You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Jan-Philipp Litza 59d797af7a
system: Handle power button
4 months ago
behave behave: add very basic tests for Huginn and Grafana 2 years ago
filter_plugins backbone-gre: Bring up interfaces immediately 7 years ago
group_vars influxdb: Use ansible influx module 1 year ago
lib Remove GPG host_vars support 1 year ago
library Fix writing of secret.conf 8 months ago
playbooks Fixed tmpfs role and enabled it for vpnservers playbook 7 months ago
roles system: Handle power button 4 months ago
scripts Reencrypt for janeric 1 year ago
site@3c89298127 [BUGFIX] change ipv6 prefix without infrastructur 5 years ago
vagrant Add vagrant configuration 8 years ago
.ansible-lint Added ansible-lint config 1 year ago
.gitignore add requirements.txt, for easy installation of Python dependencies 8 months ago
.gitmodules Add site configuration as submodule 8 years ago add requirements.txt, for easy installation of Python dependencies 8 months ago
ansible.cfg Make ansible_managed static 6 years ago
hosts lower fastd_peers_limit for vpn7/8 again 6 months ago
requirements.txt install netaddr package on Ansible controller host 7 months ago
vault_passphrase.gpg Reencrypt for janeric 1 year ago

Ansible Freifunk Bremen

In this repository are playbooks for deploying services on Freifunk Bremen machines.


With PyPI:

virtualenv pythonenv
source pythonenv/bin/activate
pip install -r requirements.txt

Or as Debian/Ubuntu packages:

apt-get install python-dnspython ca-certificates


  • services: Generic service host for Freifunk Bremen community.
  • vpnserver: vpnserver sets up a Freifunk Bremen gateway.


Community related variables are defined in site/site.conf and group_vars/all.yml. This variables are used by the ansible-tasks.

pgp_keyserver:        ''
site_git_root:        ''
site_city:            'bremen'
site_domain:          ''
site_vpn_prefix:      'vpn'
icvpn_as:             65196
fastd_peers_limit:    150

Other communities need to modify this variables.


The hosts-file defines all machines where our services are deployed on as well as community related variables. For other communities the variables are to be changed. Variables:

ipv6_local_network  = "fd75:3707:b8c2::/64",
icvpn_ipv4_network  = "",
icvpn_ipv6_network  = "fec0::a:cf:0:c4/96",



with exit_ipv4=gre and ansible_ssh_port=* (both optional).

Gateway Playbook

Playbook vpnserver sets up a Freifunk Bremen gateway. When executed additional variabels need to be defined. For example to set up a Freifunk gateway on vpn05 the following command is used:

ansible-playbook playbooks/vpnserver.yml -e "exit_ipv6_remote=*"

For detailed information about the roles see inside of the role.


After setting up a vpnserver you have to do something by hand.

Create DNS-Entries

In Bremen you need a VPN-Entry and NTP-Entry.

Add fastd-public-key to site.confg

You got your key from running

fastd --show-key -c /etc/fastd/{{site_code}}/fastd.conf

Then add it to your site.conf - From Bremen you found it here

Do not forget to add NTP-Server either.

Add vpn to icvpn

Publish your tinc Public-key to IC-VPN. Your found your one /etc/tinc/icvpn/hosts/{{site_city}}{{id}}. So other IC-VPN-Servers could create a vpn-Connection to your VPN.

Add vpn to icvpn-meta

Add your new VPN to the IC-VPN-Meta to get the bgp routing active on other Host from other communitys.

Add bgp internal routing

Ask to other VPN-Owner to run ansible again. On this way the other vpns got the new internal routing in bird and bird6. See here