first commit
This commit is contained in:
commit
8f7518a55b
98 changed files with 2519 additions and 0 deletions
10
.gitignore
vendored
Normal file
10
.gitignore
vendored
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
/lime-mac/*
|
||||||
|
doc*.md
|
||||||
|
|
||||||
|
|
||||||
|
# public
|
||||||
|
/lime-mac/*
|
||||||
|
/host_vars/lime-*
|
||||||
|
!/host_vars/lime-000000000000.yml
|
||||||
|
group_vars/wg_server.yml
|
||||||
|
/mesh_devices.yml
|
48
README.md
Normal file
48
README.md
Normal file
|
@ -0,0 +1,48 @@
|
||||||
|
|
||||||
|
un ruolo ansible per aggiornare i belvederi e la macchina con gli strumenti
|
||||||
|
|
||||||
|
alcuni ruoli per installare i componenti necessari al monitoring dei belvederi
|
||||||
|
- prometheus
|
||||||
|
- blackbox_exporter
|
||||||
|
- alertmanager
|
||||||
|
|
||||||
|
requirements
|
||||||
|
pip3 install ansible
|
||||||
|
pip3 install jinja2-ansible-filters
|
||||||
|
|
||||||
|
Aggiungi il percorso di dove ti ha installato ansible ed aggeggi vari nel tuo .bash_profile che hai in home:
|
||||||
|
|
||||||
|
```
|
||||||
|
#ansible ed ansible-galaxy
|
||||||
|
export PATH=$PATH:~/.local/bin
|
||||||
|
```
|
||||||
|
dai `source ~/.bash_profile`
|
||||||
|
|
||||||
|
Installa i componenti ansible-galaxy
|
||||||
|
|
||||||
|
ansible-galaxy collection install community.general
|
||||||
|
ansible-galaxy install cloudalchemy.prometheus
|
||||||
|
ansible-galaxy install cloudalchemy.blackbox-exporter
|
||||||
|
ansible-galaxy install cloudalchemy.alertmanager
|
||||||
|
ansible-galaxy install nginxinc.nginx
|
||||||
|
ansible-galaxy install nginxinc.nginx_config
|
||||||
|
|
||||||
|
run
|
||||||
|
ansible-playbook -i hosts -i inventory.yml main.yml
|
||||||
|
|
||||||
|
setup dei belvederi
|
||||||
|
ansible-playbook -i hosts -i inventory.yml infra.yml
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## build
|
||||||
|
In roles/stable/build un ruolo per buildare opernwrt e libremesh.
|
||||||
|
Permette di aggiungere pacchetti e configurazioni attraverso i profili
|
||||||
|
|
||||||
|
|
||||||
|
i devices si possono aggiungere nel file di hosts mesh_devices.yml
|
||||||
|
lime-<macaddress>:
|
||||||
|
hostname:
|
||||||
|
|
||||||
|
nel ruolo è presente una fase iniziale, di preflight che genera un file di variabili per ciascun dispositivo, in host_vars
|
||||||
|
che vengono poi usate per la generazione dei file di configurazione lime-<macaddress>
|
44
README_build.md
Normal file
44
README_build.md
Normal file
|
@ -0,0 +1,44 @@
|
||||||
|
|
||||||
|
esempio di test per buiildare per tutti i targets
|
||||||
|
|
||||||
|
ansible-playbook \
|
||||||
|
-i hosts \
|
||||||
|
-i mesh_devices.yml \
|
||||||
|
-i inventory.yml \
|
||||||
|
--skip-tags preflight \
|
||||||
|
--skip-tags openwrt_install \
|
||||||
|
--skip-tags libremesh_install \
|
||||||
|
--skip-tags libremesh_packages \
|
||||||
|
--skip-tags configure_profiles \
|
||||||
|
--skip-tags webserver \
|
||||||
|
playbooks/build_all_targets.yml
|
||||||
|
|
||||||
|
#### configura e builda
|
||||||
|
ansible-playbook \
|
||||||
|
-i hosts \
|
||||||
|
-i mesh_devices.yml \
|
||||||
|
-i inventory.yml \
|
||||||
|
--skip-tags preflight \
|
||||||
|
--skip-tags openwrt_install \
|
||||||
|
--skip-tags libremesh_install \
|
||||||
|
--skip-tags webserver \
|
||||||
|
playbooks/generate-new-test-device_dev.yml
|
||||||
|
|
||||||
|
|
||||||
|
# nuovo target
|
||||||
|
ansible-playbook \
|
||||||
|
-i hosts \
|
||||||
|
-i mesh_devices.yml \
|
||||||
|
-i inventory.yml \
|
||||||
|
--skip-tags preflight \
|
||||||
|
playbooks/generate-new-test-device_dev.yml
|
||||||
|
|
||||||
|
|
||||||
|
ansible-playbook \
|
||||||
|
-i hosts \
|
||||||
|
-i mesh_devices.yml \
|
||||||
|
-i inventory.yml \
|
||||||
|
--skip-tags openwrt_install \
|
||||||
|
--skip-tags libremesh_install \
|
||||||
|
--skip-tags webserver \
|
||||||
|
playbooks/build_all_targets.yml
|
21
TODO.md
Normal file
21
TODO.md
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
|
||||||
|
# roles/stable/build
|
||||||
|
[ ] create a build_all playbook
|
||||||
|
- [ ] create target specific vars for build_all
|
||||||
|
[ ] group firmware in human readable way
|
||||||
|
[ ] replace mac56_to_ipCD.sh with an ansible script if possible
|
||||||
|
[ ] move packages from roles/stable/build/files to a repo
|
||||||
|
- [ ] finish refactor of vs-ninux-wg (should it keep this name after refactor?)
|
||||||
|
[ ] setup a repo with an updated .gitignore for publishing purposes
|
||||||
|
[ ] update README with build system information
|
||||||
|
[ ] add tags or prefix in tasks of roles/stable/build/tasks/main.yml
|
||||||
|
[ ] reduce size of lime-mac files (include only ones of the same target?)
|
||||||
|
|
||||||
|
[ ] issue: building for a new target ramips_mt76x8 doesn't select the device tl-wr6400-v4 at first time. props: changing target and then make defconfig, then cat EOF the target device and redo a make defconfig
|
||||||
|
|
||||||
|
[ ] add workaround to initialize device br-lan on openwrt 21.02.3
|
||||||
|
config device
|
||||||
|
option name 'br-lan'
|
||||||
|
option type 'bridge'
|
||||||
|
list ports 'eth0'
|
||||||
|
list ports 'bat0'
|
9
ansible.cfg
Normal file
9
ansible.cfg
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
|
||||||
|
[defaults]
|
||||||
|
inventory = ./inventory.yml
|
||||||
|
interpreter_python = /usr/bin/python3
|
||||||
|
remote_user = root
|
||||||
|
|
||||||
|
|
||||||
|
[ssh_connection]
|
||||||
|
scp_if_ssh=True
|
16
belvedere.yml
Normal file
16
belvedere.yml
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
---
|
||||||
|
## Monitoring
|
||||||
|
- name: Monitoring
|
||||||
|
hosts: belvedere
|
||||||
|
roles:
|
||||||
|
- 'stable/monitoring/prometheus'
|
||||||
|
# - 'stable/monitoring/blackbox_exporter'
|
||||||
|
# - 'stable/monitoring/alertmanager'
|
||||||
|
# - 'stable/dnsmasq'
|
||||||
|
vars_files:
|
||||||
|
- monitoring.yml
|
||||||
|
- smtp.yml
|
||||||
|
- telegram.yml
|
||||||
|
tags: monitoring
|
||||||
|
# with_vars:
|
||||||
|
# prometheus_skip_install: true
|
0
group_vars/builder.yml
Normal file
0
group_vars/builder.yml
Normal file
6
group_vars/wg_server.template.yml
Normal file
6
group_vars/wg_server.template.yml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
|
||||||
|
vpn_wg1_endpoint_host: <redacted>
|
||||||
|
vpn_wg1_endpoint_port: 51800
|
||||||
|
vpn_wg1_publickey: <redacted>
|
||||||
|
vpn_wg1_allowed_ips: 192.168.0.0/16
|
||||||
|
vpn_wg1_persistent_keepalive: 25
|
72
host_vars/belvedere-test.yml
Normal file
72
host_vars/belvedere-test.yml
Normal file
|
@ -0,0 +1,72 @@
|
||||||
|
belvedere_targets:
|
||||||
|
- targets: ['10.170.169.234:9090']
|
||||||
|
labels:
|
||||||
|
host: 'ninux-59a9ea'
|
||||||
|
group: 'mesh_stations'
|
||||||
|
alert: 'yes'
|
||||||
|
|
||||||
|
- targets: ['10.170.213.244:9090']
|
||||||
|
labels:
|
||||||
|
host: 'scutigera'
|
||||||
|
group: 'mesh_stations'
|
||||||
|
alert: 'yes'
|
||||||
|
|
||||||
|
- targets: ['10.170.170.196:9090']
|
||||||
|
labels:
|
||||||
|
host: 'cetonia'
|
||||||
|
group: 'mesh_stations'
|
||||||
|
alert: 'yes'
|
||||||
|
|
||||||
|
- targets: ['10.170.157.135:9090']
|
||||||
|
labels:
|
||||||
|
host: 'stercoraro'
|
||||||
|
group: 'mesh_routers'
|
||||||
|
alert: 'yes'
|
||||||
|
|
||||||
|
- targets: ['10.170.247.96:9090']
|
||||||
|
labels:
|
||||||
|
host: 'neomantix'
|
||||||
|
group: 'mesh_stations'
|
||||||
|
alert: 'no'
|
||||||
|
|
||||||
|
- targets: ['10.170.135.90:9090']
|
||||||
|
labels:
|
||||||
|
host: 'cervo-volante'
|
||||||
|
group: 'home_routers'
|
||||||
|
alert: 'yes'
|
||||||
|
|
||||||
|
- targets: ['10.169.165.230:9090']
|
||||||
|
labels:
|
||||||
|
host: 'falena'
|
||||||
|
group: 'mesh_stations'
|
||||||
|
alert: 'yes'
|
||||||
|
|
||||||
|
- targets: ['10.170.154.103:9090']
|
||||||
|
labels:
|
||||||
|
host: 'tarlo'
|
||||||
|
group: 'mesh_stations'
|
||||||
|
alert: 'yes'
|
||||||
|
|
||||||
|
- targets: ['10.207.117.192:9090']
|
||||||
|
labels:
|
||||||
|
host: 'ninux-cabum'
|
||||||
|
group: 'mesh_stations'
|
||||||
|
alert: 'no'
|
||||||
|
|
||||||
|
- targets: ['10.170.150.95:9090']
|
||||||
|
labels:
|
||||||
|
host: 'grillo'
|
||||||
|
group: 'mesh_stations'
|
||||||
|
alert: 'yes'
|
||||||
|
|
||||||
|
- targets: ['10.170.135.117:9090']
|
||||||
|
labels:
|
||||||
|
host: 'ninux-598775'
|
||||||
|
group: 'mesh_stations'
|
||||||
|
alert: 'yes'
|
||||||
|
|
||||||
|
- targets: ['10.170.248.242:9090']
|
||||||
|
labels:
|
||||||
|
host: 'amphithrix'
|
||||||
|
group: 'mesh_stations'
|
||||||
|
alert: 'yes'
|
54
host_vars/belvedere-vs.yml
Normal file
54
host_vars/belvedere-vs.yml
Normal file
|
@ -0,0 +1,54 @@
|
||||||
|
belvedere_targets:
|
||||||
|
- targets: ['10.170.161.237:9090']
|
||||||
|
labels:
|
||||||
|
host: 'ninux-dba1ed'
|
||||||
|
group: 'mesh_stations'
|
||||||
|
alert: 'no'
|
||||||
|
|
||||||
|
- targets: ['10.170.233.12:9090']
|
||||||
|
labels:
|
||||||
|
host: 'zanzara'
|
||||||
|
group: 'mesh_stations'
|
||||||
|
alert: 'yes'
|
||||||
|
|
||||||
|
- targets: ['10.170.173.138:9090']
|
||||||
|
labels:
|
||||||
|
host: 'scolopendra'
|
||||||
|
group: 'mesh_stations'
|
||||||
|
alert: 'yes'
|
||||||
|
|
||||||
|
- targets: ['10.170.147.243:9090']
|
||||||
|
labels:
|
||||||
|
host: 'ape'
|
||||||
|
group: 'mesh_stations'
|
||||||
|
alert: 'yes'
|
||||||
|
|
||||||
|
- targets: ['10.254.23.220:9090']
|
||||||
|
labels:
|
||||||
|
host: 'scarabeo'
|
||||||
|
group: 'mesh_stations'
|
||||||
|
alert: 'yes'
|
||||||
|
|
||||||
|
- targets: ['10.170.154.252:9090']
|
||||||
|
labels:
|
||||||
|
host: 'formica'
|
||||||
|
group: 'mesh_stations'
|
||||||
|
alert: 'yes'
|
||||||
|
|
||||||
|
- targets: ['10.170.130.99:9090']
|
||||||
|
labels:
|
||||||
|
host: 'mantide'
|
||||||
|
group: 'mesh_stations'
|
||||||
|
alert: 'yes'
|
||||||
|
|
||||||
|
- targets: ['10.170.163.2:9090']
|
||||||
|
labels:
|
||||||
|
host: 'cavolaia'
|
||||||
|
group: 'mesh_stations'
|
||||||
|
alert: 'no'
|
||||||
|
|
||||||
|
- targets: ['10.170.173.201:9090']
|
||||||
|
labels:
|
||||||
|
host: 'ninux-25adc9'
|
||||||
|
group: 'home_routers'
|
||||||
|
alert: 'no'
|
72
host_vars/belvedere.yml
Normal file
72
host_vars/belvedere.yml
Normal file
|
@ -0,0 +1,72 @@
|
||||||
|
belvedere_targets:
|
||||||
|
- targets: ['10.170.169.234:9090']
|
||||||
|
labels:
|
||||||
|
host: 'ninux-59a9ea'
|
||||||
|
group: 'mesh_stations'
|
||||||
|
alert: 'yes'
|
||||||
|
|
||||||
|
- targets: ['10.170.213.244:9090']
|
||||||
|
labels:
|
||||||
|
host: 'scutigera'
|
||||||
|
group: 'mesh_stations'
|
||||||
|
alert: 'yes'
|
||||||
|
|
||||||
|
- targets: ['10.170.170.196:9090']
|
||||||
|
labels:
|
||||||
|
host: 'cetonia'
|
||||||
|
group: 'mesh_stations'
|
||||||
|
alert: 'yes'
|
||||||
|
|
||||||
|
- targets: ['10.170.157.135:9090']
|
||||||
|
labels:
|
||||||
|
host: 'stercoraro'
|
||||||
|
group: 'mesh_routers'
|
||||||
|
alert: 'yes'
|
||||||
|
|
||||||
|
- targets: ['10.170.247.96:9090']
|
||||||
|
labels:
|
||||||
|
host: 'neomantix'
|
||||||
|
group: 'mesh_stations'
|
||||||
|
alert: 'no'
|
||||||
|
|
||||||
|
- targets: ['10.170.135.90:9090']
|
||||||
|
labels:
|
||||||
|
host: 'cervo-volante'
|
||||||
|
group: 'home_routers'
|
||||||
|
alert: 'yes'
|
||||||
|
|
||||||
|
- targets: ['10.169.165.230:9090']
|
||||||
|
labels:
|
||||||
|
host: 'falena'
|
||||||
|
group: 'mesh_stations'
|
||||||
|
alert: 'yes'
|
||||||
|
|
||||||
|
- targets: ['10.170.154.103:9090']
|
||||||
|
labels:
|
||||||
|
host: 'tarlo'
|
||||||
|
group: 'mesh_stations'
|
||||||
|
alert: 'yes'
|
||||||
|
|
||||||
|
- targets: ['10.207.117.192:9090']
|
||||||
|
labels:
|
||||||
|
host: 'ninux-cabum'
|
||||||
|
group: 'mesh_stations'
|
||||||
|
alert: 'no'
|
||||||
|
|
||||||
|
- targets: ['10.170.150.95:9090']
|
||||||
|
labels:
|
||||||
|
host: 'grillo'
|
||||||
|
group: 'mesh_stations'
|
||||||
|
alert: 'yes'
|
||||||
|
|
||||||
|
- targets: ['10.170.135.117:9090']
|
||||||
|
labels:
|
||||||
|
host: 'ninux-598775'
|
||||||
|
group: 'mesh_stations'
|
||||||
|
alert: 'yes'
|
||||||
|
|
||||||
|
- targets: ['10.170.248.242:9090']
|
||||||
|
labels:
|
||||||
|
host: 'amphithrix'
|
||||||
|
group: 'mesh_stations'
|
||||||
|
alert: 'yes'
|
19
host_vars/lime-000000000000.yml
Normal file
19
host_vars/lime-000000000000.yml
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
# BEGIN ANSIBLE MANAGED BLOCK lime-000000000000 utils
|
||||||
|
ip_host: 0.0
|
||||||
|
# END ANSIBLE MANAGED BLOCK lime-000000000000 utils
|
||||||
|
# BEGIN ANSIBLE MANAGED BLOCK lime-000000000000 common
|
||||||
|
hostname: ninux-000000
|
||||||
|
lime_mac: lime-000000000000
|
||||||
|
main_ipv4_address: 10.170.0.0/16
|
||||||
|
# END ANSIBLE MANAGED BLOCK lime-000000000000 common
|
||||||
|
# BEGIN ANSIBLE MANAGED BLOCK lime-000000000000 config
|
||||||
|
config_lime_system: option hostname 'ninux-000000'
|
||||||
|
config_lime_network: option channel_5ghz '48'
|
||||||
|
# END ANSIBLE MANAGED BLOCK lime-000000000000 config
|
||||||
|
# BEGIN ANSIBLE MANAGED BLOCK lime-000000000000 vpn wireguard wg0
|
||||||
|
vpn_wg0_privatekey: UIHZ9uTOxW07jHTQHAzUvmWAS6tkPtQWqZU9Gp6LcHY=
|
||||||
|
vpn_wg0_publickey: HgdBD20UBNzWkDJfP4H20Nr+IyzOyWBdqXCV69XktQA=
|
||||||
|
vpn_wg0_presharedkey: 3rod8G0DsZzkxMmR95Sf76URdH4aiZEUdlol8lOL+ww=
|
||||||
|
vpn_wg0_listenport: 51800
|
||||||
|
vpn_wg0_address: 192.168.0.0/16
|
||||||
|
# END ANSIBLE MANAGED BLOCK lime-000000000000 vpn wireguard wg0
|
37
hosts
Normal file
37
hosts
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
croara:
|
||||||
|
hosts:
|
||||||
|
belvedere:
|
||||||
|
ansible_host: 10.0.0.10
|
||||||
|
ansible_user: pi
|
||||||
|
ansible_become_user: root
|
||||||
|
ansible_become: yes
|
||||||
|
ada:
|
||||||
|
ansible_host: 10.170.42.91
|
||||||
|
ansible_user: antennine
|
||||||
|
ansible_become_pass: "{{ lookup('passwordstore', 'chiavi_antennine/ada/user_root', errors='strict') | default(omit) }}"
|
||||||
|
ansible_become_user: root
|
||||||
|
ansible_become_method: su
|
||||||
|
ansible_become_flags:
|
||||||
|
belvedere-test:
|
||||||
|
ansible_host: 10.170.64.34
|
||||||
|
ansible_user: pi
|
||||||
|
ansible_become_user: root
|
||||||
|
ansible_become: yes
|
||||||
|
|
||||||
|
valsamoggia:
|
||||||
|
hosts:
|
||||||
|
belvedere-vs:
|
||||||
|
ansible_host: 10.0.0.11
|
||||||
|
ansible_user: pi
|
||||||
|
ansible_become_user: root
|
||||||
|
ansible_become: yes
|
||||||
|
|
||||||
|
vps:
|
||||||
|
hosts:
|
||||||
|
jitsi:
|
||||||
|
ansible_host: 135.181.109.184
|
||||||
|
ansible_user: antennine
|
||||||
|
ansible_become_user: root
|
||||||
|
ansible_become_pass: "{{ lookup('passwordstore', 'chiavi_antennine/jitsi/user_root', errors='strict') | default(omit) }}"
|
||||||
|
ansible_become_method: su
|
||||||
|
ansible_become_flags:
|
20
infra.test.yml
Normal file
20
infra.test.yml
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
---
|
||||||
|
## Monitoring
|
||||||
|
- name: Monitoring
|
||||||
|
gather_facts: false
|
||||||
|
hosts: belvedere-test
|
||||||
|
roles:
|
||||||
|
# - 'stable/monitoring/prometheus'
|
||||||
|
# - 'stable/monitoring/blackbox_exporter'
|
||||||
|
# - 'stable/monitoring/alertmanager'
|
||||||
|
# - 'stable/dnsmasq'
|
||||||
|
# - 'wireguard'
|
||||||
|
- 'stable/nginx'
|
||||||
|
vars_files:
|
||||||
|
# - monitoring.yml
|
||||||
|
# - smtp.yml
|
||||||
|
# - telegram.yml
|
||||||
|
# - test.yml
|
||||||
|
# - wireguard.yml
|
||||||
|
- belvederi.yml
|
||||||
|
tags: monitoring
|
14
infra.yml
Normal file
14
infra.yml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
---
|
||||||
|
## Monitoring
|
||||||
|
- name: Monitoring
|
||||||
|
hosts: belvederi
|
||||||
|
roles:
|
||||||
|
- 'stable/monitoring/prometheus'
|
||||||
|
- 'stable/monitoring/blackbox_exporter'
|
||||||
|
- 'stable/monitoring/alertmanager'
|
||||||
|
- 'stable/dnsmasq'
|
||||||
|
vars_files:
|
||||||
|
- monitoring.yml
|
||||||
|
- smtp.yml
|
||||||
|
- telegram.yml
|
||||||
|
tags: monitoring
|
23
inventory.yml
Normal file
23
inventory.yml
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
belvederi:
|
||||||
|
hosts:
|
||||||
|
belvedere:
|
||||||
|
belvedere-vs:
|
||||||
|
|
||||||
|
strumenti:
|
||||||
|
hosts: ada
|
||||||
|
|
||||||
|
ca:
|
||||||
|
hosts: ada
|
||||||
|
|
||||||
|
builder:
|
||||||
|
hosts: ada
|
||||||
|
|
||||||
|
wg_server:
|
||||||
|
hosts: jitsi
|
||||||
|
|
||||||
|
# test:
|
||||||
|
# hosts: test.jolly
|
||||||
|
# vars:
|
||||||
|
# ansible_user: debian
|
||||||
|
|
||||||
|
all:
|
24
main.yml
Normal file
24
main.yml
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
---
|
||||||
|
- hosts: all
|
||||||
|
gather_facts: yes
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- name: Perform a dist-upgrade.
