From c2bb1789cfd860ad91ddad7ea8365693694c0dbb Mon Sep 17 00:00:00 2001
From: Martin/Geno <geno+dev@fireorbit.de>
Date: Sun, 3 Feb 2019 05:47:35 +0100
Subject: [PATCH] add mmfd + respondd

---
 lib/hosts.py                              |  1 +
 playbooks/babelserver.yml                 |  9 +++++--
 roles/babeld/templates/firewall.sh        |  4 ++-
 roles/mesh-announce/templates/firewall.sh |  5 ++++
 roles/mesh-announce/templates/service     |  4 +++
 roles/mmfd/defaults/main.yml              |  7 +++++
 roles/mmfd/handlers/main.yml              |  6 +++++
 roles/mmfd/tasks/main.yml                 | 31 +++++++++++++++++++++++
 roles/mmfd/templates/firewall.sh          |  4 +++
 roles/mmfd/templates/interfaces           |  8 ++++++
 roles/mmfd/templates/mmfd.service         | 14 ++++++++++
 roles/wireguard/README.md                 |  3 +++
 12 files changed, 93 insertions(+), 3 deletions(-)
 create mode 100644 roles/mmfd/defaults/main.yml
 create mode 100644 roles/mmfd/handlers/main.yml
 create mode 100644 roles/mmfd/tasks/main.yml
 create mode 100644 roles/mmfd/templates/firewall.sh
 create mode 100644 roles/mmfd/templates/interfaces
 create mode 100644 roles/mmfd/templates/mmfd.service

diff --git a/lib/hosts.py b/lib/hosts.py
index 388771a4..db2be165 100644
--- a/lib/hosts.py
+++ b/lib/hosts.py
@@ -111,6 +111,7 @@ def host(self, id, hostname, **host_vars):
     vars.update(host_vars)
     vars.update({
       "vpn_id":             id,
+      "babel":              self.babel,
       "batman_ipv4":        self.calculate_address("ipv4_network", id),
       "batman_ipv6_global": self.calculate_address("ipv6_global_network", id),
       "batman_ipv6_local":  self.calculate_address("ipv6_local_network", id),
diff --git a/playbooks/babelserver.yml b/playbooks/babelserver.yml
index 3df78afc..8aa10244 100644
--- a/playbooks/babelserver.yml
+++ b/playbooks/babelserver.yml
@@ -1,11 +1,16 @@
 ---
 - hosts: babelservers
+  vars:
+    mesh_announce_git_root: https://github.com/FreifunkBremen/mesh-announce
+    mesh_announce_git_commit: babel
   roles:
   - apt
   - openssh
   - { role: babeld,  tags: [ babeld, babel ] }
-  - { role: l3roamd,  tags: [ l3roamd, babel ] }
-  - { role: wireguard,  tags: [ wireguard, babel ] }
+  # - { role: l3roamd,  tags: [ l3roamd, babel ] }
+  - { role: mmfd,  tags: [ mmfd, babel ] }
+  - { role: wireguard,  tags: [ wireguard, vpn ] }
+  - { role: mesh-announce, tags: respondd }
   - system
   - tmpfs
   - tools
diff --git a/roles/babeld/templates/firewall.sh b/roles/babeld/templates/firewall.sh
index 096f36e8..41e432f9 100644
--- a/roles/babeld/templates/firewall.sh
+++ b/roles/babeld/templates/firewall.sh
@@ -1,5 +1,7 @@
-# babeld
+# babeld control
 ipt -A INPUT -i lo -p tcp --dport 33123 -j ACCEPT
+
+# babeld routing
 {% for ifname in babel_interfaces %}
 ipt6 -A INPUT -i {{ifname}} -p udp --dport 6696 -j ACCEPT
 {% endfor %}
diff --git a/roles/mesh-announce/templates/firewall.sh b/roles/mesh-announce/templates/firewall.sh
index 7e34b9e0..3e855131 100644
--- a/roles/mesh-announce/templates/firewall.sh
+++ b/roles/mesh-announce/templates/firewall.sh
@@ -1,3 +1,8 @@
+# batman
 ipt6 -A INPUT -i {{ main_bridge }} -p udp --dport 1001 -j ACCEPT
 ipt6 -A INPUT -i vpn-{{ site_code }}-legacy -p udp --dport 1001 -j ACCEPT
 ipt6 -A INPUT -i vpn-{{ site_code }} -p udp --dport 1001 -j ACCEPT
+
+# babel
+ipt6 -A INPUT -i babel-ffhb -p udp --dport 1001 -j ACCEPT
+ipt6 -A INPUT -i mmfd0 -p udp --dport 1001 -j ACCEPT
diff --git a/roles/mesh-announce/templates/service b/roles/mesh-announce/templates/service
index d09e6c5b..77033c48 100644
--- a/roles/mesh-announce/templates/service
+++ b/roles/mesh-announce/templates/service
@@ -4,11 +4,15 @@ Description=Respondd
 After=network.target
 
