several changes (update IP ranges, some minor corrections)... I should use commit more often. Mea culpa

inventory

@@ -0,0 +1 @@
+/home/stefan/ff/dortmund_next/inventory

mapserver.yml

@@ -0,0 +1,19 @@
+# Playbook zur Konfiguration aller Servern von services
+
+- hosts: map-ng
+  remote_user: root
+  roles:
+    - { role: hostname, tags: "hostname"}
+    - { role: common, tags: "common"}
+    - { role: motd, tags: "motd"}
+    - { role: backports-kernel, tags: "backports-kernel"}
+    - { role: tunearpcache, tags: "tunearpcache"}
+#    - { role: batman_build, tags: "batman_build", when:  "'batman_version' in hostvars[inventory_hostname]"}
+    - { role: mapserver_interfaces, tags: "mapserver_interfaces"}
+    - { role: mapserver_hopglass-server, tags: "mapserver_hopglass-server"}
+    - { role: mapserver_hopglass, tags: "mapserver_hopglass"}
+    - { role: mapserver_nginx, tags: "mapserver_nginx"}
+#    - { role: collectd, tags: "collectd"}
+    - { role: py_respondd, tags: "py_respondd"}
+#    - { role: mapserver_stats, tags: "mapserver_stats"}
+

roles/backbone_gre_ffdo/templates/gre_interbackbone.j2

@@ -0,0 +1,28 @@
+# This file is managed by ansible, don't make changes here - they will be overwritten.
+{% for host in groups['supernodes'] %}
+{% if host != inventory_hostname %}
+#auto bck-{{host}}
+#iface bck-{{host}} inet static
+{% if hostvars[host].vm_id < vm_id %}
+#        address 192.168.{{ hostvars[host].vm_id-1 }}.{{vm_id*2+1}}
+{% else %}
+#        address 192.168.{{ vm_id-1 }}.{{hostvars[host].vm_id*2}}
+{% endif %}
+#        netmask 31
+#        pre-up ip link add $IFACE type gre local {{ansible_default_ipv4.address}} remote {{hostvars[host].ansible_ssh_host}} ttl 255
+#        pre-up ip link set $IFACE up multicast on
+#        post-up ip rule add iif $IFACE table ffnet
+#        pre-down ip rule del iif $IFACE table ffnet ||:
+#iface bck-{{host}} inet6 static
+{% if hostvars[host].vm_id < vm_id %}
+#        address 2a03:2260:115:ffa1::{{hostvars[host].vm_id}}:{{vm_id}}:0
+{% else %}
+#        address 2a03:2260:115:ffa1::{{vm_id}}:{{hostvars[host].vm_id}}:1
+{% endif %}
+#        netmask 127
+#        post-up ip -6 rule add iif $IFACE table ffnet
+#        pre-down ip -6 rule del iif $IFACE table ffnet ||:
+#        post-down ip link delete $IFACE
+
+{% endif %}
+{% endfor %}

roles/backbone_gre_ffms/templates/gre_interbackbone.j2

@@ -1,28 +0,0 @@
-# This file is managed by ansible, don't make changes here - they will be overwritten.
-{% for host in groups['gateways']+groups['domaene-06'] %}
-{% if host != inventory_hostname %}
-auto bck-{{host}}
-iface bck-{{host}} inet static
-{% if hostvars[host].vm_id < vm_id %}
-        address 192.168.{{ hostvars[host].vm_id-1 }}.{{vm_id*2+1}}
-{% else %}
-        address 192.168.{{ vm_id-1 }}.{{hostvars[host].vm_id*2}}
-{% endif %}
-        netmask 31
-        pre-up ip link add $IFACE type gre local {{ansible_default_ipv4.address}} remote {{hostvars[host].ansible_ssh_host}} ttl 255
-        pre-up ip link set $IFACE up multicast on
-        post-up ip rule add iif $IFACE table ffnet
-        pre-down ip rule del iif $IFACE table ffnet ||:
-iface bck-{{host}} inet6 static
-{% if hostvars[host].vm_id < vm_id %}
-        address 2a03:2260:115:ffa1::{{hostvars[host].vm_id}}:{{vm_id}}:0
-{% else %}
-        address 2a03:2260:115:ffa1::{{vm_id}}:{{hostvars[host].vm_id}}:1
-{% endif %}
-        netmask 127
-        post-up ip -6 rule add iif $IFACE table ffnet
-        pre-down ip -6 rule del iif $IFACE table ffnet ||:
-        post-down ip link delete $IFACE
-
-{% endif %}
-{% endfor %}