|
||||||
|
ansible.builtin.apt:
|
||||||
|
upgrade: dist
|
||||||
|
update_cache: yes
|
||||||
|
|
||||||
|
- name: Check if a reboot is required.
|
||||||
|
ansible.builtin.stat:
|
||||||
|
path: /var/run/reboot-required
|
||||||
|
get_md5: no
|
||||||
|
register: reboot_required_file
|
||||||
|
|
||||||
|
- name: Reboot the server (if required).
|
||||||
|
ansible.builtin.reboot:
|
||||||
|
when: reboot_required_file.stat.exists == true
|
||||||
|
|
||||||
|
- name: Remove dependencies that are no longer required.
|
||||||
|
ansible.builtin.apt:
|
||||||
|
autoremove: yes
|
13
mesh_devices_template.yml
Normal file
13
mesh_devices_template.yml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
mesh_devices:
|
||||||
|
hosts:
|
||||||
|
# litebeam
|
||||||
|
lime-000000000000:
|
||||||
|
hostname: cocciniglia
|
||||||
|
|
||||||
|
# tplink_tl-wr940n-v6
|
||||||
|
lime-000000000000:
|
||||||
|
hostname: cervovolante
|
||||||
|
|
||||||
|
# tplink_cpe510
|
||||||
|
lime-000000000000:
|
||||||
|
hostname: oncocera-semirubella
|
32
playbooks/build_all_targets.yml
Normal file
32
playbooks/build_all_targets.yml
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
---
|
||||||
|
# Build all targets
|
||||||
|
|
||||||
|
# - name: Build {{ openwrt_version }} ath79_generic
|
||||||
|
# gather_facts: false
|
||||||
|
# hosts: builder
|
||||||
|
# roles:
|
||||||
|
# - ../roles/stable/build
|
||||||
|
# vars_files:
|
||||||
|
# - ../vars/build/dev_test.yml
|
||||||
|
# - ../vars/build/targets/ath79_generic.yml
|
||||||
|
# tags: generate device
|
||||||
|
|
||||||
|
- name: Build {{ openwrt_version }} ar71xx_generic
|
||||||
|
gather_facts: false
|
||||||
|
hosts: builder
|
||||||
|
roles:
|
||||||
|
- ../roles/stable/build
|
||||||
|
vars_files:
|
||||||
|
- ../vars/build/dev_test.yml
|
||||||
|
- ../vars/build/targets/ar71xx_generic.yml
|
||||||
|
tags: generate device
|
||||||
|
|
||||||
|
- name: Build ath79_tiny
|
||||||
|
gather_facts: false
|
||||||
|
hosts: builder
|
||||||
|
roles:
|
||||||
|
- ../roles/stable/build
|
||||||
|
vars_files:
|
||||||
|
- ../vars/build/dev_test.yml
|
||||||
|
- ../vars/build/targets/ath79_tiny.yml
|
||||||
|
tags: generate device
|
17
playbooks/generate-new-device.yml
Normal file
17
playbooks/generate-new-device.yml
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
---
|
||||||
|
# Generate a new device.
|
||||||
|
#
|
||||||
|
- name: Generate a new device.
|
||||||
|
gather_facts: false
|
||||||
|
hosts: builder
|
||||||
|
roles:
|
||||||
|
- ../roles/stable/build
|
||||||
|
vars_files:
|
||||||
|
- ../vars/build/main.yml
|
||||||
|
- ../vars/build/_h5ai.yml
|
||||||
|
- ../vars/build/ath79_generic.yml
|
||||||
|
tags: generate device
|
||||||
|
|
||||||
|
- handlers:
|
||||||
|
- name: Add wireguard keys to server
|
||||||
|
import_tasks: ../roles/stable/build/tasks/server.yml
|
13
playbooks/generate-new-test-device.yml
Normal file
13
playbooks/generate-new-test-device.yml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
# Generate a new device.
|
||||||
|
#
|
||||||
|
- name: Generate a new device.
|
||||||
|
gather_facts: false
|
||||||
|
hosts: builder
|
||||||
|
roles:
|
||||||
|
- ../roles/stable/build
|
||||||
|
vars_files:
|
||||||
|
- ../vars/build/test.yml
|
||||||
|
- ../vars/build/_h5ai.yml
|
||||||
|
# - ../vars/build/devices.yml
|
||||||
|
tags: generate device
|
14
playbooks/generate-new-test-device_dev.yml
Normal file
14
playbooks/generate-new-test-device_dev.yml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
---
|
||||||
|
# Generate a new device.
|
||||||
|
#
|
||||||
|
- name: Generate a new device.
|
||||||
|
gather_facts: false
|
||||||
|
hosts: builder
|
||||||
|
roles:
|
||||||
|
- ../roles/stable/build
|
||||||
|
vars_files:
|
||||||
|
- ../vars/build/dev_test.yml
|
||||||
|
- ../vars/build/_h5ai.yml
|
||||||
|
# - ../vars/build/targets/ath79_generic.yml
|
||||||
|
- ../vars/build/targets/21.02.3_ramips_mt76x8.yml
|
||||||
|
tags: generate device
|
13
roles/stable/build/defaults/main.yml
Normal file
13
roles/stable/build/defaults/main.yml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
skip_preflight: true
|
||||||
|
skip_openwrt_install: false
|
||||||
|
skip_libremesh_install: false
|
||||||
|
skip_configure_profiles: false
|
||||||
|
skip_configure_clean: false
|
||||||
|
skip_configure_init: false
|
||||||
|
skip_webserver_update: false
|
||||||
|
|
||||||
|
with_wireguard: false
|
||||||
|
|
||||||
|
default_channel_5ghz: 48
|
||||||
|
default_vpn_wg0_listenport: 51800
|
15
roles/stable/build/files/mac56-to-ip_host.sh
Executable file
15
roles/stable/build/files/mac56-to-ip_host.sh
Executable file
|
@ -0,0 +1,15 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
[ $1 = "" ] && exit
|
||||||
|
mac=$1
|
||||||
|
mac_5=$(echo ${mac: -4:2})
|
||||||
|
mac_6=$(echo ${mac: -2})
|
||||||
|
ip_c=$(echo $((0x$mac_5)))
|
||||||
|
ip_d=$(echo $((0x$mac_6)))
|
||||||
|
|
||||||
|
if [[ $2 = "--start-from" ]]
|
||||||
|
then
|
||||||
|
[[ $ip_c -lt $3 ]] && ((ip_c+=$3))
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo ${ip_c}.${ip_d}
|
12
roles/stable/build/files/packages/vs-ninux-fastd/fastd
Normal file
12
roles/stable/build/files/packages/vs-ninux-fastd/fastd
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
export ip=$(uci get network.lan.ipaddr)
|
||||||
|
export ip=${ip#*.*}
|
||||||
|
export ip34=${ip#*.*}
|
||||||
|
|
||||||
|
sed -ie "s/$PLACEHOLDER_ADDRESS/192.168."${ip34}"\/16/" /etc/fastd/fastd0/fastd.conf
|
||||||
|
fastd -d -c /etc/fastd/fastd0/fastd.conf
|
||||||
|
|
||||||
|
/etc/init.d/network reload
|
||||||
|
ifdown fastd0
|
||||||
|
ifup fastd0
|
|
@ -0,0 +1,27 @@
|
||||||
|
include $(TOPDIR)/rules.mk
|
||||||
|
|
||||||
|
PROFILE_DESCRIPTION:=Generic valsamoggia configuration
|
||||||
|
PROFILE_DEPENDS:= +prometheus-node-exporter-lua \
|
||||||
|
+prometheus-node-exporter-lua-wifi \
|
||||||
|
+prometheus-node-exporter-lua-wifi_stations \
|
||||||
|
+prometheus-node-exporter-lua-openwrt \
|
||||||
|
+lime-proto-babeld \
|
||||||
|
+lime-proto-batadv \
|
||||||
|
+lime-proto-anygw \
|
||||||
|
+lime-proto-wan \
|
||||||
|
+lime-hwd-openwrt-wan \
|
||||||
|
+shared-state \
|
||||||
|
+hotplug-initd-services \
|
||||||
|
+shared-state-babeld_hosts \
|
||||||
|
+shared-state-bat_hosts \
|
||||||
|
+shared-state-dnsmasq_hosts \
|
||||||
|
+shared-state-dnsmasq_leases \
|
||||||
|
+shared-state-nodes_and_links \
|
||||||
|
+check-date-http \
|
||||||
|
+lime-app \
|
||||||
|
+lime-hwd-ground-routing \
|
||||||
|
+lime-debug
|
||||||
|
|
||||||
|
include ../../profile.mk
|
||||||
|
|
||||||
|
# call BuildPackage - OpenWrt buildroot signature
|
|
@ -0,0 +1,68 @@
|
||||||
|
config lime system
|
||||||
|
option hostname 'ninux-%M4%M5%M6'
|
||||||
|
option domain 'valsamoggia.ninux.org'
|
||||||
|
option keep_on_upgrade 'libremesh base-files-essential /etc/sysupgrade.conf'
|
||||||
|
option root_password_policy 'SET_SECRET'
|
||||||
|
option root_password_secret '$1$5OlrdoPc$q0p0th7CmSUuCBqsS2.6W.'