 [Service]
+{% if babel %}
+ExecStart=/opt/{{ site_code }}/mesh-announce/respondd.py -d /opt/{{ site_code }}/mesh-announce/providers -g ff05::2:1001 -i mmfd0 -ba [::]:33123
+{% else %}
 {% if respondd_vpn %}
 ExecStart=/opt/{{ site_code }}/mesh-announce/respondd.py -d /opt/{{ site_code }}/mesh-announce/providers -b {{ batman_interface }} -i {{ main_bridge }} -i vpn-{{ site_code }}-legacy -i vpn-{{ site_code }}
 {% else %}
 ExecStart=/opt/{{ site_code }}/mesh-announce/respondd.py -d /opt/{{ site_code }}/mesh-announce/providers -b {{ ansible_default_ipv4.interface }} -i {{ ansible_default_ipv4.interface }}
 {% endif %}
+{% endif %}
 
 [Install]
 WantedBy=multi-user.target
diff --git a/roles/mmfd/defaults/main.yml b/roles/mmfd/defaults/main.yml
new file mode 100644
index 00000000..5f159e4a
--- /dev/null
+++ b/roles/mmfd/defaults/main.yml
@@ -0,0 +1,7 @@
+---
+mmfd_repository: "https://dl.ffm.freifunk.net/debian-packages/ sid main"
+mmfd_repository_key: 390BF305
+
+babel_bridge: babel-{{ site_code }}
+babel_interfaces_vpn: []
+babel_interfaces: "{{ [babel_bridge] + babel_interfaces_vpn }}"
diff --git a/roles/mmfd/handlers/main.yml b/roles/mmfd/handlers/main.yml
new file mode 100644
index 00000000..826eb938
--- /dev/null
+++ b/roles/mmfd/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+- name: restart mmfd
+  service: name=mmfd state=restarted
+
+- name: reload systemd
+  command: systemctl daemon-reload
diff --git a/roles/mmfd/tasks/main.yml b/roles/mmfd/tasks/main.yml
new file mode 100644
index 00000000..ab751a28
--- /dev/null
+++ b/roles/mmfd/tasks/main.yml
@@ -0,0 +1,31 @@
+- name: Add repository key for babeld and utils
+  apt_key: keyserver="{{ pgp_keyserver }}" id="{{mmfd_repository_key}}"
+
+- name: Add repository for babeld and utils
+  apt_repository: repo="deb {{mmfd_repository}}"
+
+- name: Install mmfd (babel utils)
+  apt: name="mmfd"
+
+- name: Install interfaces file
+  template: >
+    src=interfaces
+    dest=/etc/network/interfaces.d/babel-{{site_code}}-mmfd
+
+- name: Configure firewall
+  template: src=firewall.sh dest={{ firewall_path }}/35-babel-{{site_code}}-mmfd
+  when: firewall_enabled
+  notify: reload firewall
+
+- name: Install mmfd service
+  template: src=mmfd.service dest=/etc/systemd/system/mmfd.service
+  notify:
+  - reload systemd
+  - restart mmfd
+ 
+- name: Enable mmfd
+  service:
+    name: mmfd
+    enabled: yes
+    state: started
+
diff --git a/roles/mmfd/templates/firewall.sh b/roles/mmfd/templates/firewall.sh
new file mode 100644
index 00000000..afa72bde
--- /dev/null
+++ b/roles/mmfd/templates/firewall.sh
@@ -0,0 +1,4 @@
+# mmfd
+{% for ifname in babel_interfaces %}
+ipt -A INPUT -i {{ifname}} -p udp --dport 27275 -j ACCEPT
+{% endfor %}
diff --git a/roles/mmfd/templates/interfaces b/roles/mmfd/templates/interfaces
new file mode 100644
index 00000000..dea96c08
--- /dev/null
+++ b/roles/mmfd/templates/interfaces
@@ -0,0 +1,8 @@
+# {{ ansible_managed }}
+
+allow-hotplug mmfd0
+auto mmfd0
+iface mmfd0 inet6 static
+	address  fe80::1
+	netmask 64
+	post-up ip r add ff05::2:1001/128 dev mmfd0 table local
diff --git a/roles/mmfd/templates/mmfd.service b/roles/mmfd/templates/mmfd.service
new file mode 100644
index 00000000..3cbfa668
--- /dev/null
+++ b/roles/mmfd/templates/mmfd.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=mmfd
+Wants=basic.target
+After=basic.target network.target babeld.service
+
+[Service]
+Type=simple
+ExecStart=/usr/local/bin/mmfd
+KillMode=process
+Restart=always
+RestartSec=3
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/wireguard/README.md b/roles/wireguard/README.md
index 09929073..4c02a7a3 100644
--- a/roles/wireguard/README.md
+++ b/roles/wireguard/README.md
@@ -32,4 +32,7 @@ ipt6 -A FORWARD -o wg-bb-+ -i babel-wg+ -j ACCEPT
 ipt6 -A FORWARD -i wg-bb-+ -o babel-wg+ -j ACCEPT
 ipt6 -A FORWARD -o wg-bb-+ -i wg-bb-+ -j ACCEPT
 
+# respondd (with mmfd + mesh-announce)
+ipt6 -A INPUT -i wg-bb-+ -p udp --dport 1001 -j ACCEPT
+
 ```