roles/bird/tasks/main.yml

@@ -44,13 +44,18 @@
   with_items: "{{domaenenliste | default([])}}"
   when: domaenenliste is defined
 
-- name: configure bird.conf
-  template: 
+- name: copy generic bird.conf to base directory
+  template:
     src: bird.conf.j2
     dest: /etc/bird/bird.conf
   notify:
     - configure bird
 
+- name: make sure conf.d directory exists
+  file:
+    path: /etc/bird/conf.d
+    state: directory
+
 - name: general (disabled) bird.conf from MS setup
   template: 
     src: bird_ms.conf.j2
@@ -58,7 +63,6 @@
   notify:
     - configure bird
 
-
 - name: configure batman.conf
   template: 
     src: batman.conf.j2
@@ -66,19 +70,18 @@
   notify:
     - configure bird
 
-- name: configure ospf.conf (temporary nat-routing over old supernodes)
-  template: 
-    src: ospf.conf.j2
-    dest: /etc/bird/conf.d/ospf.conf
-  notify:
-    - configure bird
-
-- name: configure bird6.conf
+- name: copy generic bird6.conf to base directory
   template:
     src: bird6.conf.j2
     dest: /etc/bird/bird6.conf
   notify:
-    - configure bird6
+    - configure bird
+
+- name: make sure conf6.d directory exists
+  file:
+    path: /etc/bird/conf6.d
+    state: directory
+
 
 - name: general (disabled) bird6.conf from MS setup
   template: 
@@ -94,13 +97,6 @@
   notify:
     - configure bird
 
-- name: configure ospf6.conf (temporary routing over old supernodes)
-  template: 
-    src: ospf6.conf.j2
-    dest: /etc/bird/conf6.d/ospf6.conf
-  notify:
-    - configure bird
-
 - name: bird.service kopieren
   copy: 
     src: bird.service

roles/bird/templates/bird.conf.j2

@@ -1,6 +1,6 @@
 # Managed by Ansible... do not update manually as changes will be overwritten
 
-router id {{ secondary_vnic_ip4 }};
+router id {{ primary_vnic_ip4 }};
 log syslog all;
 
 protocol kernel { 

roles/bird/templates/bird6.conf.j2

@@ -1,4 +1,4 @@
-router id {{ secondary_vnic_ip4 }};
+router id {{ primary_vnic_ip4 }};
 log syslog all;
 
 protocol kernel {

roles/bird/templates/bird6_ms.conf.j2

@@ -12,15 +12,15 @@ filter freifunk {
 	reject;
 }
 
-protocol kernel {
-	scan time 20;
-	import all;
-	export all;
-	table ffnet;
-	kernel table 42;
-	device routes;
-	persist;
-};
+#protocol kernel {
+#	scan time 20;
+#	import all;
+#	export all;
+#	table ffnet;
+#	kernel table 42;
+#	device routes;
+#	persist;
+#};
 
 {% if domaenenliste is defined %}
 protocol radv {
@@ -108,14 +108,14 @@ protocol static 'static_{{inventory_hostname_short}}' {
 };
 {% endif %}
 