|
||||||
|
|
||||||
|
config lime network
|
||||||
|
option primary_interface 'eth0'
|
||||||
|
option main_ipv4_address '10.170.128.0/16/17'
|
||||||
|
option anygw_dhcp_start '5120'
|
||||||
|
option anygw_dhcp_limit '27648'
|
||||||
|
option main_ipv6_address 'fd%N1:%N2%N3:%N4%N5::/64'
|
||||||
|
list protocols ieee80211s
|
||||||
|
list protocols lan
|
||||||
|
list protocols anygw
|
||||||
|
list protocols batadv:%N1
|
||||||
|
list protocols babeld:17
|
||||||
|
list resolvers 4.2.2.2 # b.resolvers.Level3.net
|
||||||
|
list resolvers 141.1.1.1 # cns1.cw.net
|
||||||
|
list resolvers 2001:470:20::2 # ordns.he.net
|
||||||
|
option anygw_mac "aa:aa:aa:%N1:%N2:aa"
|
||||||
|
option use_odhcpd false
|
||||||
|
|
||||||
|
config lime 'wifi'
|
||||||
|
option ap_ssid 'ninux'
|
||||||
|
option apname_ssid 'ninux/%H'
|
||||||
|
option ieee80211s_mesh_fwding '0'
|
||||||
|
option ieee80211s_mesh_id 'LiMe'
|
||||||
|
|
||||||
|
config lime-wifi-band '2ghz'
|
||||||
|
list modes 'ap'
|
||||||
|
list modes 'apname'
|
||||||
|
list modes 'ieee80211s'
|
||||||
|
option channel '11'
|
||||||
|
option distance '1000'
|
||||||
|
|
||||||
|
config lime-wifi-band '5ghz'
|
||||||
|
list modes 'ap'
|
||||||
|
list modes 'apname'
|
||||||
|
list modes 'ieee80211s'
|
||||||
|
option distance '10000'
|
||||||
|
option htmode 'HT40'
|
||||||
|
option channel '48'
|
||||||
|
|
||||||
|
config generic_uci_config prometheus
|
||||||
|
list uci_set "prometheus-node-exporter-lua.main.listen_interface=*"
|
||||||
|
list uci_set "prometheus-node-exporter-lua.main.listen_ipv6=0"
|
||||||
|
list uci_set "prometheus-node-exporter-lua.main.listen_port=9090"
|
||||||
|
|
||||||
|
config run_asset prometheus_enable
|
||||||
|
option asset 'community/prometheus_enable'
|
||||||
|
option when 'ATFIRSTBOOT'
|
||||||
|
|
||||||
|
config run_asset cron_reboot
|
||||||
|
option asset 'community/cron_reboot'
|
||||||
|
option when 'ATFIRSTBOOT'
|
||||||
|
|
||||||
|
config generic_uci_config dropbear
|
||||||
|
list uci_set "dropbear.@dropbear[0].RootPasswordAuth=off"
|
||||||
|
|
||||||
|
config generic_uci_config wireguard_server
|
||||||
|
list uci_set "wireguard.peer_1=wg0"
|
||||||
|
list uci_set "wireguard.peer_1.public_key=l2aW0F6yXppR4g/+yh6C4bhiq4mdo7+qZPB74l3XfT4="
|
||||||
|
list uci_set "wireguard.peer_1.endpoint_host=135.181.109.184"
|
||||||
|
list uci_set "wireguard.peer_1.endpoint_port=51800"
|
||||||
|
list uci_set "wireguard.peer_1.allowed_ips=192.168.0.0/16"
|
||||||
|
list uci_set "wireguard.peer_1.persistent_keepalive=25"
|
|
@ -0,0 +1,9 @@
|
||||||
|
|
||||||
|
config lime 'system'
|
||||||
|
# option hostname 'ninux-%M4%M5%M6'
|
||||||
|
|
||||||
|
config lime 'network'
|
||||||
|
|
||||||
|
config lime 'wifi'
|
||||||
|
# option channel_5ghz '48'
|
||||||
|
# option distance_5ghz '8000'
|
|
@ -0,0 +1,3 @@
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPQKltRbIX4D1akDOIQM+BrFQmWtRDQyojM9ZAwH87ju kiki@digitigrafo.it
|
||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDwAsTNUxOjxe2FCeSZuoLU0ZmRvd6hOTN8885NoJTK00XdI5WZOUP9J42rGtRiWQ+rG29ZID33ALZCotS0PtLDg3LMOpJyOSluLhP1FeOsx0MzLhzFCBjfAUSUXqdTqLiFXbbNWdqYQO4XaAFbFEiMUyvsxdnVg59Uf5iLXh85dR7WUBE4AonNcfyxh7uSKOu2etUY/RpqnqFMzn068kHnDNlw6cSfJrAgLe7HAqhFiBls1/lofH/fDJqVmEjFhgaGAE59ELyg6fxhfqr5MiJD3CR6CetYxbZ6G9KKTuY9Vk8Vi3/lwFgv+0xcaMuxF4YYZ138w6fSRlhbwjPK1nnUZPFTMFbWOj95BlKXZWubIWz1bOVnJN+44CPyof2W5+2PhOq2U+TEkVwkJBCRX6LewwltPLtITWE3XZEjf7dGMtZOPF6Ue3ZCYKZls1112+pCPtIZfCS38FTQ6rJruFfh0BQFHHxlQerWwCaTd475N+KVpAU0Z6W0RmB3L5vKjRrnGTRbnUVS9hxYWQ6yDRUA76sircjKvZtKRYQJbhOEsFElLrh+4nOipL9ttLFNEux7SnKJdnXK9mgfHjd5skfs9uxjdgRhNkAsDFpKYdZ80NMLipsKSmeR/b80uL8Ng8935wvOxfFNchpLq3PgRvjiEgR4VesHdsmyeZbylsms9Q== agave@dracaena.it
|
||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCkVKuMvdWtExnsB2U2vF9DK4EUEwqiu92u34LU6MjavcvL6vSDu1D+jcFA4r+gVN667CMDcK/Biw/zByUW9pYh9Ynx7x+DGx2MyYbJ+9AQCJzb4X/QPxH/evVap9bOh6DjiWrZZ73kZ6yvVKm3N6+KZpUx2y4hC/NEtNJQ60/9upN6DuLPhi2h31A97ylCp+J4imrVKMTNWOPVleQXTmi93xiJqR+REOz3RM8F01WF42B+PQnkFrtubnvJ+CiHEdhVXiMhOt6x8rDrvrhAaqjn1fMUQU7ZA9pSMyya/qV+EmpYQYJkBncuIYxMi39+zcPjd6OXcGA3i/eQvlM4yC309rhUVcr+dxc8DOYcCXhUVo8hTa5vBELysnhCuSOWAgU7JVjJ+cUAZqEfckD9C6GXfcLKfXoRq6Hbb68Lixxoc38UFcSMPBJgSnoZKy0D1zdJWsNC+zwtedPreUDYQxFU9Ma9CB86iGGv7xYs4TnrljXklQ9t6uPEHO2LgSfidQy3ubHzCNVPtRHfIDnHi7HiaxmTHJ+EV9JLquuAxIhAivNk37jbMuhDDyaldSMR2yMr4aLm5oiR3K8CADhXY+Vu+6zW2G+mDPAtBey3+ftmK/IU2KE2UqA3Th3gNzIf0p37W/Ija1Twf3yBcYzRvln2hTx//TOzRY3DdfLiWQ56Bw== cricco@debian
|
|
@ -0,0 +1,3 @@
|
||||||
|
!#/bin/sh
|
||||||
|
echo "30 3 * * * reboot" >> /etc/crontabs/root
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
!#/bin/sh
|
||||||
|
|
||||||
|
[ -x /etc/init.d/prometheus-node-exporter-lua ] &&
|
||||||
|
/etc/init.d/prometheus-node-exporter-lua enable
|
||||||
|
exit 0
|
|
@ -0,0 +1,11 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
[ -f /etc/config/wireguard ] &&
|
||||||
|
uci set "wireguard.peer_1=wg0"
|
||||||
|
uci set "wireguard.peer_1.public_key=HgdBD20UBNzWkDJfP4H20Nr+IyzOyWBdqXCV69XktQA="
|
||||||
|
uci set "wireguard.peer_1.endpoint_host=13.13.13.13"
|
||||||
|
uci set "wireguard.peer_1.endpoint_port=51800"
|
||||||
|
uci set "wireguard.peer_1.allowed_ips=192.168.0.0/16"
|
||||||
|
uci set "wireguard.peer_1.persistent_keepalive=25"
|
||||||
|
uci commit wireguard
|
||||||
|
exit 0
|
28
roles/stable/build/files/packages/vs-ninux-generic/Makefile
Normal file
28
roles/stable/build/files/packages/vs-ninux-generic/Makefile
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
include $(TOPDIR)/rules.mk
|
||||||
|
|
||||||
|
PROFILE_DESCRIPTION:=Generic valsamoggia configuration
|
||||||
|
PROFILE_DEPENDS:= +prometheus-node-exporter-lua \
|
||||||
|
+prometheus-node-exporter-lua-wifi \
|
||||||
|
+prometheus-node-exporter-lua-wifi_stations \
|
||||||
|
+prometheus-node-exporter-lua-openwrt \
|
||||||
|
+lime-proto-babeld \
|
||||||
|
+lime-proto-batadv \
|
||||||
|
+lime-proto-anygw \
|
||||||
|
+lime-proto-wan \
|
||||||
|
+lime-hwd-openwrt-wan \
|
||||||
|
+shared-state \
|
||||||
|
+hotplug-initd-services \
|
||||||
|
+shared-state-babeld_hosts \
|
||||||
|
+shared-state-bat_hosts \
|
||||||
|
+shared-state-dnsmasq_hosts \
|
||||||
|
+shared-state-dnsmasq_leases \
|
||||||
|
+shared-state-nodes_and_links \
|
||||||
|
+check-date-http \
|
||||||
|
+lime-app \
|
||||||
|
+lime-hwd-ground-routing \
|
||||||
|
+lime-debug \
|
||||||
|
+luci
|
||||||
|
|
||||||
|
include ../../profile.mk
|
||||||
|
|
||||||
|
# call BuildPackage - OpenWrt buildroot signature
|
|
@ -0,0 +1,60 @@
|
||||||
|
config lime system
|
||||||
|
option hostname 'ninux-%M4%M5%M6'
|
||||||
|
option domain 'valsamoggia.ninux.org'
|
||||||
|
option keep_on_upgrade 'libremesh base-files-essential /etc/sysupgrade.conf'
|
||||||
|
option root_password_policy 'SET_SECRET'
|
||||||
|
option root_password_secret '$1$5OlrdoPc$q0p0th7CmSUuCBqsS2.6W.'
|
||||||
|
|
||||||
|
config lime network
|
||||||
|
option primary_interface 'eth0'
|
||||||
|
option main_ipv4_address '10.170.128.0/16/17'
|
||||||
|
option anygw_dhcp_start '5120'
|
||||||
|
option anygw_dhcp_limit '27648'
|
||||||
|
option main_ipv6_address 'fd%N1:%N2%N3:%N4%N5::/64'
|
||||||
|
list protocols ieee80211s
|
||||||
|
list protocols lan
|
||||||
|
list protocols anygw
|
||||||
|
list protocols batadv:%N1
|
||||||
|
list protocols babeld:17
|
||||||
|
list resolvers 4.2.2.2 # b.resolvers.Level3.net
|
||||||
|
list resolvers 141.1.1.1 # cns1.cw.net
|
||||||
|
list resolvers 2001:470:20::2 # ordns.he.net
|
||||||
|
option anygw_mac "aa:aa:aa:%N1:%N2:aa"
|
||||||
|
option use_odhcpd false
|
||||||
|
|
||||||
|
config lime 'wifi'
|
||||||
|
option ap_ssid 'ninux'
|
||||||
|
option apname_ssid 'ninux/%H'
|
||||||
|
option ieee80211s_mesh_fwding '0'
|
||||||
|
option ieee80211s_mesh_id 'LiMe'
|
||||||
|
|
||||||
|
config lime-wifi-band '2ghz'
|
||||||
|
list modes 'ap'
|
||||||
|
list modes 'apname'
|
||||||
|
list modes 'ieee80211s'
|
||||||
|
option channel '11'
|
||||||
|
option distance '1000'
|
||||||
|
|
||||||
|
config lime-wifi-band '5ghz'
|
||||||
|
list modes 'ap'
|
||||||
|
list modes 'apname'
|
||||||
|
list modes 'ieee80211s'
|
||||||
|
option distance '10000'
|
||||||
|
option htmode 'HT40'
|
||||||
|
option channel '48'
|
||||||
|
|
||||||
|
config generic_uci_config prometheus
|
||||||
|
list uci_set "prometheus-node-exporter-lua.main.listen_interface=*"
|
||||||
|
list uci_set "prometheus-node-exporter-lua.main.listen_ipv6=0"
|
||||||
|
list uci_set "prometheus-node-exporter-lua.main.listen_port=9090"
|
||||||
|
|
||||||
|
config run_asset prometheus_enable
|
||||||
|
option asset 'community/prometheus_enable'
|
||||||
|
option when 'ATFIRSTBOOT'
|
||||||
|
|
||||||
|
config run_asset cron_reboot
|
||||||
|
option asset 'community/cron_reboot'
|
||||||
|
option when 'ATFIRSTBOOT'
|
||||||
|
|
||||||
|
config generic_uci_config dropbear
|
||||||
|
list uci_set "dropbear.@dropbear[0].RootPasswordAuth=off"
|
|
@ -0,0 +1,9 @@
|
||||||
|
|
||||||
|
config lime 'system'
|
||||||
|
# option hostname 'ninux-%M4%M5%M6'
|
||||||
|
|
||||||
|
config lime 'network'
|
||||||
|
|
||||||
|
config lime 'wifi'
|
||||||
|
# option channel_5ghz '48'
|
||||||
|
# option distance_5ghz '8000'
|
|
@ -0,0 +1,3 @@
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPQKltRbIX4D1akDOIQM+BrFQmWtRDQyojM9ZAwH87ju kiki@digitigrafo.it
|
||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDwAsTNUxOjxe2FCeSZuoLU0ZmRvd6hOTN8885NoJTK00XdI5WZOUP9J42rGtRiWQ+rG29ZID33ALZCotS0PtLDg3LMOpJyOSluLhP1FeOsx0MzLhzFCBjfAUSUXqdTqLiFXbbNWdqYQO4XaAFbFEiMUyvsxdnVg59Uf5iLXh85dR7WUBE4AonNcfyxh7uSKOu2etUY/RpqnqFMzn068kHnDNlw6cSfJrAgLe7HAqhFiBls1/lofH/fDJqVmEjFhgaGAE59ELyg6fxhfqr5MiJD3CR6CetYxbZ6G9KKTuY9Vk8Vi3/lwFgv+0xcaMuxF4YYZ138w6fSRlhbwjPK1nnUZPFTMFbWOj95BlKXZWubIWz1bOVnJN+44CPyof2W5+2PhOq2U+TEkVwkJBCRX6LewwltPLtITWE3XZEjf7dGMtZOPF6Ue3ZCYKZls1112+pCPtIZfCS38FTQ6rJruFfh0BQFHHxlQerWwCaTd475N+KVpAU0Z6W0RmB3L5vKjRrnGTRbnUVS9hxYWQ6yDRUA76sircjKvZtKRYQJbhOEsFElLrh+4nOipL9ttLFNEux7SnKJdnXK9mgfHjd5skfs9uxjdgRhNkAsDFpKYdZ80NMLipsKSmeR/b80uL8Ng8935wvOxfFNchpLq3PgRvjiEgR4VesHdsmyeZbylsms9Q== agave@dracaena.it
|
||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCkVKuMvdWtExnsB2U2vF9DK4EUEwqiu92u34LU6MjavcvL6vSDu1D+jcFA4r+gVN667CMDcK/Biw/zByUW9pYh9Ynx7x+DGx2MyYbJ+9AQCJzb4X/QPxH/evVap9bOh6DjiWrZZ73kZ6yvVKm3N6+KZpUx2y4hC/NEtNJQ60/9upN6DuLPhi2h31A97ylCp+J4imrVKMTNWOPVleQXTmi93xiJqR+REOz3RM8F01WF42B+PQnkFrtubnvJ+CiHEdhVXiMhOt6x8rDrvrhAaqjn1fMUQU7ZA9pSMyya/qV+EmpYQYJkBncuIYxMi39+zcPjd6OXcGA3i/eQvlM4yC309rhUVcr+dxc8DOYcCXhUVo8hTa5vBELysnhCuSOWAgU7JVjJ+cUAZqEfckD9C6GXfcLKfXoRq6Hbb68Lixxoc38UFcSMPBJgSnoZKy0D1zdJWsNC+zwtedPreUDYQxFU9Ma9CB86iGGv7xYs4TnrljXklQ9t6uPEHO2LgSfidQy3ubHzCNVPtRHfIDnHi7HiaxmTHJ+EV9JLquuAxIhAivNk37jbMuhDDyaldSMR2yMr4aLm5oiR3K8CADhXY+Vu+6zW2G+mDPAtBey3+ftmK/IU2KE2UqA3Th3gNzIf0p37W/Ija1Twf3yBcYzRvln2hTx//TOzRY3DdfLiWQ56Bw== cricco@debian
|
|
@ -0,0 +1,4 @@
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPQKltRbIX4D1akDOIQM+BrFQmWtRDQyojM9ZAwH87ju kiki@digitigrafo.it
|
||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDwAsTNUxOjxe2FCeSZuoLU0ZmRvd6hOTN8885NoJTK00XdI5WZOUP9J42rGtRiWQ+rG29ZID33ALZCotS0PtLDg3LMOpJyOSluLhP1FeOsx0MzLhzFCBjfAUSUXqdTqLiFXbbNWdqYQO4XaAFbFEiMUyvsxdnVg59Uf5iLXh85dR7WUBE4AonNcfyxh7uSKOu2etUY/RpqnqFMzn068kHnDNlw6cSfJrAgLe7HAqhFiBls1/lofH/fDJqVmEjFhgaGAE59ELyg6fxhfqr5MiJD3CR6CetYxbZ6G9KKTuY9Vk8Vi3/lwFgv+0xcaMuxF4YYZ138w6fSRlhbwjPK1nnUZPFTMFbWOj95BlKXZWubIWz1bOVnJN+44CPyof2W5+2PhOq2U+TEkVwkJBCRX6LewwltPLtITWE3XZEjf7dGMtZOPF6Ue3ZCYKZls1112+pCPtIZfCS38FTQ6rJruFfh0BQFHHxlQerWwCaTd475N+KVpAU0Z6W0RmB3L5vKjRrnGTRbnUVS9hxYWQ6yDRUA76sircjKvZtKRYQJbhOEsFElLrh+4nOipL9ttLFNEux7SnKJdnXK9mgfHjd5skfs9uxjdgRhNkAsDFpKYdZ80NMLipsKSmeR/b80uL8Ng8935wvOxfFNchpLq3PgRvjiEgR4VesHdsmyeZbylsms9Q== agave@dracaena.it
|
||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCkVKuMvdWtExnsB2U2vF9DK4EUEwqiu92u34LU6MjavcvL6vSDu1D+jcFA4r+gVN667CMDcK/Biw/zByUW9pYh9Ynx7x+DGx2MyYbJ+9AQCJzb4X/QPxH/evVap9bOh6DjiWrZZ73kZ6yvVKm3N6+KZpUx2y4hC/NEtNJQ60/9upN6DuLPhi2h31A97ylCp+J4imrVKMTNWOPVleQXTmi93xiJqR+REOz3RM8F01WF42B+PQnkFrtubnvJ+CiHEdhVXiMhOt6x8rDrvrhAaqjn1fMUQU7ZA9pSMyya/qV+EmpYQYJkBncuIYxMi39+zcPjd6OXcGA3i/eQvlM4yC309rhUVcr+dxc8DOYcCXhUVo8hTa5vBELysnhCuSOWAgU7JVjJ+cUAZqEfckD9C6GXfcLKfXoRq6Hbb68Lixxoc38UFcSMPBJgSnoZKy0D1zdJWsNC+zwtedPreUDYQxFU9Ma9CB86iGGv7xYs4TnrljXklQ9t6uPEHO2LgSfidQy3ubHzCNVPtRHfIDnHi7HiaxmTHJ+EV9JLquuAxIhAivNk37jbMuhDDyaldSMR2yMr4aLm5oiR3K8CADhXY+Vu+6zW2G+mDPAtBey3+ftmK/IU2KE2UqA3Th3gNzIf0p37W/Ija1Twf3yBcYzRvln2hTx//TOzRY3DdfLiWQ56Bw== cricco@debian
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
!#/bin/sh
|
||||||
|
echo "30 3 * * * reboot" >> /etc/crontabs/root
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
!#/bin/sh
|
||||||
|
|
||||||
|
[ -x /etc/init.d/prometheus-node-exporter-lua ] &&
|
||||||
|
/etc/init.d/prometheus-node-exporter-lua enable
|
||||||
|
exit 0
|
22
roles/stable/build/files/packages/vs-ninux-tiny/Makefile
Normal file
22
roles/stable/build/files/packages/vs-ninux-tiny/Makefile
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
include $(TOPDIR)/rules.mk
|
||||||
|
|
||||||
|
PROFILE_DESCRIPTION:=Tiny valsamoggia configuration
|
||||||
|
PROFILE_DEPENDS:= +lime-proto-babeld \
|
||||||
|
+lime-proto-batadv \
|
||||||
|
+lime-proto-anygw \
|
||||||
|
+lime-proto-wan \
|
||||||
|
+lime-hwd-openwrt-wan \
|
||||||
|
+shared-state \
|
||||||
|
+hotplug-initd-services \
|
||||||
|
+shared-state-babeld_hosts \
|
||||||
|
+shared-state-bat_hosts \
|
||||||
|
+shared-state-dnsmasq_hosts \
|
||||||
|
+shared-state-dnsmasq_leases \
|
||||||
|
+shared-state-nodes_and_links \
|
||||||
|
+check-date-http \
|
||||||
|
+lime-app \
|
||||||
|
+lime-hwd-ground-routing \
|
||||||
|
+lime-debug
|
||||||
|
|
||||||
|
include ../../profile.mk
|
||||||
|
# call BuildPackage - OpenWrt buildroot signature
|
|
@ -0,0 +1,60 @@
|
||||||
|
config lime system
|
||||||
|
option hostname 'ninux-%M4%M5%M6'
|
||||||
|
option domain 'valsamoggia.ninux.org'
|
||||||
|
option keep_on_upgrade 'libremesh base-files-essential /etc/sysupgrade.conf'
|
||||||
|
option root_password_policy 'SET_SECRET'
|
||||||
|
option root_password_secret '$1$5OlrdoPc$q0p0th7CmSUuCBqsS2.6W.'
