Freifunk-Leipzig
/
eae-am-deutschen-platz
Archived
13
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
docs, config and ansible stuff for the "Erstaufnahmeeinrichtung Am Deutschen Platz" migriert zu https://gitlab.dezentrale.space/freifunk-leipzig/eae-am-deutschen-platz
This repository has been archived on 2024-05-11. You can view files and clone it, but cannot push or open issues or pull requests.
121 Commits 4 Branches 0 Tags 2.3 MiB
Jinja 63.8%
Lua 20.2%
Shell 16%
Go to file
Gregor Michels a9429b661a playbook_sysupgrade: make idempotent 
only issue a sysupgrade if the desired garet version and profile
specified in the inventory does not match the firmware running on the
device.

Because we do not put the firmware files into this git, simply
clone the garet repo, checkout the desired commit, build the needed
profile and then put the firmware file into
  firmware/garet_${profile}-${version}.bin
 		2022-10-24 00:25:18 +02:00
ansible-environment add venv for ansible 2022-07-03 01:24:40 +02:00
documentation incidents: add incident 023 about broken public wifi 2022-10-19 02:13:35 +02:00
files monitoring: add alarm "PublicWifiUpstreamLost" 2022-10-19 02:05:32 +02:00
password-store new playbook 'playbook_provision_gateway.yml' 2022-09-26 00:34:06 +02:00
templates monitoring: remove non-dns e2e test 2022-10-19 02:01:08 +02:00
.gitignore add a way to build an offline copy of the documentation 2022-07-03 02:13:11 +02:00
README.md README: fix documentation link 2022-07-03 03:27:37 +02:00
ansible-environment.txt venv: upgrade to ansible 6.1.0 2022-07-24 17:09:57 +02:00
ansible-inventory inventory: add location information to accesspoints 2022-10-11 01:29:49 +02:00
ansible.cfg rename some ansible files/directories 2022-07-03 02:07:50 +02:00
environment environment: also configure http(s) proxy and enter python venv 2022-07-03 02:07:50 +02:00
playbook_create_ssh_config.yml playbook_create_ssh_config: fix indentation of 'ProxyJump' 2022-09-28 00:49:10 +02:00
playbook_distribute_authorized_keys.yml playbook_distribute_authorized_keys: also set root pw on gw and aps 2022-09-28 00:47:14 +02:00
playbook_provision_accesspoints.yml playbook_provision_accesspoints: remove unnecessary statements 2022-10-01 20:34:49 +02:00
playbook_provision_backbone.yml playbook_provision_backbone: remove tunnel configuration for gw-core01 2022-09-26 00:34:07 +02:00
playbook_provision_eap-adp-jump01.yml monitoring: move node exporter installation into single task 2022-09-14 02:26:27 +02:00
playbook_provision_gateway.yml new playbook 'playbook_provision_gateway.yml' 2022-09-26 00:34:06 +02:00
playbook_provision_hypervisor.yml rename playbook_provision_hyper01 -> playbook_provision_hypervisor 2022-09-14 03:01:41 +02:00
playbook_provision_monitoring.yml incident 017: add another icmp probe `mon-e2e-wan01` 2022-09-15 02:02:22 +02:00
playbook_sysupgrade.yml playbook_sysupgrade: make idempotent 2022-10-24 00:25:18 +02:00

README.md

Freifunk Leipzig - Erstaufnahme Einrichtung - Am Deutschen Platz

This repo contains the config and documentation for our installation at the "Erstaufnahme Einrichtung - Am Deutschen Platz"

this is a work in progress

Quick Links

Usage

Requirements

  • pass (password manager)
  • pandoc (offline documentation generation)
  • python3 (ansible)
  • python3-venv (ansible)
  • rsync (ansible)

Initial Setup

  1. install requirements
  2. clone repo and change directory: git clone https://git.sr.ht/~hirnpfirsich/ffl-eae-adp && cd ffl-aea-adp
  3. create python3 virtual enviroment: python3 -m venv ansible-environment
  4. enter python3 virtual environment: . ansible-environment/bin/activate
  5. install ansible and dependencies: pip3 install -r ansible-environment.txt
  6. import all gpg keys for pass: gpg --import files/gpg/*
  7. trust all imported gpg keys: gpg --edit-key <id> with trust and 5 for every key
  8. create ssh_config with all hosts: ansible-playbook playbook_create_ssh_config.yml (use -e jumphost=eae-adp-jump01 to configure ssh to use eae-adp-jump01 as the jump host)
  9. leave python3 virtual environment: deactivate

Daily Usage

Before doing enything you need to enter the environment: . environment

After using playbook_create_ssh_config.yml you can call ssh simply with the name of the machine (ie. ssh gw-core01). The ssh_config file is generated from the ansible-inventory. Should something in the inventory change or you want to use/change the jumphost simply reexecute the playbook.

Passwords managed using pass. Simply call pass after sourcing the environment.

Descriptions

  • environment: configure environment (path to pass store, http(s) socks proxy and python venv for ansible)
  • playbook_create_ssh_config.yml: playbook to create an additional ssh_config file (.ssh/ffl_eae_adp_config) that get's included in the default ssh_config
  • playbook_distribute_authorized_keys.yml: deploy files/authorized_keys on all machines
  • playbook_provision_accesspoints.yml: configure accesspoints
  • playbook_provision_backbone.yml: configure wg tunnel and ospf link between gw-core01 and eae-adp-jump01
  • playbook_provision_eap-adp-jump01.yml: general system configuration for eae-adp-jump01 (monitoring, routing, ...)
  • playbook_provision_hyper01.yml: general system configuration for hyper01 and create vms/containers
  • playbook_provision_monitoring.yml: configure and install prometheus and grafana on monitoring01