-protocol kernel 'kernel_master' {
-	scan time 20;
-	table master;
-	kernel table 254;
-	import all;
-	export all;
-	persist;
-};
+#protocol kernel 'kernel_master' {
+#	scan time 20;
+#	table master;
+#	kernel table 254;
+#	import all;
+#	export all;
+#	persist;
+#};
 
 protocol static {
 	table master;

roles/bird/templates/ospf.conf.j2

@@ -1,6 +1,6 @@
 define FFDO_subnet_new =
 [
-        10.233.128.0/17+
+        10.0.0.0/8+
 ];
 
 define FFDO_subnet_old =

roles/bird/templates/ospf6.conf.j2

@@ -1,16 +1,16 @@
 define FFDO6_subnet_new =
 [
-	2a03:2260:300a:2000::/64+,
-	2a03:2260:300a:2100::/64+,
-	2a03:2260:300a:2200::/64+,
-	2a03:2260:300a:2300::/64+,
-	2a03:2260:300a:2400::/64+,
-	2a03:2260:300a:2500::/64+,
-	2a03:2260:300a:2600::/64+,
-	2a03:2260:300a:2700::/64+,
-	2a03:2260:300a:2800::/64+,
-	2a03:2260:300a:2900::/64+,
-	2a03:2260:300a:2a00::/64+
+	2a03:2260:300a:1::/64+,
+	2a03:2260:300a:2::/64+,
+	2a03:2260:300a:3::/64+,
+	2a03:2260:300a:4::/64+,
+	2a03:2260:300a:5::/64+,
+	2a03:2260:300a:6::/64+,
+	2a03:2260:300a:7::/64+,
+	2a03:2260:300a:8::/64+,
+	2a03:2260:300a:9::/64+,
+	2a03:2260:300a:a::/64+,
+	2a03:2260:300a:b::/64+
 ];
 
 define FFDO6_subnet_old =

roles/bird_dtm/files/bird.service

@@ -0,0 +1,14 @@
+[Unit]
+Description=BIRD Internet Routing Daemon (IPv4)
+After=network.target
+
+[Service]
+EnvironmentFile=/etc/bird/envvars
+ExecStartPre=/usr/lib/bird/prepare-environment
+ExecStartPre=/usr/sbin/bird -p
+ExecReload=/usr/sbin/birdc configure
+ExecStart=/usr/sbin/bird -f -u $BIRD_RUN_USER -g $BIRD_RUN_GROUP $BIRD_ARGS
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target

roles/bird_dtm/files/bird6.service

@@ -0,0 +1,14 @@
+[Unit]
+Description=BIRD Internet Routing Daemon (IPv6)
+After=network.target
+
+[Service]
+EnvironmentFile=/etc/bird/envvars
+ExecStartPre=/usr/lib/bird/prepare-environment
+ExecStartPre=/usr/sbin/bird6 -p
+ExecReload=/usr/sbin/birdc6 configure
+ExecStart=/usr/sbin/bird6 -f -u $BIRD_RUN_USER -g $BIRD_RUN_GROUP $BIRD_ARGS
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target

roles/bird_dtm/handlers/main.yml

@@ -0,0 +1,7 @@
+---
+- name: configure bird
+  shell: birdc configure || systemctl restart bird
+
+- name: configure bird6
+  shell: birdc6 configure || systemctl restart bird6
+