|
||||||
|
|
||||||
|
config lime network
|
||||||
|
option primary_interface 'eth0'
|
||||||
|
option main_ipv4_address '10.170.128.0/16/17'
|
||||||
|
option anygw_dhcp_start '5120'
|
||||||
|
option anygw_dhcp_limit '27648'
|
||||||
|
option main_ipv6_address 'fd%N1:%N2%N3:%N4%N5::/64'
|
||||||
|
list protocols ieee80211s
|
||||||
|
list protocols lan
|
||||||
|
list protocols anygw
|
||||||
|
list protocols batadv:%N1
|
||||||
|
list protocols babeld:17
|
||||||
|
list resolvers 4.2.2.2 # b.resolvers.Level3.net
|
||||||
|
list resolvers 141.1.1.1 # cns1.cw.net
|
||||||
|
list resolvers 2001:470:20::2 # ordns.he.net
|
||||||
|
option anygw_mac "aa:aa:aa:%N1:%N2:aa"
|
||||||
|
option use_odhcpd false
|
||||||
|
|
||||||
|
config lime 'wifi'
|
||||||
|
option ap_ssid 'ninux'
|
||||||
|
option apname_ssid 'ninux/%H'
|
||||||
|
option ieee80211s_mesh_fwding '0'
|
||||||
|
option ieee80211s_mesh_id 'LiMe'
|
||||||
|
|
||||||
|
config lime-wifi-band '2ghz'
|
||||||
|
list modes 'ap'
|
||||||
|
list modes 'apname'
|
||||||
|
list modes 'ieee80211s'
|
||||||
|
option channel '11'
|
||||||
|
option distance '1000'
|
||||||
|
|
||||||
|
config lime-wifi-band '5ghz'
|
||||||
|
list modes 'ap'
|
||||||
|
list modes 'apname'
|
||||||
|
list modes 'ieee80211s'
|
||||||
|
option distance '10000'
|
||||||
|
option htmode 'HT40'
|
||||||
|
option channel '48'
|
||||||
|
|
||||||
|
config generic_uci_config prometheus
|
||||||
|
list uci_set "prometheus-node-exporter-lua.main.listen_interface=*"
|
||||||
|
list uci_set "prometheus-node-exporter-lua.main.listen_ipv6=0"
|
||||||
|
list uci_set "prometheus-node-exporter-lua.main.listen_port=9090"
|
||||||
|
|
||||||
|
config run_asset prometheus_enable
|
||||||
|
option asset 'community/prometheus_enable'
|
||||||
|
option when 'ATFIRSTBOOT'
|
||||||
|
|
||||||
|
config run_asset cron_reboot
|
||||||
|
option asset 'community/cron_reboot'
|
||||||
|
option when 'ATFIRSTBOOT'
|
||||||
|
|
||||||
|
config generic_uci_config dropbear
|
||||||
|
list uci_set "dropbear.@dropbear[0].RootPasswordAuth=off"
|
9
roles/stable/build/files/packages/vs-ninux-wg/Makefile
Normal file
9
roles/stable/build/files/packages/vs-ninux-wg/Makefile
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
include $(TOPDIR)/rules.mk
|
||||||
|
|
||||||
|
PROFILE_DESCRIPTION:=Valsamoggia wireguard
|
||||||
|
PROFILE_DEPENDS:=+wireguard-tools \
|
||||||
|
+luci-app-wireguard \
|
||||||
|
+luci-proto-wireguard
|
||||||
|
include ../../profile.mk
|
||||||
|
|
||||||
|
# call BuildPackage - OpenWrt buildroot signature
|
34
roles/stable/build/files/packages/vs-ninux-wg/root/etc/init.d/wireguard
Executable file
34
roles/stable/build/files/packages/vs-ninux-wg/root/etc/init.d/wireguard
Executable file
|
@ -0,0 +1,34 @@
|
||||||
|
#!/bin/sh /etc/rc.common
|
||||||
|
# This is free software, licensed under the GNU General Public License v3.
|
||||||
|
|
||||||
|
START=99
|
||||||
|
USE_PROCD=1
|
||||||
|
|
||||||
|
start_service() {
|
||||||
|
config_load wireguard
|
||||||
|
config_load network
|
||||||
|
config_load firewall
|
||||||
|
|
||||||
|
uci set firewall.wg_allow.dest_port="$(uci get wireguard.wg0.listen_port)"
|
||||||
|
|
||||||
|
sed -i -r "s|^(PrivateKey =).*|\1 "$(uci get wireguard.wg0.private_key)"|g" /etc/wireguard/wg0.conf
|
||||||
|
sed -i -r "s|^(ListenPort =).*|\1 "$(uci get wireguard.wg0.listen_port)"|g" /etc/wireguard/wg0.conf
|
||||||
|
|
||||||
|
# server
|
||||||
|
sed -i -r "s|^(PublicKey =).*|\1 "$(uci get wireguard.@wg0[0].public_key)"|g" /etc/wireguard/wg0.conf
|
||||||
|
sed -i -r "s|^(Endpoint =).*|\1 "$(uci get wireguard.@wg0[0].endpoint_host):$(uci get wireguard.@wg0[0].endpoint_port)"|g" /etc/wireguard/wg0.conf
|
||||||
|
sed -i -r "s|^(AllowedIPs =).*|\1 "$(uci get wireguard.@wg0[0].allowed_ips)"|g" /etc/wireguard/wg0.conf
|
||||||
|
sed -i -r "s|^(PersistentKeepalive =).*|\1 "$(uci get wireguard.@wg0[0].persistent_keepalive)"|g" /etc/wireguard/wg0.conf
|
||||||
|
|
||||||
|
export ip=$(uci get network.lan.ipaddr)
|
||||||
|
export ip=${ip#*.*}
|
||||||
|
export ipCD=${ip#*.*}
|
||||||
|
|
||||||
|
ip l d wg0
|
||||||
|
ip l a wg0 type wireguard
|
||||||
|
ip a a 192.168.${ipCD}/16 dev wg0
|
||||||
|
wg syncconf wg0 /etc/wireguard/wg0.conf
|
||||||
|
ip l set up wg0
|
||||||
|
|
||||||
|
/etc/init.d/network reload
|
||||||
|
}
|
|
@ -0,0 +1,7 @@
|
||||||
|
!#/bin/sh
|
||||||
|
|
||||||
|
touch /etc/config/wireguard
|
||||||
|
|
||||||
|
[ -x /etc/init.d/wireguard ] &&
|
||||||
|
/etc/init.d/wireguard enable
|
||||||
|
exit 0
|
|
@ -0,0 +1,36 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
uci set firewall.wg_allow="rule"
|
||||||
|
uci set firewall.wg_allow.src="*"
|
||||||
|
uci set firewall.wg_allow.target="ACCEPT"
|
||||||
|
uci set firewall.wg_allow.proto="udp"
|
||||||
|
uci set firewall.wg_allow.dest_port="51800"
|
||||||
|
uci set firewall.wg_allow.name="Allow-Wireguard-Inbound"
|
||||||
|
|
||||||
|
# Add the firewall zone
|
||||||
|
uci add firewall zone
|
||||||
|
uci set firewall.@zone[-1].name='wg'
|
||||||
|
uci set firewall.@zone[-1].input='ACCEPT'
|
||||||
|
uci set firewall.@zone[-1].forward='ACCEPT'
|
||||||
|
uci set firewall.@zone[-1].output='ACCEPT'
|
||||||
|
uci set firewall.@zone[-1].masq='1'
|
||||||
|
|
||||||
|
# Add the WG interface to it
|
||||||
|
uci set firewall.@zone[-1].network='wg0'
|
||||||
|
|
||||||
|
# Forward WAN and LAN traffic to/from it
|
||||||
|
uci add firewall forwarding
|
||||||
|
uci set firewall.@forwarding[-1].src='wg'
|
||||||
|
uci set firewall.@forwarding[-1].dest='wan'
|
||||||
|
uci add firewall forwarding
|
||||||
|
uci set firewall.@forwarding[-1].src='wg'
|
||||||
|
uci set firewall.@forwarding[-1].dest='lan'
|
||||||
|
uci add firewall forwarding
|
||||||
|
uci set firewall.@forwarding[-1].src='lan'
|
||||||
|
uci set firewall.@forwarding[-1].dest='wg'
|
||||||
|
uci add firewall forwarding
|
||||||
|
uci set firewall.@forwarding[-1].src='wan'
|
||||||
|
uci set firewall.@forwarding[-1].dest='wg'
|
||||||
|
|
||||||
|
uci commit firewall
|
||||||
|
/etc/init.d/firewall restart
|
|
@ -0,0 +1,9 @@
|
||||||
|
[Interface]
|
||||||
|
PrivateKey = default
|
||||||
|
ListenPort = default
|
||||||
|
|
||||||
|
[Peer]
|
||||||
|
PublicKey = default
|
||||||
|
Endpoint = default
|
||||||
|
AllowedIPs = default
|
||||||
|
PersistentKeepalive = default
|
43
roles/stable/build/tasks/configure.yml
Normal file
43
roles/stable/build/tasks/configure.yml
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
---
|
||||||
|
- name: configure - profiles
|
||||||
|
include_tasks: configure_profiles.yml
|
||||||
|
when: not skip_configure_profiles
|
||||||
|
tags:
|
||||||
|
- configure_profiles
|
||||||
|
|
||||||
|
- name: configure - clean
|
||||||
|
include_tasks: configure_clean.yml
|
||||||
|
when: not skip_configure_clean
|
||||||
|
tags:
|
||||||
|
- configure_clean
|
||||||
|
|
||||||
|
- name: configure - Check if .config is present
|
||||||
|
stat:
|
||||||
|
path: "{{ openwrt_build_dir }}/.config"
|
||||||
|
register: openwrt_config_initialized
|
||||||
|
|
||||||
|
- name: configure - init
|
||||||
|
include_tasks: configure_init.yml
|
||||||
|
when: not openwrt_config_initialized.stat.exists and not skip_configure_init
|
||||||
|
tags:
|
||||||
|
- configure_init
|
||||||
|
|
||||||
|
- name: configure - Copy default_config to .config
|
||||||
|
shell: "cp configs/default_config .config"
|
||||||
|
args:
|
||||||
|
chdir: "{{ openwrt_build_dir }}"
|
||||||
|
|
||||||
|
- name: configure - Apply custom configs
|
||||||
|
blockinfile:
|
||||||
|
path: "{{ openwrt_build_dir }}/.config"
|
||||||
|
block: "{{ lookup('ansible.builtin.template', 'default_config.j2') }}"
|
||||||
|
|
||||||
|
- name: configure - Expand to full config via make defconfig
|
||||||
|
shell: "make defconfig"
|
||||||
|
args:
|
||||||
|
chdir: "{{ openwrt_build_dir }}"
|
||||||
|
|
||||||
|
- name: configure - Diffconfig to configs/default_config_{{openwrt_target}}_{{ openwrt_subtarget}}
|
||||||
|
shell: ./scripts/diffconfig.sh > configs/default_config_{{openwrt_target}}_{{ openwrt_subtarget}}
|
||||||
|
args:
|
||||||
|
chdir: "{{ openwrt_build_dir }}"
|
21
roles/stable/build/tasks/configure_clean.yml
Normal file
21
roles/stable/build/tasks/configure_clean.yml
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
---
|
||||||
|
- name: configure - clean - Make targetclean
|
||||||
|
shell:
|
||||||
|
cmd:
|
||||||
|
make clean ;
|
||||||
|
# rm -rf build_dir/toolchain*;
|
||||||
|
# rm -rf staging_dir/toolchain*;
|
||||||
|
args:
|
||||||
|
chdir: "{{ openwrt_build_dir }}"
|
||||||
|
|
||||||
|
- name: configure - clean - Clean info files
|
||||||
|
shell:
|
||||||
|
cmd: "rm -rf {{ openwrt_build_dir }}/tmp/info/.files-packageinfo.mk;
|
||||||
|
rm -rf {{ openwrt_build_dir }}/tmp/info/.files-targetinfo.mk;"
|
||||||
|
args:
|
||||||
|
chdir: "{{ openwrt_build_dir }}"
|
||||||
|
|
||||||
|
- name: configure - clean - Remove .config
|
||||||
|
file:
|
||||||
|
path: "{{ openwrt_build_dir }}/.config"
|
||||||
|
state: absent
|
12
roles/stable/build/tasks/configure_init.yml
Normal file
12
roles/stable/build/tasks/configure_init.yml
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
---
|
||||||
|
- name: configure - Initialize .config
|
||||||
|
shell: "make defconfig"
|
||||||
|
args:
|
||||||
|
chdir: "{{ openwrt_build_dir }}"
|
||||||
|
when: not skip_configure_clean or not openwrt_config_initialized.stat.exists
|
||||||
|
|
||||||
|
- name: configure - Copy .config to configs/default_config
|
||||||
|
shell: "mkdir configs; cp .config configs/default_config"
|
||||||
|
args:
|
||||||
|
chdir: "{{ openwrt_build_dir }}"
|
||||||
|
when: not skip_configure_clean or not openwrt_config_initialized.stat.exists
|
15
roles/stable/build/tasks/configure_profiles.yml
Normal file
15
roles/stable/build/tasks/configure_profiles.yml
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
---
|
||||||
|
- name: configure - profiles - Ensure selected profile device exist
|
||||||
|
file:
|
||||||
|
path: "{{ libremesh_profile_directory }}/{{ libremesh_profile_device }}/root/etc/config"
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: configure - profiles - Add lime-mac files to profile device
|
||||||
|
ansible.posix.synchronize:
|
||||||
|
src: ../lime-mac/
|
||||||
|
dest: "{{ libremesh_profile_directory }}/{{ libremesh_profile_device }}/root/etc/config"
|
||||||
|
|
||||||
|
- name: configure - profiles - Install updated profiles
|
||||||
|
shell: ./scripts/feeds update profiles; ./scripts/feeds install -p profiles
|
||||||
|
args:
|
||||||
|
chdir: "{{ openwrt_build_dir }}"
|
35
roles/stable/build/tasks/init_vars.yml
Normal file
35
roles/stable/build/tasks/init_vars.yml
Normal file
|
@ -0,0 +1,35 @@
|
||||||
|
---
|
||||||
|
- name: preflight - {{item}} - Define ip_host
|
||||||
|
shell:
|
||||||
|
cmd: echo "$(../roles/stable/build/files/mac56-to-ip_host.sh {{ item }} --start-from 128)"
|
||||||
|
register: ip_host
|
||||||
|
delegate_to: localhost
|
||||||
|
|
||||||
|
- name: preflight - {{item}} - Save ip_host
|
||||||
|
blockinfile:
|
||||||
|
path: ../host_vars/{{ item }}.yml
|
||||||
|
block: "ip_host: {{ ip_host.stdout }}"
|
||||||
|
marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item }} utils"
|
||||||
|
create: yes
|
||||||
|
delegate_to: localhost
|
||||||
|
|
||||||
|
- name: preflight - {{item}} - Init host_vars common
|
||||||
|
blockinfile:
|
||||||
|
path: ../host_vars/{{ item }}.yml
|
||||||
|
block: |
|
||||||
|
hostname: {{ hostvars[item].hostname }}
|
||||||
|
lime_mac: {{ item }}
|
||||||
|
main_ipv4_address: {{ ip_network }}.{{ ip_host.stdout }}{{ ip_netmask }}
|
||||||
|
marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item }} common"
|
||||||
|
create: yes
|
||||||
|
delegate_to: localhost
|
||||||
|
|
||||||
|
- name: preflight - {{item}} - Init host_vars config
|
||||||
|
blockinfile:
|
||||||
|
path: ../host_vars/{{ item }}.yml
|
||||||
|
block: |
|
||||||
|
config_lime_system: option hostname '{{ hostvars[item].hostname }}'
|
||||||
|
config_lime_network: option channel_5ghz '{% if hostvars[item].channel_5ghz is defined %}{{ hostvars[item].channel_5ghz }}{% else %}{{ default_channel_5ghz }}{% endif %}'
|
||||||
|
marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item }} config"
|
||||||
|
create: yes
|
||||||
|
delegate_to: localhost
|
38
roles/stable/build/tasks/init_wg_vars.yml
Normal file
38
roles/stable/build/tasks/init_wg_vars.yml
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
---
|
||||||
|
- name: preflight - {{item}} - generate privatekey
|
||||||
|
shell:
|
||||||
|
cmd: echo $(wg genkey)
|
||||||
|
register: wg_privatekey
|
||||||
|
delegate_to: localhost
|
||||||
|
when: hostvars[item].vpn_wg0_privatekey is not defined
|
||||||
|
|
||||||
|
- name: preflight - {{item}} - generate publickey
|
||||||
|
shell:
|
||||||
|
cmd: echo $(echo {{ wg_privatekey.stdout }} | wg pubkey)
|
||||||
|
register: wg_publickey
|
||||||
|
delegate_to: localhost
|
||||||
|
when: hostvars[item].vpn_wg0_publickey is not defined
|
||||||
|
|
||||||
|
- name: preflight - {{item}} - generate presharedkey
|
||||||
|
shell:
|
||||||
|
cmd: wg genpsk
|
||||||
|
register: wg_presharedkey
|
||||||
|
delegate_to: localhost
|
||||||
|
when: hostvars[item].vpn_wg0_presharedkey is not defined
|
||||||
|
|
||||||
|
- name: preflight - {{item}} - Init host_vars wireguard
|
||||||
|
blockinfile:
|
||||||
|
path: ../host_vars/{{ item }}.yml
|
||||||
|
block: |
|
||||||
|
vpn_wg0_privatekey: {% if hostvars[item].vpn_wg0_privatekey is defined %}{{ hostvars[item].vpn_wg0_privatekey}}{%else%}{{wg_privatekey.stdout}}{%endif%}
|
||||||
|
|
||||||
|
vpn_wg0_publickey: {% if hostvars[item].vpn_wg0_publickey is defined %}{{ hostvars[item].vpn_wg0_publickey}}{%else%}{{wg_publickey.stdout}}{%endif%}
|
||||||
|
|
||||||
|
vpn_wg0_presharedkey: {% if hostvars[item].vpn_wg0_presharedkey is defined %}{{hostvars[item].vpn_wg0_presharedkey}}{%else%}{{wg_presharedkey.stdout}}{%endif%}
|
||||||
|
|
||||||
|
vpn_wg0_listenport: {{ default_vpn_wg0_listenport }}
|
||||||
|
vpn_wg0_address: {{ vpn_wg0_network }}.{{ hostvars[item].ip_host }}{{ vpn_wg0_netmask }}
|
||||||
|
|
||||||
|
marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item }} vpn wireguard wg0"
|
||||||
|
delegate_to: localhost
|
||||||
|
when: hostvars[item].vpn_wg0_privatekey is not defined
|
11
roles/stable/build/tasks/libremesh_install.yml
Normal file
11
roles/stable/build/tasks/libremesh_install.yml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
---
|
||||||
|
- name: install - libremesh - Add Libremesh feeds
|
||||||
|
blockinfile:
|
||||||
|
path: "{{ openwrt_build_dir }}/feeds.conf"
|
||||||
|
block: "{{ libremesh_feeds }}"
|
||||||
|
register: feeds
|
||||||
|
|
||||||
|
- name: install - libremesh - Update and install Libremesh feeds
|
||||||
|
shell: ./scripts/feeds update libremesh; ./scripts/feeds install -p libremesh
|
||||||
|
args:
|
||||||
|
chdir: "{{ openwrt_build_dir }}"
|
39
roles/stable/build/tasks/main.yml
Normal file
39
roles/stable/build/tasks/main.yml
Normal file
|
@ -0,0 +1,39 @@
|
||||||
|
---
|
||||||
|
- name: preflight
|
||||||
|
include_tasks: preflight.yml
|
||||||
|
when: not skip_preflight
|
||||||
|
tags:
|
||||||
|
- preflight
|
||||||
|
|
||||||
|
- name: install - openwrt
|
||||||
|
include_tasks: openwrt_install.yml
|
||||||
|
when: not skip_openwrt_install
|
||||||
|
tags:
|
||||||
|
- openwrt_install
|
||||||
|
|
||||||
|
- name: install - libremesh
|
||||||
|
include_tasks: libremesh_install.yml
|
||||||
|
when: not skip_libremesh_install
|
||||||
|
tags:
|
||||||
|
- libremesh_install
|
||||||
|
|
||||||
|
- name: packages
|
||||||
|
include_tasks: packages.yml
|
||||||
|
tags:
|
||||||
|
- libremesh_packages
|
