vars
- name: load vault vars
hosts: all
tasks:
- include_vars: group_vars/all_vault.yml
- name: check if ansible is not to old
hosts: localhost
tags:
- default
roles:
- ansible_version
gather_facts: no
- name: Update packages and users on all nodes
hosts: freifunk
tags:
- base
- users
- home
- base-packages
- base_packages
- ssh_authorized_keys
- home_environment
- new-user
- base
- ssh
- sshd
- ssh_authorized_keys
- auth
roles:
- base_packages
- manage_users
- ssh_authorized_keys
- sshd
- home_environment
- name: python3 as default
hosts: all
tags:
- python3
- python-is-python3
- python3-is-python
- python-default
- python3-default
roles:
- python3-default
- name: Update packages and users on all nodes
hosts: freifunk
tags:
- home_environment
- motd
roles:
- home_environment
- motd
- install-bat
tasks:
- name: Prevent batman package auto upgrade
dpkg_selections:
name: bat
selection: hold
# Note: this is NOT done for gw04 atm
- name: Configure basic network setup for gw
hosts:
- gw01.ffbsee.net
- gw02.ffbsee.net
- gw03.ffbsee.net
# - gw04.ffbsee.net
- map.ffbsee.net
tags:
- network
- interfaces
roles:
- network
- name: fail2ban
hosts: all
tags:
- fail2ban
roles:
- name: fail2ban
- name: Configure freifunk network setup for gw
hosts: freifunk
tags:
- backbone
- fastd
- freifunk-backbone
- freifunk-update-script
- fastd-install
- fastd-config
roles:
- freifunk-backbone
- freifunk-update-script
- fastd-install
- fastd-config
- name: Configure network routing for gw
hosts: freifunk
tags:
- routing
- iptables
- ip6tables
- firewall
roles:
- firewall
# Note: this is only done for gw02
- name: Configure ovh dns script for gw02.ffbsee.net
hosts: gw02.ffbsee.net
tags: ovh
roles:
- ovh-dns-update
- name: Configure network routing for gw
hosts:
- gw01.ffbsee.net
- gw02.ffbsee.net
- gw03.ffbsee.net
- gw04.ffbsee.net
tags:
- routing
- dhcp
- dhcpd
- isc-dhcp
- isc
- isc-dhcp-server
- isc-dhcp-relay
- dhcp-relay
roles:
#- dhcpd
- dhcp-relay
- name: Configure network routing for map
hosts:
- map.ffbsee.net
tags:
- routing
- dhcp
- dhcpd
- isc-dhcp
- isc
- isc-dhcp-server
- isc-dhcp-relay
- dhcp-relay
roles:
- dhcpd
# Note: this is only done on gws
- name: Configure network routing for gw
hosts:
- gw01.ffbsee.net
- gw02.ffbsee.net
- gw03.ffbsee.net
- gw04.ffbsee.net
tags:
- dns
- unbound
- role-unbound
- bind
roles:
- unbound
- unbound_freifunk_tlds
- bird
- freifunk-icvpn
- tinc
# Note: this is only done on the map server
- name: Configure web setup for gw
hosts: map.ffbsee.net
tags: web
roles:
- nginx
- gateway-page
# - freifunk-karte-json
# - FFNodeList
- name: install telegraf
hosts: all
become: yes
tags:
- telegraf
roles:
- telegraf
- name: install prometheus
hosts: map.ffbsee.net
tags:
- prometheus
roles:
- prometheus
- name: install grafana
hosts: map.ffbsee.net
tags:
- grafana
roles:
- role: grafana
vars:
grafana_security:
admin_user: admin
admin_password: "{{ grafana_admin_password }}"
tasks:
- name: create dashboard dir
file:
path: /opt/grafana/dashboards
state: directory
mode: '0755'
- name: provision dashboards config
copy:
dest: /etc/grafana/provisioning/dashboards/default.yaml
content: |
apiVersion: 1
providers:
- name: 'default'
disableDeletion: true
editable: false
updateIntervalSeconds: 300
allowUiUpdates: false
options:
path: {{ grafana_dashboard_dir }}
- name: install dashboards
copy:
src: "files/grafana_dashboards/{{ item }}"
dest: "{{ grafana_dashboard_dir }}/{{ item }}"
mode: '0644'
loop:
- freifunk_overview.json
- freifunk_router_detail.json
- freifunk_robin_detail.json
- freifunk_robin_overview.json
- name: install golang
hosts: map.ffbsee.net
tags:
- golang
- go
roles:
- role: golang
- name: install xperimental/freifunk-exporter
hosts: map.ffbsee.net
environment:
# make sure we find go
PATH: /opt/go/1.14.4/bin:{{ ansible_env.PATH }}
tags:
- freifunk-exporter
- exporter
- prometheus-exporter
tasks:
- name: clone repository
git:
repo: 'https://github.com/xperimental/freifunk-exporter.git'
dest: "{{ freifunk_exporter_path }}"
- name: Build the default target
make:
chdir: "{{ freifunk_exporter_path }}"
- name: install freifunk-exporter service
copy:
content: |
[Unit]
Description=freifunk-exporter
[Service]
Type=simple
ExecStart={{ freifunk_exporter_path }}/freifunk-exporter --cache-interval 30s --source-url https://meta.ffbsee.net/data/meshviewer.json
[Install]
WantedBy=multi-user.target
dest: /lib/systemd/system/freifunk-exporter.service
- name: enable and start freifunk-exporter
systemd:
state: started
enabled: yes
name: freifunk-exporter
vars:
freifunk_exporter_path: /opt/freifunk-exporter
#defaults to port: 9295
- name: install re4jh/robin-exporter
hosts: map.ffbsee.net
tags:
- robin
roles:
- ffbsee-robin-exporter