# Freifunk Leipzig - Erstaufnahme Einrichtung - Am Deutschen Platz

This repo contains the config and documentation for our installation at the "Erstaufnahme Einrichtung - Am Deutschen Platz"

---

**this is a work in progress**

---

## Quick Links

* [Documentation](documentation/MAIN.md)
* [Incidents](documentation/INCIDENTS.md)
* [Todo](documentation/TODO.md)

## Usage

### Requirements

* `pass`         (password manager)
* `pandoc`       (offline documentation generation)
* `python3`      (ansible)
* `python3-venv` (ansible)
* `rsync`        (ansible)

### Initial Setup

0. install requirements
1. clone repo and change directory:    `git clone https://git.sr.ht/~hirnpfirsich/ffl-eae-adp && cd ffl-aea-adp`
2. create python3 virtual enviroment:  `python3 -m venv ansible-environment`
3. enter python3 virtual environment:  `. ansible-environment/bin/activate`
4. install ansible and dependencies:   `pip3 install -r ansible-environment.txt`
5. import all gpg keys for `pass`:     `gpg --import files/gpg/*`
6. trust all imported gpg keys:        `gpg --edit-key <id>` with `trust` and `5` for every key
7. create `ssh_config` with all hosts: `ansible-playbook playbook_create_ssh_config.yml` (use `-e jumphost=eae-adp-jump01` to configure ssh to use `eae-adp-jump01` as the jump host)
8. leave python3 virtual environment:  `deactivate`

### Daily Usage

Before doing enything you need to enter the environment: `. environment`

After using `playbook_create_ssh_config.yml` you can call `ssh` simply with the name of the machine (ie. `ssh gw-core01`).
The `ssh_config` file is generated from the `ansible-inventory`.
Should something in the inventory change or you want to use/change the jumphost simply reexecute the playbook.

Passwords managed using `pass`. Simply call `pass` after sourcing the environment.

### Descriptions

* `environment`:                             configure environment (path to `pass` store, http(s) socks proxy and python venv for ansible)
* `playbook_create_ssh_config.yml`:          playbook to create an additional `ssh_config` file (`.ssh/ffl_eae_adp_config`) that get's included in the default `ssh_config`
* `playbook_distribute_authorized_keys.yml`: deploy `files/authorized_keys` on all machines
* `playbook_provision_accesspoints.yml`:     configure accesspoints
* `playbook_provision_backbone.yml`:         configure wg tunnel and ospf link between `gw-core01` and `eae-adp-jump01`
* `playbook_provision_eap-adp-jump01.yml`:   general system configuration for `eae-adp-jump01` (monitoring, routing, ...)
* `playbook_provision_hyper01.yml`:          general system configuration for `hyper01` and create vms/containers
* `playbook_provision_monitoring.yml`:       configure and install prometheus and grafana on `monitoring01`