||||||
|
|
||||||
|
- name: configure
|
||||||
|
include_tasks: configure.yml
|
||||||
|
|
||||||
|
- name: build - Build
|
||||||
|
shell: make -j $(nproc) EXTRA_IMAGE_NAME="{{openwrt_extra_image_name}}"
|
||||||
|
args:
|
||||||
|
chdir: "{{ openwrt_build_dir }}"
|
||||||
|
tags:
|
||||||
|
- openwrt_build
|
||||||
|
|
||||||
|
- name: webserver
|
||||||
|
include_tasks: webserver.yml
|
||||||
|
when: not skip_webserver_update
|
||||||
|
tags:
|
||||||
|
- webserver
|
27
roles/stable/build/tasks/openwrt_install.yml
Normal file
27
roles/stable/build/tasks/openwrt_install.yml
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
---
|
||||||
|
- name: install - openwrt - Requirements
|
||||||
|
include_tasks: openwrt_requirements.yml
|
||||||
|
|
||||||
|
- name: install - openwrt - Check if openwrt_build_dir is present
|
||||||
|
stat:
|
||||||
|
path: "{{ openwrt_build_dir }}"
|
||||||
|
register: openwrt_build_dir_initialized
|
||||||
|
|
||||||
|
- name: install - openwrt - Clone openwrt
|
||||||
|
git:
|
||||||
|
repo: https://git.openwrt.org/openwrt/openwrt.git
|
||||||
|
dest: "{{ openwrt_build_dir }}"
|
||||||
|
single_branch: yes
|
||||||
|
version: "{{ openwrt_version_tag }}"
|
||||||
|
when: not openwrt_build_dir_initialized.stat.exists
|
||||||
|
|
||||||
|
- name: install - openwrt - cp feeds.conf.default feeds.conf
|
||||||
|
shell:
|
||||||
|
cmd: cp feeds.conf.default feeds.conf
|
||||||
|
args:
|
||||||
|
chdir: "{{ openwrt_build_dir }}"
|
||||||
|
|
||||||
|
- name: install - openwrt - Update and install all feeds
|
||||||
|
shell: ./scripts/feeds update -a; ./scripts/feeds install -a
|
||||||
|
args:
|
||||||
|
chdir: "{{ openwrt_build_dir }}"
|
35
roles/stable/build/tasks/openwrt_requirements.yml
Normal file
35
roles/stable/build/tasks/openwrt_requirements.yml
Normal file
|
@ -0,0 +1,35 @@
|
||||||
|
---
|
||||||
|
- name: install - openwrt - Install openwrt build system requirements
|
||||||
|
become: yes
|
||||||
|
ansible.builtin.apt:
|
||||||
|
update_cache: yes
|
||||||
|
state: present
|
||||||
|
pkg:
|
||||||
|
- build-essential
|
||||||
|
- ccache
|
||||||
|
- ecj
|
||||||
|
- fastjar
|
||||||
|
- file
|
||||||
|
- g++
|
||||||
|
- gawk
|
||||||
|
- gettext
|
||||||
|
- git
|
||||||
|
- java-propose-classpath
|
||||||
|
- libelf-dev
|
||||||
|
- libncurses5-dev
|
||||||
|
- libncursesw5-dev
|
||||||
|
- libssl-dev
|
||||||
|
- python
|
||||||
|
- python2.7-dev
|
||||||
|
- python3
|
||||||
|
- unzip
|
||||||
|
- wget
|
||||||
|
- python3-distutils-extra
|
||||||
|
- python3-setuptools
|
||||||
|
- python3-dev
|
||||||
|
- rsync
|
||||||
|
- subversion
|
||||||
|
- swig
|
||||||
|
- time
|
||||||
|
- xsltproc
|
||||||
|
- zlib1g-dev
|
6
roles/stable/build/tasks/packages.yml
Normal file
6
roles/stable/build/tasks/packages.yml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
- name: packages - Add local packages
|
||||||
|
ansible.posix.synchronize:
|
||||||
|
src: packages/
|
||||||
|
dest: "{{ libremesh_profile_directory }}/"
|
||||||
|
delete: yes
|
21
roles/stable/build/tasks/preflight.yml
Normal file
21
roles/stable/build/tasks/preflight.yml
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
---
|
||||||
|
- name: preflight - Init host_vars common
|
||||||
|
include_tasks: init_vars.yml
|
||||||
|
loop: "{{ groups['mesh_devices'] }}"
|
||||||
|
when: hostvars[item].ip_host is not defined
|
||||||
|
|
||||||
|
- name: preflight - Init host_vars vpn wireguard
|
||||||
|
include_tasks: init_wg_vars.yml
|
||||||
|
loop: "{{ groups['mesh_devices'] }}"
|
||||||
|
when: with_wireguard and hostvars[item].vpn_wg0_privatekey is not defined
|
||||||
|
|
||||||
|
- name: preflight - Generate lime-mac files
|
||||||
|
template:
|
||||||
|
src: lime_mac.j2
|
||||||
|
dest: "../lime-mac/{{ hostvars[item].lime_mac }}"
|
||||||
|
loop: "{{ groups['mesh_devices'] }}"
|
||||||
|
delegate_to: localhost
|
||||||
|
|
||||||
|
- name: preflight - Add wireguard keys to server
|
||||||
|
include_tasks: vpn_wg_server.yml
|
||||||
|
when: with_wireguard
|
16
roles/stable/build/tasks/vpn_wg_server.yml
Normal file
16
roles/stable/build/tasks/vpn_wg_server.yml
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
---
|
||||||
|
- name: wg-server - Add peers to wg server
|
||||||
|
become: yes
|
||||||
|
blockinfile:
|
||||||
|
path: "/etc/wireguard/wg1.conf"
|
||||||
|
block: "{{ lookup('ansible.builtin.template', 'vpn_wg_peer.j2') }}"
|
||||||
|
delegate_to: "{{ hostvars[groups['wg_server'][0]].inventory_hostname }}"
|
||||||
|
loop: "{{ groups['mesh_devices'] }}"
|
||||||
|
|
||||||
|
- name: wg-server - Make sure Wireguard Service is running
|
||||||
|
become: yes
|
||||||
|
service:
|
||||||
|
name: wg-quick@wg1
|
||||||
|
state: restarted
|
||||||
|
enabled: yes
|
||||||
|
delegate_to: "{{ hostvars[groups['wg_server'][0]].inventory_hostname }}"
|
10
roles/stable/build/tasks/webserver.yml
Normal file
10
roles/stable/build/tasks/webserver.yml
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
---
|
||||||
|
- name: webserver - Rsync build directories
|
||||||
|
become: yes
|
||||||
|
shell:
|
||||||
|
cmd: rsync -d {{ openwrt_dir }}/* {{ webui_path }} --delete
|
||||||
|
|
||||||
|
- name: webserver - Create symbolic links for all targets
|
||||||
|
become: yes
|
||||||
|
shell:
|
||||||
|
cmd: for path in $(ls {{ openwrt_dir }}); do ln -s -f {{ openwrt_dir }}/${path}/bin/targets/* {{ webui_path }}/${path}/; done;
|
25
roles/stable/build/templates/default_config.j2
Normal file
25
roles/stable/build/templates/default_config.j2
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
# CONFIG_PACKAGE_dnsmasq is not set
|
||||||
|
# CONFIG_PACKAGE_ppp is not set
|
||||||
|
# CONFIG_PACKAGE_odhcpd-ipv6only is not set
|
||||||
|
|
||||||
|
CONFIG_USES_SQUASHFS=y
|
||||||
|
CONFIG_TARGET_ROOTFS_SQUASHFS=y
|
||||||
|
# CONFIG_TARGET_ROOTFS_EXT4FS is not set
|
||||||
|
# CONFIG_TARGET_IMAGES_GZIP is not set
|
||||||
|
|
||||||
|
CONFIG_TARGET_{{ openwrt_target }}=y
|
||||||
|
CONFIG_TARGET_{{ openwrt_target }}_{{ openwrt_subtarget }}=y
|
||||||
|
CONFIG_TARGET_MULTI_PROFILE=y
|
||||||
|
{% for device in openwrt_devices %}
|
||||||
|
CONFIG_TARGET_DEVICE_{{ openwrt_target }}_{{ openwrt_subtarget }}_DEVICE_{{ device }}=y
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
|
{{ target_configs}}
|
||||||
|
|
||||||
|
{% if with_wireguard %}
|
||||||
|
CONFIG_PACKAGE_profile-valsamoggia.ninux.org-vs-ninux-wg=y
|
||||||
|
{% else %}
|
||||||
|
# CONFIG_PACKAGE_profile-valsamoggia.ninux.org-vs-ninux-wg is not set
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
# CONFIG_PACKAGE_profile-valsamoggia.ninux.org-vs-ninux-fastd is not set
|
19
roles/stable/build/templates/lime_mac.j2
Normal file
19
roles/stable/build/templates/lime_mac.j2
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
config lime system
|
||||||
|
{% if hostvars[item].config_lime_system is defined %}
|
||||||
|
{{ hostvars[item].config_lime_system }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
config lime network
|
||||||
|
{% if hostvars[item].config_lime_network is defined %}
|
||||||
|
{{ hostvars[item].config_lime_network }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
config lime wifi
|
||||||
|
|
||||||
|
{% if with_wireguard %}
|
||||||
|
config generic_uci_config wireguard
|
||||||
|
list uci_set "wireguard.wg0=interface"
|
||||||
|
list uci_set "wireguard.wg0.address={{ hostvars[item].vpn_wg0_address }}"
|
||||||
|
list uci_set "wireguard.wg0.private_key={{ hostvars[item].vpn_wg0_privatekey }}"
|
||||||
|
list uci_set "wireguard.wg0.listen_port={{ hostvars[item].vpn_wg0_listenport }}"
|
||||||
|
{% endif %}
|
9
roles/stable/build/templates/vpn_wg_peer.j2
Normal file
9
roles/stable/build/templates/vpn_wg_peer.j2
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
{% for device in groups['mesh_devices'] %}
|
||||||
|
|
||||||
|
[Peer]
|
||||||
|
# {{ hostvars[device].hostname }}
|
||||||
|
PublicKey = {{ hostvars[device].vpn_wg0_publickey | trim }}
|
||||||
|
Endpoint = 0.0.0.0:51800
|
||||||
|
AllowedIPs = {{ vpn_wg0_network }}.{{ hostvars[device].ip_host | trim }}/32
|
||||||
|
|
||||||
|
{% endfor %}
|
6
roles/stable/dnsmasq/handlers/main.yml
Normal file
6
roles/stable/dnsmasq/handlers/main.yml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
- name: restart dnsmasq
|
||||||
|
service:
|
||||||
|
name: dnsmasq
|
||||||
|
state: restarted
|
||||||
|
tags: dnsmasq
|
21
roles/stable/dnsmasq/tasks/main.yml
Normal file
21
roles/stable/dnsmasq/tasks/main.yml
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
---
|
||||||
|
- name: Install Dnsmasq
|
||||||
|
package:
|
||||||
|
name: dnsmasq
|
||||||
|
state: present
|
||||||
|
tags: dnsmasq
|
||||||
|
|
||||||
|
- name: Set configuration file
|
||||||
|
template:
|
||||||
|
src: etc_dnsmasq.conf.j2
|
||||||
|
dest: /etc/dnsmasq.conf
|
||||||
|
validate: 'dnsmasq --test --conf-file=%s'
|
||||||
|
notify: restart dnsmasq
|
||||||
|
tags: dnsmasq
|
||||||
|
|
||||||
|
- name: Make sure Dnsmasq is running
|
||||||
|
service:
|
||||||
|
name: dnsmasq
|
||||||
|
state: started
|
||||||
|
enabled: yes
|
||||||
|
tags: dnsmasq
|
57
roles/stable/dnsmasq/templates/etc_dnsmasq.conf.j2
Normal file
57
roles/stable/dnsmasq/templates/etc_dnsmasq.conf.j2
Normal file
|
@ -0,0 +1,57 @@
|
||||||
|
# Dnsmasq configuration
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
|
{% if dnsmasq_listen_address is defined %}
|
||||||
|
listen-address={{ dnsmasq_listen_address }}
|
||||||
|
{% endif %}
|
||||||
|
{% if dnsmasq_interface is defined %}
|
||||||
|
interface={{ dnsmasq_interface }}
|
||||||
|
{% endif %}
|
||||||
|
{% if dnsmasq_port is defined %}
|
||||||
|
port={{ dnsmasq_port }}
|
||||||
|
|
||||||
|
{% endif %}
|
||||||
|
{% if dnsmasq_domain_needed %}
|
||||||
|
domain-needed
|
||||||
|
{% endif %}
|
||||||
|
{% if dnsmasq_bogus_priv %}
|
||||||
|
bogus-priv
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{% if dnsmasq_resolv_file is defined %}
|
||||||
|
resolv-file={{ dnsmasq_resolv_file }}
|
||||||
|
|
||||||
|
{% endif %}
|
||||||
|
{% if dnsmasq_addn_hosts is defined %}
|
||||||
|
addn-hosts={{ dnsmasq_addn_hosts }}
|
||||||
|
|
||||||
|
{% endif %}
|
||||||
|
{% if dnsmasq_expand_hosts %}
|
||||||
|
expand-hosts
|
||||||
|
{% endif %}
|
||||||
|
{% if dnsmasq_domain is defined %}
|
||||||
|
domain={{ dnsmasq_domain }}
|
||||||
|
{% endif %}
|
||||||
|
{% if dnsmasq_no_resolv is defined %}
|
||||||
|
no-resolv
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{% if dnsmasq_upstream_servers is defined %}
|
||||||
|
{% if dnsmasq_upstream_servers is iterable %}
|
||||||
|
{% for host in dnsmasq_upstream_servers %}
|
||||||
|
server={{ host }}
|
||||||
|
{% endfor %}
|
||||||
|
{% else %}
|
||||||
|
server={{ dnsmasq_upstream_servers }}
|
||||||
|
{% endif %}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{% if dnsmasq_force_address is defined %}
|
||||||
|
{% if dnsmasq_force_address is iterable %}
|
||||||
|
{% for address in dnsmasq_force_address %}
|
||||||
|
address={{ address }}
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
conf-dir=/etc/dnsmasq.d
|
19
roles/stable/dnsmasq/vars/main.yml
Normal file
19
roles/stable/dnsmasq/vars/main.yml
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
# roles/dnsmasq/defaults/main.yml
|
||||||
|
---
|
||||||
|
dnsmasq_listen_address: "{{ ansible_host }}"
|
||||||
|
dnsmasq_interface: wg0
|
||||||
|
# dnsmasq_port:
|
||||||
|
|
||||||
|
dnsmasq_domain_needed: false
|
||||||
|
dnsmasq_bogus_priv: true
|
||||||
|
dnsmasq_expand_hosts: false
|
||||||
|
dnsmasq_no_resolv: true
|
||||||
|
|
||||||
|
dnsmasq_upstream_servers:
|
||||||
|
- '10.170.0.1'
|
||||||
|
|
||||||
|
dnsmasq_force_address:
|
||||||
|
- '/ada/10.0.0.5'
|
||||||
|
- '/*.ada/10.0.0.5'
|
||||||
|
- '/belvedere/10.0.0.10'
|
||||||
|
- '/belvedere-vs/10.0.0.11'
|
41
roles/stable/monitoring/alertmanager/tasks/main.yml
Normal file
41
roles/stable/monitoring/alertmanager/tasks/main.yml
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
---
|
||||||
|
- name: Install alertmanager
|
||||||
|
ansible.builtin.import_role:
|
||||||
|
name: cloudalchemy.alertmanager
|
||||||
|
vars:
|
||||||
|
alertmanager_version: latest
|
||||||
|
alertmanager_receivers:
|
||||||
|
- name: email
|
||||||
|
email_configs:
|
||||||
|
- send_resolved: true
|
||||||
|
to: "{{ maintainer_emails }}"
|
||||||
|
- name: email_telegram_valli
|
||||||
|
email_configs:
|
||||||
|
- send_resolved: true
|
||||||
|
to: "{{ maintainer_emails }}"
|
||||||
|
telegram_configs:
|
||||||
|
- send_resolved: true
|
||||||
|
bot_token: "{{ telegram_bot_token }}"
|
||||||
|
api_url: "https://api.telegram.org"
|
||||||
|
chat_id: "{{ telegram_chat_id }}"
|
||||||
|
parse_mode: "HTML"
|
||||||
|
alertmanager_route:
|
||||||
|
group_by: ['alertname', 'cluster', 'service']
|
||||||
|
group_wait: 30s
|
||||||
|
group_interval: 5m
|
||||||
|
repeat_interval: 1d
|
||||||
|
receiver: email_telegram_valli
|
||||||
|
routes:
|
||||||
|
- match:
|
||||||
|
alertname: Watchdog
|
||||||
|
receiver: email
|
||||||
|
continue: false
|
||||||
|
repeat_interval: 1w
|
||||||
|
alertmanager_smtp:
|
||||||
|
from: "{{ smtp_from }}"
|
||||||
|
smarthost: "{{ smtp_smarthost }}"
|
||||||
|
auth_username: "{{ smtp_auth_username }}"
|
||||||
|
auth_password: "{{ smtp_auth_password }}"
|
||||||
|
auth_secret: ''
|
||||||
|
auth_identity: ''
|
||||||
|
require_tls: "True"
|
4
roles/stable/monitoring/blackbox_exporter/tasks/main.yml
Normal file
4
roles/stable/monitoring/blackbox_exporter/tasks/main.yml
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
- name: Install Blackbox Exporter
|
||||||
|
include_role:
|
||||||
|
name: cloudalchemy.blackbox-exporter
|
47
roles/stable/monitoring/blackbox_exporter/vars/main.yml
Normal file
47
roles/stable/monitoring/blackbox_exporter/vars/main.yml
Normal file
|
@ -0,0 +1,47 @@
|
||||||
|
---
|
||||||
|
blackbox_exporter_version: 0.22.0 # 0.22.0 / 2022-08-02
|
||||||
|
blackbox_exporter_web_listen_address: "0.0.0.0:9115"
|
||||||
|
blackbox_exporter_cli_flags: {}
|
||||||
|
blackbox_exporter_configuration_modules:
|
||||||
|
http_2xx_head:
|
||||||
|
http:
|
||||||
|
method: HEAD
|
||||||
|
follow_redirects: true
|
||||||
|
fail_if_ssl: false
|
||||||
|
fail_if_not_ssl: false
|
||||||
|
tls_config:
|
||||||
|
insecure_skip_verify: true
|
||||||
|
ip_protocol_fallback: false
|
||||||
|
preferred_ip_protocol: ip4
|
||||||
|
valid_http_versions:
|
||||||
|
- HTTP/1.1
|
||||||
|
- HTTP/2.0
|
||||||
|
valid_status_codes:
|
||||||
|
- 200
|
||||||
|
- 204
|
||||||
|
prober: http
|
||||||
|
timeout: 15s
|
||||||
|
http_2xx_get:
|
||||||
|
http:
|
||||||
|
method: GET
|
||||||
|
follow_redirects: true
|
||||||
|
fail_if_ssl: false
|
||||||
|
fail_if_not_ssl: false
|
||||||
|
tls_config:
|
||||||
|
insecure_skip_verify: true
|
||||||
|
ip_protocol_fallback: false
|
||||||
|
preferred_ip_protocol: ip4
|
||||||
|
valid_http_versions:
|
||||||
|
- HTTP/1.1
|
||||||
|
- HTTP/2.0
|
||||||
|
valid_status_codes:
|
||||||
|
- 200
|
||||||
|
- 204
|
||||||
|
- 302 # Found
|
||||||
|
prober: http
|
||||||
|
timeout: 15s
|
||||||
|
icmp:
|
||||||
|
prober: icmp
|
||||||
|
timeout: 5s
|
||||||
|
icmp:
|
||||||
|
preferred_ip_protocol: "ip4"
|
17
roles/stable/monitoring/prometheus/tasks/main.yml
Normal file
17
roles/stable/monitoring/prometheus/tasks/main.yml
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
---
|
||||||
|
- name: Install Prometheus
|
||||||
|
ansible.builtin.import_role:
|
||||||
|
name: cloudalchemy.prometheus
|
||||||
|
|
||||||
|
- name: Ensure Prometheus Service is running
|
||||||
|
service:
|
||||||
|
name: prometheus
|
||||||
|
state: restarted
|
||||||
|
enabled: yes
|
||||||
|
|
||||||
|
- name: Ensure a job that reboot every 6 hours exists.