roles/bird_dtm/tasks/main.yml

@@ -0,0 +1,128 @@
+---
+# Role for configure bird and bird6 for our gateway servers.
+- name: add key for bird repo
+  apt_key:
+    keyserver: keyserver.ubuntu.com 
+    id: AC0E47584A7A714D
+  when: ansible_distribution == "Debian"
+
+- name: add bird repo
+  apt_repository:
+    repo: "deb http://bird.network.cz/debian/ {{ ansible_distribution_release }} main"
+    state: present
+  when: ansible_distribution == "Debian" and ansible_distribution_major_version == "8"
+
+- name: install bird and other required packets
+  apt:
+    pkg: "{{item}}"
+    update_cache: yes
+    cache_valid_time: 1800
+    state: present
+  with_items:
+    - bird
+    - bird6
+    - ipcalc
+  when: ansible_distribution == "Debian" and ansible_distribution_major_version == "8"
+
+- name: install bird and other required packets
+  apt:
+    pkg: "{{item}}"
+    update_cache: yes
+    cache_valid_time: 1800
+    state: present
+  with_items:
+    - bird
+    - ipcalc
+  when: (ansible_distribution == "Ubuntu") or
+        (ansible_distribution == "Debian" and ansible_distribution_major_version == "9")
+
+- name: calculate more specific routes for DHCP pools
+  shell: ipcalc {{ domaenenliste[item].dhcp_start }} - {{ domaenenliste[item].dhcp_ende}} | grep -v "deaggregate" | sed -e 's/\(^.*$\)/route \1 via "bat{{item}}";/g'
+  check_mode: no
+  changed_when: false
+  register: more_specific_routes
+  with_items: "{{domaenenliste | default([])}}"
+  when: domaenenliste is defined
+
+- name: configure bird.conf
+  template: 
+    src: bird.conf.j2
+    dest: /etc/bird/bird.conf
+  notify:
+    - configure bird
+
+- name: general (disabled) bird.conf from MS setup
+  template: 
+    src: bird_ms.conf.j2
+    dest: /etc/bird/conf.d/ffms.conf_dis
+  notify:
+    - configure bird
+
+
+- name: configure batman.conf
+  template: 
+    src: batman.conf.j2
+    dest: /etc/bird/conf.d/batman.conf
+  notify:
+    - configure bird
+
+- name: configure ospf.conf (temporary nat-routing over old supernodes)
+  template: 
+    src: ospf.conf.j2
+    dest: /etc/bird/conf.d/ospf.conf
+  notify:
+    - configure bird
+
+- name: configure bird6.conf
+  template:
+    src: bird6.conf.j2
+    dest: /etc/bird/bird6.conf
+  notify:
+    - configure bird6
+
+- name: general (disabled) bird6.conf from MS setup
+  template: 
+    src: bird_ms.conf.j2
+    dest: /etc/bird/conf6.d/ffms6.conf_dis
+  notify:
+    - configure bird
+
+- name: configure batman6.conf
+  template: 
+    src: batman6.conf.j2
+    dest: /etc/bird/conf6.d/batman6.conf
+  notify:
+    - configure bird
+
+- name: configure ospf6.conf (temporary routing over old supernodes)
+  template: 
+    src: ospf6.conf.j2
+    dest: /etc/bird/conf6.d/ospf6.conf
+  notify:
+    - configure bird
+
+- name: bird.service kopieren
+  copy: 
+    src: bird.service
+    dest: /lib/systemd/system/bird.service
+  notify:
+    - configure bird
+
+- name: bird6.service kopieren
+  copy: 
+    src: bird6.service
+    dest: /lib/systemd/system/bird6.service
+  notify:
+    - configure bird6
+
+- name: activate and start bird
+  service:
+    name: bird
+    state: started 
+    enabled: yes
+
+- name: activate and start bird6
+  service: 
+    name: bird6
+    state: started
+    enabled: yes

roles/bird_dtm/templates/batman.conf.j2

@@ -0,0 +1,9 @@
+{% if domaenenliste is defined %}
+{% for domaene in domaenenliste|dictsort %}
+
+protocol direct bat{{domaene[0]}} {
+        interface "bat{{domaene[0]}}";
+};
+
+{% endfor %}
+{% endif %}

roles/bird_dtm/templates/batman6.conf.j2

@@ -0,0 +1,9 @@
+{% if domaenenliste is defined %}
+{% for domaene in domaenenliste|dictsort %}
+
+protocol direct bat{{domaene[0]}} {
+        interface "bat{{domaene[0]}}";
+};
+
+{% endfor %}
+{% endif %}

roles/bird_dtm/templates/bird.conf.j2

@@ -0,0 +1,26 @@
+# Managed by Ansible... do not update manually as changes will be overwritten
+
+router id {{ secondary_vnic_ip4 }};
+log syslog all;
+
+protocol kernel { 
+   persist;
+   scan time 10;
+   device routes;
+   import all;
+   export all;   
+   kernel table 42;
+};
+
+protocol device {
+   scan time 10;
+};
+
+/*
+protocol static unr_def {
+   preference 1;
+   route 0.0.0.0/0 unreachable;
+};
+*/
+
+include "/etc/bird/conf.d/*.conf"; 

