add mmfd + respondd

genofire · genofire · commit c2bb1789cfd8 · 2019-02-03T06:27:35.000+01:00
diff --git a/lib/hosts.py b/lib/hosts.py
@@ -111,6 +111,7 @@ def host(self, id, hostname, **host_vars):
     vars.update(host_vars)
     vars.update({
       "vpn_id":             id,
+      "babel":              self.babel,
       "batman_ipv4":        self.calculate_address("ipv4_network", id),
       "batman_ipv6_global": self.calculate_address("ipv6_global_network", id),
       "batman_ipv6_local":  self.calculate_address("ipv6_local_network", id),
diff --git a/playbooks/babelserver.yml b/playbooks/babelserver.yml
@@ -1,11 +1,16 @@
 ---
 - hosts: babelservers
+  vars:
+    mesh_announce_git_root: https://github.com/FreifunkBremen/mesh-announce
+    mesh_announce_git_commit: babel
   roles:
   - apt
   - openssh
   - { role: babeld,  tags: [ babeld, babel ] }
-  - { role: l3roamd,  tags: [ l3roamd, babel ] }
-  - { role: wireguard,  tags: [ wireguard, babel ] }
+  # - { role: l3roamd,  tags: [ l3roamd, babel ] }
+  - { role: mmfd,  tags: [ mmfd, babel ] }
+  - { role: wireguard,  tags: [ wireguard, vpn ] }
+  - { role: mesh-announce, tags: respondd }
   - system
   - tmpfs
   - tools
diff --git a/roles/babeld/templates/firewall.sh b/roles/babeld/templates/firewall.sh
@@ -1,5 +1,7 @@
-# babeld
+# babeld control
 ipt -A INPUT -i lo -p tcp --dport 33123 -j ACCEPT
+
+# babeld routing
 {% for ifname in babel_interfaces %}
 ipt6 -A INPUT -i {{ifname}} -p udp --dport 6696 -j ACCEPT
 {% endfor %}
diff --git a/roles/mesh-announce/templates/firewall.sh b/roles/mesh-announce/templates/firewall.sh
@@ -1,3 +1,8 @@
+# batman
 ipt6 -A INPUT -i {{ main_bridge }} -p udp --dport 1001 -j ACCEPT
 ipt6 -A INPUT -i vpn-{{ site_code }}-legacy -p udp --dport 1001 -j ACCEPT
 ipt6 -A INPUT -i vpn-{{ site_code }} -p udp --dport 1001 -j ACCEPT
+
+# babel
+ipt6 -A INPUT -i babel-ffhb -p udp --dport 1001 -j ACCEPT
+ipt6 -A INPUT -i mmfd0 -p udp --dport 1001 -j ACCEPT
diff --git a/roles/mesh-announce/templates/service b/roles/mesh-announce/templates/service
@@ -4,11 +4,15 @@ Description=Respondd
 After=network.target
 
 [Service]
+{% if babel %}
+ExecStart=/opt/{{ site_code }}/mesh-announce/respondd.py -d /opt/{{ site_code }}/mesh-announce/providers -g ff05::2:1001 -i mmfd0 -ba [::]:33123
+{% else %}
 {% if respondd_vpn %}
 ExecStart=/opt/{{ site_code }}/mesh-announce/respondd.py -d /opt/{{ site_code }}/mesh-announce/providers -b {{ batman_interface }} -i {{ main_bridge }} -i vpn-{{ site_code }}-legacy -i vpn-{{ site_code }}
 {% else %}
 ExecStart=/opt/{{ site_code }}/mesh-announce/respondd.py -d /opt/{{ site_code }}/mesh-announce/providers -b {{ ansible_default_ipv4.interface }} -i {{ ansible_default_ipv4.interface }}
 {% endif %}
+{% endif %}
 
 [Install]
 WantedBy=multi-user.target
diff --git a/roles/mmfd/defaults/main.yml b/roles/mmfd/defaults/main.yml
@@ -0,0 +1,7 @@
+---
+mmfd_repository: "https://dl.ffm.freifunk.net/debian-packages/ sid main"
+mmfd_repository_key: 390BF305
+
+babel_bridge: babel-{{ site_code }}
+babel_interfaces_vpn: []
+babel_interfaces: "{{ [babel_bridge] + babel_interfaces_vpn }}"
diff --git a/roles/mmfd/handlers/main.yml b/roles/mmfd/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+- name: restart mmfd
+  service: name=mmfd state=restarted
+
+- name: reload systemd
+  command: systemctl daemon-reload
diff --git a/roles/mmfd/tasks/main.yml b/roles/mmfd/tasks/main.yml
@@ -0,0 +1,31 @@
+- name: Add repository key for babeld and utils
+  apt_key: keyserver="{{ pgp_keyserver }}" id="{{mmfd_repository_key}}"
+
+- name: Add repository for babeld and utils
+  apt_repository: repo="deb {{mmfd_repository}}"
+
+- name: Install mmfd (babel utils)
+  apt: name="mmfd"
+
+- name: Install interfaces file
+  template: >
+    src=interfaces
+    dest=/etc/network/interfaces.d/babel-{{site_code}}-mmfd
+
+- name: Configure firewall
+  template: src=firewall.sh dest={{ firewall_path }}/35-babel-{{site_code}}-mmfd
+  when: firewall_enabled
+  notify: reload firewall
+
+- name: Install mmfd service
+  template: src=mmfd.service dest=/etc/systemd/system/mmfd.service
+  notify:
+  - reload systemd
+  - restart mmfd
+ 
+- name: Enable mmfd
+  service:
+    name: mmfd
+    enabled: yes
+    state: started
+
diff --git a/roles/mmfd/templates/firewall.sh b/roles/mmfd/templates/firewall.sh
@@ -0,0 +1,4 @@
+# mmfd
+{% for ifname in babel_interfaces %}
+ipt -A INPUT -i {{ifname}} -p udp --dport 27275 -j ACCEPT
+{% endfor %}
diff --git a/roles/mmfd/templates/interfaces b/roles/mmfd/templates/interfaces
@@ -0,0 +1,8 @@
+# {{ ansible_managed }}
+
+allow-hotplug mmfd0
+auto mmfd0
+iface mmfd0 inet6 static
+	address  fe80::1
+	netmask 64
+	post-up ip r add ff05::2:1001/128 dev mmfd0 table local
diff --git a/roles/mmfd/templates/mmfd.service b/roles/mmfd/templates/mmfd.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=mmfd
+Wants=basic.target
+After=basic.target network.target babeld.service
+
+[Service]
+Type=simple
+ExecStart=/usr/local/bin/mmfd
+KillMode=process
+Restart=always
+RestartSec=3
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/wireguard/README.md b/roles/wireguard/README.md
@@ -32,4 +32,7 @@ ipt6 -A FORWARD -o wg-bb-+ -i babel-wg+ -j ACCEPT
 ipt6 -A FORWARD -i wg-bb-+ -o babel-wg+ -j ACCEPT
 ipt6 -A FORWARD -o wg-bb-+ -i wg-bb-+ -j ACCEPT
 
+# respondd (with mmfd + mesh-announce)
+ipt6 -A INPUT -i wg-bb-+ -p udp --dport 1001 -j ACCEPT
+
 ```