|
||||||
|
ansible.builtin.cron:
|
||||||
|
name: "reboot every 6 hours"
|
||||||
|
minute: "0"
|
||||||
|
hour: "*/6"
|
||||||
|
job: "/sbin/reboot"
|
223
roles/stable/monitoring/prometheus/vars/main.yml
Normal file
223
roles/stable/monitoring/prometheus/vars/main.yml
Normal file
|
@ -0,0 +1,223 @@
|
||||||
|
---
|
||||||
|
prometheus_version: 2.37.0 # LTS
|
||||||
|
prometheus_binary_local_dir: '' # default /usr/local/bin
|
||||||
|
prometheus_skip_install: false
|
||||||
|
|
||||||
|
prometheus_config_dir: /etc/prometheus
|
||||||
|
prometheus_db_dir: /var/lib/prometheus
|
||||||
|
prometheus_read_only_dirs: []
|
||||||
|
|
||||||
|
prometheus_web_listen_address: "0.0.0.0:9090"
|
||||||
|
prometheus_web_external_url: ''
|
||||||
|
# See https://github.com/prometheus/exporter-toolkit/blob/master/docs/web-configuration.md
|
||||||
|
|
||||||
|
prometheus_storage_retention: "30d"
|
||||||
|
# Available since Prometheus 2.7.0
|
||||||
|
# [EXPERIMENTAL] Maximum number of bytes that can be stored for blocks. Units
|
||||||
|
# supported: KB, MB, GB, TB, PB.
|
||||||
|
prometheus_storage_retention_size: "0"
|
||||||
|
|
||||||
|
# Alternative config file name, searched in ansible templates path.
|
||||||
|
prometheus_config_file: 'prometheus.yml.j2'
|
||||||
|
|
||||||
|
prometheus_targets: "{{ all_targets }}"
|
||||||
|
|
||||||
|
prometheus_alertmanager_config:
|
||||||
|
- static_configs:
|
||||||
|
- targets:
|
||||||
|
- localhost:9093
|
||||||
|
|
||||||
|
prometheus_scrape_configs:
|
||||||
|
- job_name: "prometheus"
|
||||||
|
metrics_path: "{{ prometheus_metrics_path }}"
|
||||||
|
static_configs:
|
||||||
|
- targets:
|
||||||
|
- "{{ ansible_fqdn | default(ansible_host) | default('localhost') }}:9090"
|
||||||
|
- job_name: "node"
|
||||||
|
file_sd_configs:
|
||||||
|
- files:
|
||||||
|
- "{{ prometheus_config_dir }}/file_sd/node.yml"
|
||||||
|
|
||||||
|
- job_name: 'blackbox-external-targets'
|
||||||
|
metrics_path: /probe
|
||||||
|
params:
|
||||||
|
module: [http_2xx_head]
|
||||||
|
static_configs:
|
||||||
|
- targets:
|
||||||
|
- https://www.google.com
|
||||||
|
- https://www.ripe.net
|
||||||
|
relabel_configs: "{{ blackbox_relabel_configs }}"
|
||||||
|
|
||||||
|
- job_name: 'blackbox-server_head'
|
||||||
|
metrics_path: /probe
|
||||||
|
params:
|
||||||
|
module: [http_2xx_head]
|
||||||
|
static_configs:
|
||||||
|
- targets:
|
||||||
|
- https://ada
|
||||||
|
relabel_configs: "{{ blackbox_relabel_configs }}"
|
||||||
|
|
||||||
|
- job_name: 'blackbox-server_get'
|
||||||
|
metrics_path: /probe
|
||||||
|
params:
|
||||||
|
module: [http_2xx_get]
|
||||||
|
static_configs:
|
||||||
|
- targets:
|
||||||
|
- https://torrent.ada/
|
||||||
|
relabel_configs: "{{ blackbox_relabel_configs }}"
|
||||||
|
|
||||||
|
- job_name: 'blackbox-ping-external'
|
||||||
|
metrics_path: /probe
|
||||||
|
params:
|
||||||
|
module: [icmp]
|
||||||
|
static_configs:
|
||||||
|
- targets:
|
||||||
|
- 1.1.1.1
|
||||||
|
- 8.8.8.8
|
||||||
|
- 4.2.2.2
|
||||||
|
relabel_configs: "{{ blackbox_relabel_configs }}"
|
||||||
|
|
||||||
|
- job_name: 'blackbox-ping-internal'
|
||||||
|
file_sd_configs:
|
||||||
|
- files:
|
||||||
|
- "{{ prometheus_config_dir }}/file_sd/blackbox_ping_internal.yml"
|
||||||
|
metrics_path: /probe
|
||||||
|
params:
|
||||||
|
module: [icmp]
|
||||||
|
relabel_configs: "{{ blackbox_relabel_configs }}"
|
||||||
|
|
||||||
|
prometheus_alert_rules:
|
||||||
|
- alert: Watchdog
|
||||||
|
expr: vector(1)
|
||||||
|
for: 10m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
description: "This is an alert meant to ensure that the entire alerting pipeline is functional.\nThis alert is always firing, therefore it should always be firing in Alertmanager\nand always fire against a receiver. There are integrations with various notification\nmechanisms that send a notification when this alert is not firing. For example the\n\"DeadMansSnitch\" integration in PagerDuty."
|
||||||
|
summary: 'Ensure entire alerting pipeline is functional'
|
||||||
|
- alert: NodeDown
|
||||||
|
expr: "up{job=\"node\", alert=\"yes\"} == 0"
|
||||||
|
for: 5m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
annotations:
|
||||||
|
description: '{% raw %}{{ $labels.instance }} of job {{ $labels.job }} has been down for more than 5 minutes.{% endraw %}'
|
||||||
|
summary: '{% raw %}Instance {{ $labels.instance }} down{% endraw %}'
|
||||||
|
- alert: ToolDown
|
||||||
|
expr: "probe_success{job=\"blackbox-ping-internal\"} == 0"
|
||||||
|
for: 5m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
annotations:
|
||||||
|
description: '{% raw %}{{ $labels.instance }} of job {{ $labels.job }} has been down for more than 5 minutes.{% endraw %}'
|
||||||
|
summary: '{% raw %}Instance {{ $labels.instance }} down{% endraw %}'
|
||||||
|
- alert: RebootRequired
|
||||||
|
expr: 'node_reboot_required > 0'
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
description: '{% raw %}{{ $labels.instance }} requires a reboot.{% endraw %}'
|
||||||
|
summary: '{% raw %}Instance {{ $labels.instance }} - reboot required{% endraw %}'
|
||||||
|
- alert: NodeFilesystemSpaceFillingUp
|
||||||
|
annotations:
|
||||||
|
description: '{% raw %}Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available space left and is filling up.{% endraw %}'
|
||||||
|
summary: 'Filesystem is predicted to run out of space within the next 24 hours.'
|
||||||
|
expr: "(\n node_filesystem_avail_bytes{job=\"node\",fstype!=\"\"} / node_filesystem_size_bytes{job=\"node\",fstype!=\"\"} * 100 < 40\nand\n predict_linear(node_filesystem_avail_bytes{job=\"node\",fstype!=\"\"}[6h], 24*60*60) < 0\nand\n node_filesystem_readonly{job=\"node\",fstype!=\"\"} == 0\n)\n"
|
||||||
|
for: 1h
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
- alert: NodeFilesystemSpaceFillingUp
|
||||||
|
annotations:
|
||||||
|
description: '{% raw %}Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available space left and is filling up fast.{% endraw %}'
|
||||||
|
summary: 'Filesystem is predicted to run out of space within the next 4 hours.'
|
||||||
|
expr: "(\n node_filesystem_avail_bytes{job=\"node\",fstype!=\"\"} / node_filesystem_size_bytes{job=\"node\",fstype!=\"\"} * 100 < 20\nand\n predict_linear(node_filesystem_avail_bytes{job=\"node\",fstype!=\"\"}[6h], 4*60*60) < 0\nand\n node_filesystem_readonly{job=\"node\",fstype!=\"\"} == 0\n)\n"
|
||||||
|
for: 1h
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
- alert: NodeFilesystemAlmostOutOfSpace
|
||||||
|
annotations:
|
||||||
|
description: '{% raw %}Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available space left.{% endraw %}'
|
||||||
|
summary: 'Filesystem has less than 5% space left.'
|
||||||
|
expr: "(\n node_filesystem_avail_bytes{job=\"node\",fstype!=\"\"} / node_filesystem_size_bytes{job=\"node\",fstype!=\"\"} * 100 < 5\nand\n node_filesystem_readonly{job=\"node\",fstype!=\"\"} == 0\n)\n"
|
||||||
|
for: 1h
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
- alert: NodeFilesystemAlmostOutOfSpace
|
||||||
|
annotations:
|
||||||
|
description: '{% raw %}Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available space left.{% endraw %}'
|
||||||
|
summary: 'Filesystem has less than 3% space left.'
|
||||||
|
expr: "(\n node_filesystem_avail_bytes{job=\"node\",fstype!=\"\"} / node_filesystem_size_bytes{job=\"node\",fstype!=\"\"} * 100 < 3\nand\n node_filesystem_readonly{job=\"node\",fstype!=\"\"} == 0\n)\n"
|
||||||
|
for: 1h
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
- alert: NodeFilesystemFilesFillingUp
|
||||||
|
annotations:
|
||||||
|
description: '{% raw %}Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available inodes left and is filling up.{% endraw %}'
|
||||||
|
summary: 'Filesystem is predicted to run out of inodes within the next 24 hours.'
|
||||||
|
expr: "(\n node_filesystem_files_free{job=\"node\",fstype!=\"\"} / node_filesystem_files{job=\"node\",fstype!=\"\"} * 100 < 40\nand\n predict_linear(node_filesystem_files_free{job=\"node\",fstype!=\"\"}[6h], 24*60*60) < 0\nand\n node_filesystem_readonly{job=\"node\",fstype!=\"\"} == 0\n)\n"
|
||||||
|
for: 1h
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
- alert: NodeFilesystemFilesFillingUp
|
||||||
|
annotations:
|
||||||
|
description: '{% raw %}Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available inodes left and is filling up fast.{% endraw %}'
|
||||||
|
summary: 'Filesystem is predicted to run out of inodes within the next 4 hours.'
|
||||||
|
expr: "(\n node_filesystem_files_free{job=\"node\",fstype!=\"\"} / node_filesystem_files{job=\"node\",fstype!=\"\"} * 100 < 20\nand\n predict_linear(node_filesystem_files_free{job=\"node\",fstype!=\"\"}[6h], 4*60*60) < 0\nand\n node_filesystem_readonly{job=\"node\",fstype!=\"\"} == 0\n)\n"
|
||||||
|
for: 1h
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
- alert: NodeFilesystemAlmostOutOfFiles
|
||||||
|
annotations:
|
||||||
|
description: '{% raw %}Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available inodes left.{% endraw %}'
|
||||||
|
summary: 'Filesystem has less than 5% inodes left.'
|
||||||
|
expr: "(\n node_filesystem_files_free{job=\"node\",fstype!=\"\"} / node_filesystem_files{job=\"node\",fstype!=\"\"} * 100 < 5\nand\n node_filesystem_readonly{job=\"node\",fstype!=\"\"} == 0\n)\n"
|
||||||
|
for: 1h
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
- alert: NodeFilesystemAlmostOutOfFiles
|
||||||
|
annotations:
|
||||||
|
description: '{% raw %}Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available inodes left.{% endraw %}'
|
||||||
|
summary: 'Filesystem has less than 3% inodes left.'
|
||||||
|
expr: "(\n node_filesystem_files_free{job=\"node\",fstype!=\"\"} / node_filesystem_files{job=\"node\",fstype!=\"\"} * 100 < 3\nand\n node_filesystem_readonly{job=\"node\",fstype!=\"\"} == 0\n)\n"
|
||||||
|
for: 1h
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
- alert: NodeNetworkReceiveErrs
|
||||||
|
annotations:
|
||||||
|
description: '{% raw %}{{ $labels.instance }} interface {{ $labels.device }} has encountered {{ printf "%.0f" $value }} receive errors in the last two minutes.{% endraw %}'
|
||||||
|
summary: 'Network interface is reporting many receive errors.'
|
||||||
|
expr: "increase(node_network_receive_errs_total[2m]) > 10\n"
|
||||||
|
for: 1h
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
- alert: NodeNetworkTransmitErrs
|
||||||
|
annotations:
|
||||||
|
description: '{% raw %}{{ $labels.instance }} interface {{ $labels.device }} has encountered {{ printf "%.0f" $value }} transmit errors in the last two minutes.{% endraw %}'
|
||||||
|
summary: 'Network interface is reporting many transmit errors.'
|
||||||
|
expr: "increase(node_network_transmit_errs_total[2m]) > 10\n"
|
||||||
|
for: 1h
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
- alert: NodeHighNumberConntrackEntriesUsed
|
||||||
|
annotations:
|
||||||
|
description: '{% raw %}{{ $value | humanizePercentage }} of conntrack entries are used{% endraw %}'
|
||||||
|
summary: 'Number of conntrack are getting close to the limit'
|
||||||
|
expr: "(node_nf_conntrack_entries / node_nf_conntrack_entries_limit) > 0.75\n"
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
- alert: NodeClockSkewDetected
|
||||||
|
annotations:
|
||||||
|
message: '{% raw %}Clock on {{ $labels.instance }} is out of sync by more than 300s. Ensure NTP is configured correctly on this host.{% endraw %}'
|
||||||
|
summary: 'Clock skew detected.'
|
||||||
|
expr: "(\n node_timex_offset_seconds > 0.05\nand\n deriv(node_timex_offset_seconds[5m]) >= 0\n)\nor\n(\n node_timex_offset_seconds < -0.05\nand\n deriv(node_timex_offset_seconds[5m]) <= 0\n)\n"
|
||||||
|
for: 10m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
- alert: NodeClockNotSynchronising
|
||||||
|
annotations:
|
||||||
|
message: '{% raw %}Clock on {{ $labels.instance }} is not synchronising. Ensure NTP is configured on this host.{% endraw %}'
|
||||||
|
summary: 'Clock not synchronising.'
|
||||||
|
expr: "min_over_time(node_timex_sync_status[5m]) == 0\n"
|
||||||
|
for: 10m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
5
roles/stable/nginx/defaults/main.yml
Normal file
5
roles/stable/nginx/defaults/main.yml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
reverse_services: []
|
||||||
|
fpm_services: []
|
||||||
|
with_certbot: false
|
||||||
|
with_distributed_certificates: false
|
23
roles/stable/nginx/tasks/certbot.yml
Normal file
23
roles/stable/nginx/tasks/certbot.yml
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
---
|
||||||
|
- name: Install snapd
|
||||||
|
become: yes
|
||||||
|
apt:
|
||||||
|
pkg: ['snapd']
|
||||||
|
|
||||||
|
- name: Install snap core
|
||||||
|
become: yes
|
||||||
|
snap:
|
||||||
|
name: core
|
||||||
|
|
||||||
|
- name: Install cerbot via snap
|
||||||
|
become: yes
|
||||||
|
snap:
|
||||||
|
name: certbot
|
||||||
|
classic: yes
|
||||||
|
|
||||||
|
- name: Generate certificate if needed
|
||||||
|
become: yes
|
||||||
|
command: /snap/bin/certbot --nginx --non-interactive --agree-tos --expand
|
||||||
|
--domains {{ fpm_services | items2dict(key_name='server_name', value_name='server_name') | join(',') }}
|
||||||
|
{{ reverse_services | items2dict(key_name='server_name', value_name='server_name') | join(',') }}
|
||||||
|
--email {{certbot_email}}
|
38
roles/stable/nginx/tasks/certificates.yml
Normal file
38
roles/stable/nginx/tasks/certificates.yml
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
---
|
||||||
|
- name: Create tmp certificates directory
|
||||||
|
file:
|
||||||
|
path: ./tmp/{{ hostvars['ada'].inventory_hostname }}
|
||||||
|
state: directory
|
||||||
|
delegate_to: localhost
|
||||||
|
|
||||||
|
- name: Create certificates directory
|
||||||
|
file:
|
||||||
|
path: /etc/nginx/certs
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: Copy crt from CA
|
||||||
|
ansible.builtin.fetch:
|
||||||
|
src: /etc/nginx/certs/{{ hostvars['ada'].inventory_hostname }}/ada.crt
|
||||||
|
dest: ./tmp/{{ hostvars['ada'].inventory_hostname }}/
|
||||||
|
flat: yes
|
||||||
|
delegate_to: "{{ item }}"
|
||||||
|
loop: "{{ groups['ca'] }}"
|
||||||
|
|
||||||
|
- name: Copy key from CA
|
||||||
|
ansible.builtin.fetch:
|
||||||
|
src: /etc/nginx/certs/{{ hostvars['ada'].inventory_hostname }}/ada.key
|
||||||
|
dest: ./tmp/{{ hostvars['ada'].inventory_hostname }}/
|
||||||
|
flat: yes
|
||||||
|
delegate_to: "{{ item }}"
|
||||||
|
loop: "{{ groups['ca'] }}"
|
||||||
|
|
||||||
|
- name: Copy to belvedere
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: ./tmp/{{ hostvars['ada'].inventory_hostname }}/
|
||||||
|
dest: /etc/nginx/certs/{{ hostvars['ada'].inventory_hostname }}/
|
||||||
|
|
||||||
|
- name: Delete tmp
|
||||||
|
file:
|
||||||
|
path: ./tmp/
|
||||||
|
state: absent
|
||||||
|
delegate_to: localhost
|
63
roles/stable/nginx/tasks/main.yml
Normal file
63
roles/stable/nginx/tasks/main.yml
Normal file
|
@ -0,0 +1,63 @@
|
||||||
|
---
|
||||||
|
- name: Install NGINX
|
||||||
|
become: yes
|
||||||
|
apt:
|
||||||
|
name: nginx
|
||||||
|
|
||||||
|
- name: Default Configuration
|
||||||
|
become: yes
|
||||||
|
template:
|
||||||
|
src: default.j2
|
||||||
|
dest: /etc/nginx/sites-available/default
|
||||||
|
|
||||||
|
- name: Link Default NGINX Configuration
|
||||||
|
become: yes
|
||||||
|
file:
|
||||||
|
src: "/etc/nginx/sites-available/default"
|
||||||
|
dest: "/etc/nginx/sites-enabled/default"
|
||||||
|
state: link
|
||||||
|
|
||||||
|
- name: Configure Reverse Proxies
|
||||||
|
become: yes
|
||||||
|
template:
|
||||||
|
src: reverse_proxy.conf.j2
|
||||||
|
dest: /etc/nginx/sites-available/{{item.server_name}}.conf
|
||||||
|
loop: "{{ reverse_services }}"
|
||||||
|
|
||||||
|
- name: Link NGINX Reverse Proxies
|
||||||
|
become: yes
|
||||||
|
file:
|
||||||
|
src: "/etc/nginx/sites-available/{{item.server_name}}.conf"
|
||||||
|
dest: "/etc/nginx/sites-enabled/{{item.server_name}}.conf"
|
||||||
|
state: link
|
||||||
|
loop: "{{ reverse_services }}"
|
||||||
|
|
||||||
|
- name: Configure FPM Services
|
||||||
|
become: yes
|
||||||
|
template:
|
||||||
|
src: fpm_service.conf.j2
|
||||||
|
dest: /etc/nginx/sites-available/{{item.server_name}}.conf
|
||||||
|
loop: "{{ fpm_services }}"
|
||||||
|
|
||||||
|
- name: Link NGINX FPM Services
|
||||||
|
become: yes
|
||||||
|
file:
|
||||||
|
src: "/etc/nginx/sites-available/{{item.server_name}}.conf"
|
||||||
|
dest: "/etc/nginx/sites-enabled/{{item.server_name}}.conf"
|
||||||
|
state: link
|
||||||
|
loop: "{{ fpm_services }}"
|
||||||
|
|
||||||
|
- name: Make sure NGINX Service is running
|
||||||
|
become: yes
|
||||||
|
service:
|
||||||
|
name: nginx
|
||||||
|
state: restarted
|
||||||
|
enabled: yes
|
||||||
|
|
||||||
|
- name: Run Certbot if needed
|
||||||
|
include: certbot.yml
|
||||||
|
when: with_certbot | bool
|
||||||
|
|
||||||
|
- name: Sync distributed certificates
|
||||||
|
include: certificates.yml
|
||||||
|
when: with_distributed_certificates | bool
|
25
roles/stable/nginx/templates/default.j2
Normal file
25
roles/stable/nginx/templates/default.j2
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
# cache
|
||||||
|
proxy_cache_path /tmp levels=1:2 keys_zone=STATIC:10m inactive=24h max_size=10g use_temp_path=off;
|
||||||
|
|
||||||
|
{% if with_certbot -%}
|
||||||
|
# redirect all http traffic to https
|
||||||
|
server {
|
||||||
|
listen 80 default_server;
|
||||||
|
listen [::]:80 default_server;
|
||||||
|
server_name _;
|
||||||
|
return 301 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
{%- endif %}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
listen [::]:80;
|
||||||
|
server_name _server_name;
|
||||||
|
root /var/www/html;
|
||||||
|
}
|
||||||
|
|
||||||
|
# enable proxy websocket
|
||||||
|
map $http_upgrade $connection_upgrade {
|
||||||
|
default upgrade;
|
||||||
|
'' close;
|
||||||
|
}
|
31
roles/stable/nginx/templates/fpm_service.conf.j2
Normal file
31
roles/stable/nginx/templates/fpm_service.conf.j2
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
listen [::]:80;
|
||||||
|
listen 443 ssl http2;
|
||||||
|
server_name {{item.server_name}};
|
||||||
|
root {{item.root | default('/var/www/html/')}};
|
||||||
|
index index.html index.html index.htm index.php;
|
||||||
|
|
||||||
|
# keepalive_timeout 200;
|
||||||
|
{{item.custom_config | default('') | indent(2)}}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
try_files $uri $uri/ /index.php?$args;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ \.php$ {
|
||||||
|
include snippets/fastcgi-php.conf;
|
||||||
|
fastcgi_pass {{item.proxy_pass | default('unix:/run/php/php7.4-fpm.sock')}};
|
||||||
|
{{item.custom_fastcgi_config | default('') | indent(2)}}
|
||||||
|
}
|
||||||
|
|
||||||
|
# compression
|
||||||
|
gzip on;
|
||||||
|
gzip_types text/plain application/xml application/json;
|
||||||
|
gzip_proxied no-cache no-store private expired auth;
|
||||||
|
gzip_min_length 1000;
|
||||||
|
|
||||||
|
# cache
|
||||||
|
proxy_cache STATIC;
|
||||||
|
}
|
44
roles/stable/nginx/templates/reverse_proxy.conf.j2
Normal file
44
roles/stable/nginx/templates/reverse_proxy.conf.j2
Normal file
|
@ -0,0 +1,44 @@
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
listen [::]:80;
|
||||||
|
listen 443 ssl http2;
|
||||||
|
server_name {{item.server_name}};
|
||||||
|
|
||||||
|
keepalive_timeout 200;
|
||||||
|
{{item.custom_config | default('') | indent(2)}}
|
||||||
|
|
||||||
|
{% if with_distributed_certificates %}
|
||||||
|
|
||||||
|
ssl_session_timeout 5m;
|
||||||
|
ssl_session_cache shared:SSL:50m;
|
||||||
|
ssl_session_tickets off;
|
||||||
|
ssl_certificate /etc/nginx/certs/ada/ada.crt;
|
||||||
|
ssl_certificate_key /etc/nginx/certs/ada/ada.key;
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass {{item.proxy_pass}};
|
||||||
|
|
||||||
|
# set host
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Forwarded-For 42.42.42.42;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header X-Forwarded-Host $host;
|
||||||
|
proxy_set_header X-Forwarded-Port $server_port;
|
||||||
|
|
||||||
|
# websocket proxy
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "upgrade";
|
||||||
|
|
||||||
|
# compression
|
||||||
|
gzip on;
|
||||||
|
gzip_types text/plain application/xml application/json;
|
||||||
|
gzip_proxied no-cache no-store private expired auth;
|
||||||
|
gzip_min_length 1000;
|
||||||
|
|
||||||
|
# cache
|
||||||
|
proxy_cache STATIC;
|
||||||
|
}
|
||||||
|
}
|
58
roles/wireguard/tasks/main.yml
Normal file
58
roles/wireguard/tasks/main.yml
Normal file
|
@ -0,0 +1,58 @@
|
||||||
|
---
|
||||||
|
- name: Install Wireguard
|
||||||
|
become: yes
|
||||||
|
package:
|
||||||
|
name: wireguard
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: mkdir -p /etc/wireguard/keys
|
||||||
|
file:
|
||||||
|
path: /etc/wireguard/keys
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: Check keys are created
|
||||||
|
stat:
|
||||||
|
path: /etc/wireguard/keys/privatekey
|
||||||
|
register: wireguard_skip_key_generation
|
||||||
|
|
||||||
|
- name: umask 077
|
||||||
|
shell: umask 077
|
||||||
|
args:
|
||||||
|
chdir: /etc/wireguard/keys
|
||||||
|
when: not wireguard_skip_key_generation.stat.exists
|
||||||
|
|
||||||
|
- name: Creating client privatekey and publickey
|
||||||
|
shell: wg genkey | tee privatekey | wg pubkey > publickey
|
||||||
|
args:
|
||||||
|
chdir: /etc/wireguard/keys
|
||||||
|
when: not wireguard_skip_key_generation.stat.exists
|
||||||
|
|
||||||
|
- name: cat privatekey => var_privatekey
|
||||||
|
shell: cat privatekey
|
||||||
|
register: var_privatekey
|
||||||
|
args:
|
||||||
|
chdir: /etc/wireguard/keys
|
||||||
|
|
||||||
|
- name: Creating /etc/wireguard/wg0.conf
|
||||||
|
template:
|
||||||
|
src: client_wg0.j2
|
||||||
|
dest: /etc/wireguard/wg0.conf
|
||||||
|
|
||||||
|
- name: Starting wg service
|
||||||
|
systemd:
|
||||||
|
state: started
|
||||||
|
name: wg-quick@wg0
|
||||||
|
enabled: yes
|
||||||
|
|
||||||
|
- name: cat publickey => var_publickey
|
||||||
|
shell: cat publickey
|
||||||
|
register: var_publickey
|
||||||
|
args:
|
||||||
|
chdir: /etc/wireguard/keys
|
||||||
|
|
||||||
|
- name: Make sure Wireguard Service is running
|
||||||
|
become: yes
|
||||||
|
service:
|
||||||
|
name: wg-quick@wg0
|
||||||
|
state: started
|
||||||
|
enabled: yes
|
8
roles/wireguard/tasks/server.yml
Normal file
8
roles/wireguard/tasks/server.yml
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
---
|
||||||
|
- name: Make sure Wireguard Service is running
|
||||||
|
become: yes
|
||||||
|
service:
|
||||||
|
name: wg-quick@wg0
|
||||||
|
state: started
|
||||||
|
enabled: yes
|
||||||
|
# delegate_to: "{{ hostvars['jitsi'].inventory_hostname }}"
|
11
roles/wireguard/templates/client_wg0.j2
Normal file
11
roles/wireguard/templates/client_wg0.j2
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
[Interface]
|
||||||
|
Address = {{ wireguard_client_ip }}
|
||||||
|
PrivateKey = {{ var_privatekey.stdout }}
|
||||||
|
ListenPort = {{ wireguard_client_wg0_port }}
|
||||||
|
DNS = {{ wireguard_dns }}
|
||||||
|
|
||||||
|
[Peer]
|
||||||
|
PublicKey = {{ wireguard_server_PublicKey }}
|
||||||
|
Endpoint = {{ wireguard_server_public_ip }}:{{ wireguard_server_wg0_port }}
|
||||||
|
AllowedIPs = {{ wireguard_client_AllowedIPs }}
|
||||||
|
PersistentKeepalive = 25
|
12
vars/belvederi.yml
Normal file
12
vars/belvederi.yml
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
---
|
||||||
|
with_certbot: false
|
||||||
|
with_distributed_certificates: true
|
||||||
|
# certbot_email:
|
||||||
|
reverse_services:
|
||||||
|
- info:
|
||||||
|
server_name: info.ada
|
||||||
|
proxy_pass: https://info.ada
|
||||||
|
|
||||||
|
- doc:
|
||||||
|
server_name: doc.ada
|
||||||
|
proxy_pass: https://doc.ada
|
12
vars/build/_h5ai.yml
Normal file
12
vars/build/_h5ai.yml
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
---
|
||||||
|
fpm_services:
|
||||||
|
- firmware.test.ada:
|
||||||
|
server_name: firmware.test.ada
|
||||||
|
root: /opt/openwrt-lime-firmware_test
|
||||||
|
custom_config: "
|
||||||
|
index /_h5ai/public/index.php;
|
||||||
|
|
||||||
|
location /_h5ai/private {
|
||||||
|
return 403;
|
||||||
|
}
|
||||||
|
"
|
45
vars/build/dev_test.yml
Normal file
45
vars/build/dev_test.yml
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
---
|
||||||
|
openwrt_version: "21.02.3"
|
||||||
|
libremesh_version: "librerouteros"
|
||||||
|
libremesh_profile: valsamoggia.ninux.org
|
||||||
|
libremesh_profile_device: vs-ninux-generic-no-luci
|
||||||
|
|
||||||
|
skip_preflight: false
|
||||||
|
skip_openwrt_install: false
|
||||||
|
skip_libremesh_install: false
|
||||||
|
skip_configure_profiles: false
|
||||||
|
skip_configure_clean: true
|
||||||
|
skip_webserver_update: false
|
||||||
|
|
||||||
|
with_wireguard: true
|
||||||
|
with_luci: false
|
||||||
|
|
||||||
|
# webserver index
|
||||||
|
webui_path: /opt/openwrt-lime-firmware_test
|
||||||
|
|
||||||
|
# openwrt
|
||||||
|
openwrt_build_user: "antennine"
|
||||||
|
openwrt_dir: "/home/antennine/openwrt/test"
|
||||||
|
openwrt_build_dirname: "openwrt-{{openwrt_version}}-libremesh-{{libremesh_version}}"
|
||||||
|
openwrt_build_dir: "{{openwrt_dir}}/{{openwrt_build_dirname}}"
|
||||||
|
openwrt_version_tag: "v{{openwrt_version}}"
|
||||||
|
openwrt_extra_image_name: "{{openwrt_version}}_libremesh-{{libremesh_version}}"
|
||||||
|
|
||||||
|
# libremesh
|
||||||
|
libremesh_profile_directory: "{{openwrt_build_dir}}/feeds/profiles/{{libremesh_profile}}"
|
||||||
|
libremesh_feeds: |
|
||||||
|
src-git libremesh https://github.com/libremesh/lime-packages.git;{{ libremesh_version }}
|
||||||
|
src-git profiles https://github.com/libremesh/network-profiles.git
|
||||||
|
|
||||||
|
# libremesh_version: "librerouteros"
|
||||||
|
# libremesh_version: "^0bddc6b50da6f13b1fd20a28f5c4d557c3819737"
|
||||||
|
# libremesh_version: "v2020.1"
|
||||||
|
|
||||||
|
ip_network: "10.170"
|
||||||
|
ip_netmask: "/16"
|
||||||
|
|
||||||
|
vpn_wg0_network: "192.168"
|
||||||
|
vpn_wg0_netmask: "/16"
|
||||||
|
|
||||||
|
default_vpn_wg0_listenport: 51800
|
||||||
|
default_channel_5ghz: 48
|
45
vars/build/main.yml
Normal file
45
vars/build/main.yml
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
---
|
||||||
|
openwrt_version: "21.02.3"
|
||||||
|
libremesh_version: "librerouteros"
|
||||||
|
libremesh_profile: valsamoggia.ninux.org
|
||||||
|
libremesh_profile_device: vs-ninux-generic-no-luci
|
||||||
|
|
||||||
|
skip_preflight: false
|
||||||
|
skip_openwrt_install: false
|
||||||
|
skip_libremesh_install: false
|
||||||
|
skip_configure_profiles: false
|
||||||
|
skip_configure_clean: false
|
||||||
|
skip_webserver_update: false
|
||||||
|
|
||||||
|
with_wireguard: true
|
||||||
|
with_luci: false
|
||||||
|
|
||||||
|
# webserver index
|
||||||
|
webui_path: /opt/openwrt-lime-firmware_test
|
||||||
|
|
||||||
|
# openwrt
|
||||||
|
openwrt_build_user: "antennine"
|
||||||
|
openwrt_dir: "/home/antennine/openwrt/test"
|
||||||
|
openwrt_build_dirname: "openwrt-{{openwrt_version}}-libremesh-{{libremesh_version}}"
|
||||||
|
openwrt_build_dir: "{{openwrt_dir}}/{{openwrt_build_dirname}}"
|
||||||
|
openwrt_version_tag: "v{{openwrt_version}}"
|
||||||
|
openwrt_extra_image_name: "{{openwrt_version}}_libremesh-{{libremesh_version}}"
|
||||||
|
|
||||||
|
# libremesh
|
||||||
|
libremesh_profile_directory: "{{openwrt_build_dir}}/feeds/profiles/{{libremesh_profile}}"
|
||||||
|
libremesh_feeds: |
|
||||||
|
src-git libremesh https://github.com/libremesh/lime-packages.git;{{ libremesh_version }}
|
||||||
|
src-git profiles https://github.com/libremesh/network-profiles.git
|
||||||
|
|
||||||
|
# libremesh_version: "librerouteros"
|
||||||
|
# libremesh_version: "^0bddc6b50da6f13b1fd20a28f5c4d557c3819737"
|
||||||
|
# libremesh_version: "v2020.1"
|
||||||
|
|
||||||
|
ip_network: "10.170"
|
||||||
|
ip_netmask: "/16"
|
||||||
|
|
||||||
|
vpn_wg0_network: "192.168"
|
||||||
|
vpn_wg0_netmask: "/16"
|
||||||
|
|
||||||
|
default_vpn_wg0_listenport: 51800
|
||||||
|
default_channel_5ghz: 48
|
38
vars/build/targets/21.02.3_ramips_mt76x8.yml
Normal file
38
vars/build/targets/21.02.3_ramips_mt76x8.yml
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
# ath79_generic
|
||||||
|
openwrt_target: ramips
|
||||||
|
openwrt_subtarget: mt76x8
|
||||||
|
openwrt_devices:
|
||||||
|
- tl-mr6400-v4
|
||||||
|
|
||||||
|
# override
|
||||||
|
openwrt_version: 21.02.3
|
||||||
|
|
||||||
|
libremesh_profile_device: vs-ninux-generic-no-luci
|
||||||
|
|
||||||
|
# configs
|
||||||
|
skip_configure_clean: true
|
||||||
|
|
||||||
|
target_configs: |
|
||||||
|
CONFIG_PACKAGE_profile-valsamoggia.ninux.org-vs-ninux-generic-no-luci=y
|
||||||
|
# CONFIG_PACKAGE_kmod-ppp is not set
|
||||||
|
# CONFIG_PACKAGE_luci-proto-ppp is not set
|
||||||
|
# CONFIG_PACKAGE_luci is not set
|
||||||
|
CONFIG_PACKAGE_babeld-auto-gw-mode=y
|
||||||
|
CONFIG_PACKAGE_ubus-lime-batman-adv=y
|
||||||
|
CONFIG_PACKAGE_wpad-basic=y
|
||||||
|
# CONFIG_PACKAGE_wpad-basic-wolfssl is not set
|
||||||
|
# CONFIG_PACKAGE_wpad-mesh-wolfssl=y
|
||||||
|
# CONFIG_PACKAGE_ATH_DFS is not set
|
||||||
|
# CONFIG_ATH_USER_REGD is not set
|
||||||
|
CONFIG_PACKAGE_kmod-mt7603=y
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
# CONFIG_PACKAGE_profile-valsamoggia.ninux.org-vs-ninux-generic-no-luci=y
|
||||||
|
# CONFIG_PACKAGE_kmod-ppp is not set
|
||||||
|
# CONFIG_PACKAGE_luci-proto-ppp is not set
|
||||||
|
# CONFIG_PACKAGE_luci is not set
|
||||||
|
# CONFIG_PACKAGE_wpad-basic=y
|
||||||
|
# CONFIG_PACKAGE_wpad-basic-wolfssl is not set
|
||||||
|
# CONFIG_PACKAGE_wpad-mesh-wolfssl=y
|
34
vars/build/targets/22.03.1_ath79_generic.yml
Normal file
34
vars/build/targets/22.03.1_ath79_generic.yml
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
# ath79_generic
|
||||||
|
openwrt_target: ath79
|
||||||
|
openwrt_subtarget: generic
|
||||||
|
openwrt_devices:
|
||||||
|
- tplink_cpe510-v3
|
||||||
|
|
||||||
|
# override
|
||||||
|
openwrt_version: 22.03.1
|
||||||
|
libremesh_profile_device: vs-ninux-generic-no-luci
|
||||||
|
|
||||||
|
# configs
|
||||||
|
skip_configure_clean: true
|
||||||
|
|
||||||
|
target_configs: |
|
||||||
|
CONFIG_PACKAGE_profile-valsamoggia.ninux.org-vs-ninux-generic-no-luci=y
|
||||||
|
# CONFIG_PACKAGE_kmod-ppp is not set
|
||||||
|
# CONFIG_PACKAGE_luci-proto-ppp is not set
|
||||||
|
# CONFIG_PACKAGE_luci is not set
|
||||||
|
CONFIG_PACKAGE_babeld-auto-gw-mode=y
|
||||||
|
CONFIG_PACKAGE_ubus-lime-batman-adv=y
|
||||||
|
CONFIG_PACKAGE_wpad-basic=y
|
||||||
|
# CONFIG_PACKAGE_wpad-basic-wolfssl is not set
|
||||||
|
# CONFIG_PACKAGE_wpad-mesh-wolfssl=y
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
# CONFIG_PACKAGE_profile-valsamoggia.ninux.org-vs-ninux-generic-no-luci=y
|
||||||
|
# CONFIG_PACKAGE_kmod-ppp is not set
|
||||||
|
# CONFIG_PACKAGE_luci-proto-ppp is not set
|
||||||
|
# CONFIG_PACKAGE_luci is not set
|
||||||
|
# CONFIG_PACKAGE_wpad-basic=y
|
||||||
|
# CONFIG_PACKAGE_wpad-basic-wolfssl is not set
|
||||||
|
# CONFIG_PACKAGE_wpad-mesh-wolfssl=y
|
43
vars/build/targets/ar71xx_generic.yml
Normal file
43
vars/build/targets/ar71xx_generic.yml
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
# ar71xx_generic
|
||||||
|
openwrt_target: ar71xx
|
||||||
|
openwrt_subtarget: generic
|
||||||
|
openwrt_devices:
|
||||||
|
- ubnt-lbe-m5
|
||||||
|
- ubnt-loco-m-xw
|
||||||
|
- ubnt-nano-m-xw
|
||||||
|
- ubnt-nano-m
|
||||||
|
|
||||||
|
# override
|
||||||
|
openwrt_version: 19.07.10
|
||||||
|
libremesh_profile_device: vs-ninux-generic
|
||||||
|
|
||||||
|
# configs
|
||||||
|
skip_configure_clean: true
|
||||||
|
|
||||||
|
|
||||||
|
target_configs: |
|
||||||
|
CONFIG_PACKAGE_profile-valsamoggia.ninux.org-vs-ninux-generic=y
|
||||||
|
# CONFIG_PACKAGE_kmod-ppp is not set
|
||||||
|
# CONFIG_PACKAGE_luci-proto-ppp is not set
|
||||||
|
CONFIG_PACKAGE_kmod-rtc-pcf8563=y
|
||||||
|
CONFIG_PACKAGE_kmod-rtc-pcf2123=y
|
||||||
|
CONFIG_PACKAGE_ATH_DEBUG=y
|
||||||
|
CONFIG_PACKAGE_ATH_DYNACK=y
|
||||||
|
CONFIG_PACKAGE_ATH_SPECTRAL=y
|
||||||
|
CONFIG_PACKAGE_prometheus-node-exporter-lua-location-latlon=y
|
||||||
|
CONFIG_PACKAGE_prometheus-node-exporter-lua-wifi-params=y
|
||||||
|
CONFIG_PACKAGE_prometheus-node-exporter-lua-wifi-stations-extra=y
|
||||||
|
CONFIG_PACKAGE_prometheus-node-exporter-lua-wifi-survey=y
|
||||||
|
CONFIG_PACKAGE_prometheus-node-push-influx=y
|
||||||
|
CONFIG_PACKAGE_shared-state-persist=y
|
||||||
|
CONFIG_PACKAGE_tmate=y
|
||||||
|
CONFIG_PACKAGE_ubus-tmate=y
|
||||||
|
CONFIG_PACKAGE_pirania=y
|
||||||
|
CONFIG_PACKAGE_pirania-app=y
|
||||||
|
CONFIG_PACKAGE_watchping=y
|
||||||
|
CONFIG_PACKAGE_wifi-unstuck-wa=y
|
||||||
|
CONFIG_PACKAGE_babeld-auto-gw-mode=y
|
||||||
|
# CONFIG_PACKAGE_wpad-basic is not set
|
||||||
|
# CONFIG_PACKAGE_wpad-basic-wolfssl is not set
|
||||||
|
CONFIG_PACKAGE_wpad-mesh-wolfssl=y
|
||||||
|
"
|
24
vars/build/targets/ath79_generic.yml
Normal file
24
vars/build/targets/ath79_generic.yml
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
# ath79_generic
|
||||||
|
openwrt_target: ath79
|
||||||
|
openwrt_subtarget: generic
|
||||||
|
openwrt_devices:
|
||||||
|
- tplink_cpe510-v3
|
||||||
|
|
||||||
|
# override
|
||||||
|
openwrt_version: 21.02.3
|
||||||
|
|
||||||
|
libremesh_profile_device: vs-ninux-generic-no-luci
|
||||||
|
|
||||||
|
# configs
|
||||||
|
skip_configure_clean: true
|
||||||
|
|
||||||
|
target_configs: |
|
||||||
|
CONFIG_PACKAGE_profile-valsamoggia.ninux.org-vs-ninux-generic-no-luci=y
|
||||||
|
# CONFIG_PACKAGE_kmod-ppp is not set
|
||||||
|
# CONFIG_PACKAGE_luci-proto-ppp is not set
|
||||||
|
# CONFIG_PACKAGE_luci is not set
|
||||||
|
CONFIG_PACKAGE_babeld-auto-gw-mode=y
|
||||||
|
CONFIG_PACKAGE_ubus-lime-batman-adv=y
|
||||||
|
CONFIG_PACKAGE_wpad-basic=y
|
||||||
|
# CONFIG_PACKAGE_wpad-basic-wolfssl is not set
|
||||||
|
# CONFIG_PACKAGE_wpad-mesh-wolfssl=y
|
20
vars/build/targets/ath79_tiny.yml
Normal file
20
vars/build/targets/ath79_tiny.yml
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
# ath79_tiny
|
||||||
|
openwrt_target: ath79
|
||||||
|
openwrt_subtarget: tiny
|
||||||
|
openwrt_devices:
|
||||||
|
- tplink_tl-wr940n-v6
|
||||||
|
|
||||||
|
# override
|
||||||
|
# openwrt_version: 18.06.9
|
||||||
|
openwrt_version: 19.07.10
|
||||||
|
libremesh_profile_device: vs-ninux-tiny
|
||||||
|
|
||||||
|
# configs
|
||||||
|
skip_configure_clean: true
|
||||||
|
with_wireguard: false
|
||||||
|
|
||||||
|
target_configs: |
|
||||||
|
CONFIG_PACKAGE_profile-valsamoggia.ninux.org-vs-ninux-tiny=y
|
||||||
|
# CONFIG_PACKAGE_kmod-ppp is not set
|
||||||
|
# CONFIG_PACKAGE_luci is not set
|
||||||
|
# CONFIG_PACKAGE_luci-proto-ppp is not set
|
45
vars/build/test.yml
Normal file
45
vars/build/test.yml
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
---
|
||||||
|
openwrt_version: "21.02.3"
|
||||||
|
libremesh_version: "librerouteros"
|
||||||
|
libremesh_profile: valsamoggia.ninux.org
|
||||||
|
libremesh_profile_device: vs-ninux-generic-no-luci
|
||||||
|
|
||||||
|
skip_preflight: false
|
||||||
|
skip_openwrt_install: false
|
||||||
|
skip_libremesh_install: false
|
||||||
|
skip_configure_profiles: false
|
||||||
|
skip_configure_clean: false
|
||||||
|
skip_webserver_update: false
|
||||||
|
|
||||||
|
with_wireguard: true
|
||||||
|
with_luci: false
|
||||||
|
|
||||||
|
# webserver index
|
||||||
|
webui_path: /opt/openwrt-lime-firmware_test
|
||||||
|
|
||||||
|
# openwrt
|
||||||
|
openwrt_build_user: "antennine"
|
||||||
|
openwrt_dir: "/home/antennine/openwrt/test"
|
||||||
|
openwrt_build_dirname: "openwrt-{{openwrt_version}}-libremesh-{{libremesh_version}}"
|
||||||
|
openwrt_build_dir: "{{openwrt_dir}}/{{openwrt_build_dirname}}"
|
||||||
|
openwrt_version_tag: "v{{openwrt_version}}"
|
||||||
|
openwrt_extra_image_name: "{{openwrt_version}}_libremesh-{{libremesh_version}}"
|
||||||
|
|
||||||
|
# libremesh
|
||||||
|
libremesh_profile_directory: "{{openwrt_build_dir}}/feeds/profiles/{{libremesh_profile}}"
|
||||||
|
libremesh_feeds: |
|
||||||
|
src-git libremesh https://github.com/libremesh/lime-packages.git;{{ libremesh_version }}
|
||||||
|
src-git profiles https://github.com/libremesh/network-profiles.git
|
||||||
|
|
||||||
|
# libremesh_version: "librerouteros"
|
||||||
|
# libremesh_version: "^0bddc6b50da6f13b1fd20a28f5c4d557c3819737"
|
||||||
|
# libremesh_version: "v2020.1"
|
||||||
|
|
||||||
|
ip_network: "10.170"
|
||||||
|
ip_netmask: "/16"
|
||||||
|
|
||||||
|
vpn_wg0_network: "192.168"
|
||||||
|
vpn_wg0_netmask: "/16"
|
||||||
|
|
||||||
|
default_vpn_wg0_listenport: 51800
|
||||||
|
default_channel_5ghz: 48
|
4
vars/libremesh.yml
Normal file
4
vars/libremesh.yml
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
|
||||||
|
libremesh_versions:
|
||||||
|
- librerouteros # ^0bddc6b50da6f13b1fd20a28f5c4d557c3819737 Released: Thu Mar 17 2022
|
||||||
|
- 2020.1 # Released: Fri Dec 11 2020
|
22
vars/monitoring.yml
Normal file
22
vars/monitoring.yml
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
|
||||||
|
maintainer_emails: '<redacted>, <redacted>'
|
||||||
|
|
||||||
|
all_targets:
|
||||||
|
node: "{{ belvedere_targets }}"
|
||||||
|
blackbox_ping_internal: "{{ blackbox_ping_internal}}"
|
||||||
|
|
||||||
|
blackbox_ping_internal:
|
||||||
|
- targets: "[ {%for host in groups['belvederi']%}'{{hostvars[host].ansible_host}}'{% if not loop.last %},{% endif %}{% endfor %} ]"
|
||||||
|
labels:
|
||||||
|
host: 'belvederi'
|
||||||
|
- targets: "[ {%for host in groups['strumenti']%}'{{hostvars[host].ansible_host}}'{% if not loop.last %},{% endif %}{% endfor %} ]"
|
||||||
|
labels:
|
||||||
|
host: 'strumenti'
|
||||||
|
|
||||||
|
blackbox_relabel_configs:
|
||||||
|
- source_labels: [__address__]
|
||||||
|
target_label: __param_target
|
||||||
|
- source_labels: [__param_target]
|
||||||
|
target_label: instance
|
||||||
|
- target_label: __address__
|
||||||
|
replacement: 127.0.0.1:9115
|
5
vars/smtp.yml
Normal file
5
vars/smtp.yml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
|
||||||
|
smtp_from: '<redacted>'
|
||||||
|
smtp_smarthost: 'mail.gandi.net:587'
|
||||||
|
smtp_auth_username: '<redacted>'
|
||||||
|
smtp_auth_password: "{{ lookup('passwordstore', 'chiavi_antennine/emails/<redacted>', errors='strict') | default(omit) }}"
|
3
vars/telegram.yml
Normal file
3
vars/telegram.yml
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
|
||||||
|
telegram_bot_token: "{{ lookup('passwordstore', 'chiavi_antennine/telegram/bot_api_token', errors='strict') | default(omit) }}"
|
||||||
|
telegram_chat_id: <redacted>
|
1
vars/test.yml
Normal file
1
vars/test.yml
Normal file
|
@ -0,0 +1 @@
|
||||||
|
maintainer_emails: '<redacted>'
|
10
vars/wireguard.yml
Normal file
10
vars/wireguard.yml
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
|
||||||
|
wireguard_server_public_ip: 13.13.13.13
|
||||||
|
wireguard_server_PublicKey: '<redacted>'
|
||||||
|
wireguard_server_wg0_port: 51820
|
||||||
|
|
||||||
|
wireguard_client_ip: # 10.0.0.9
|
||||||
|
wireguard_client_wg0_port: 51820
|
||||||
|
wireguard_client_AllowedIPs: 10.0.0.0/24
|
||||||
|
|
||||||
|
wireguard_dns: # 10.0.0.10
|
Loading…
Reference in a new issue