roles/bird_dtm/templates/bird6.conf.j2

@@ -0,0 +1,22 @@
+router id {{ secondary_vnic_ip4 }};
+log syslog all;
+
+protocol kernel {
+    persist;
+    scan time 10;
+    device routes;
+    import all;
+    export all;
+    kernel table 42;
+};
+
+protocol device {
+    scan time 10;
+};
+
+protocol static unr_def {
+    preference 1;
+    route ::/0 unreachable;
+};
+
+include "/etc/bird/conf6.d/*.conf";

roles/bird_dtm/templates/bird6_ms.conf.j2

@@ -0,0 +1,194 @@
+# This file is managed by ansible, don't make changes here - they will be overwritten.
+log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };
+router id {{ vm_id }};
+
+table ffnet;
+
+filter freifunk {
+	if net ~ {{ff_network.v6_network}} then accept;
+{% if not ffrl_tun is defined %}
+	if net ~ [::/0] then accept;
+{% endif %}
+	reject;
+}
+
+protocol kernel {
+	scan time 20;
+	import all;
+	export all;
+	table ffnet;
+	kernel table 42;
+	device routes;
+	persist;
+};
+
+{% if domaenenliste is defined %}
+protocol radv {
+{% for domaene in domaenenliste|dictsort %}
+	interface "bat{{domaene[0]}}" {
+		max ra interval 20;
+		link mtu 1280;
+		prefix {{domaenen[domaene[0]].ffv6_network}} {
+		};
+		rdnss {
+			ns {{domaenen[domaene[0]].ffv6_network | ipaddr(domaene[1].server_id) | ipaddr('address') }};
+		};
+		dnssl "{{freifunk.search_domain}}";
+	};
+{% endfor %}
+};
+{% endif %}
+
+
+protocol bfd {
+	table ffnet;
+	interface "gre*";
+	interface "bck*";
+	multihop {
+		passive;
+	};
+};
+
+protocol device {
+	scan time 10;
+};
+
+protocol ospf {
+	table ffnet;
+	import filter freifunk;
+	export all;
+	area 0.0.0.0 {
+		interface "bat*" {
+			stub;
+		};
+{% for host in groups['supernodes'] %}
+{% if hostvars[host].hoster|default('unknown') != hoster|default('unknown') %}
+		interface "bck-{{host}}" {
+			cost 1000;
+		};
+{% endif %}
+{% endfor %}
+		interface "bck-*";
+{% if ffrl_tun is defined %}
+		interface "lo" {
+			stub;
+		};
+{% endif %}
+	};
+};
+
+function is_default() {
+	return (net ~ [::/0]);
+};
+
+{% if ffrl_tun is defined %}
+filter export_to_upstream_filter {
+	if source = RTS_STATIC then accept;
+	reject;
+};
+{% endif %}
+
+protocol static static_Gesamtnetzwerk {
+	table ffnet;
+	route {{ff_network.v6_network}} reject;
+};
+
+{% if domaenenliste is defined %}
+{% for domaene in domaenenliste|dictsort %}
+protocol static static_domaene{{domaene[0]}} {
+	table ffnet;
+	route {{domaenen[domaene[0]].ffv6_network | regex_replace('..::/\d+$','00::/56')}} reject;
+};
+{% endfor %}
+{% endif %}
+{% if dhcp is defined %}
+protocol static 'static_{{inventory_hostname_short}}' {
+	table ffnet;
+	route {{ff_network.v6_network | regex_replace('..::/\d+$','00::/56')}} reject;
+};
+{% endif %}
+
+protocol kernel 'kernel_master' {
+	scan time 20;
+	table master;
+	kernel table 254;
+	import all;
+	export all;
+	persist;
+};
+
+protocol static {
+	table master;
+	import all;
+	export none;
+};
+
+protocol direct {
+	interface "lo";
+	interface "tun-ffrl*";
+	interface "gre-*";
+	interface "bck-*";
+	interface "bat*";
+	table ffnet;
+}
+
+template bgp internal {
+	table ffnet;
+	local as {{ff_network.as_number}};
+	import filter {
+		if is_default() then
+			preference = 99;
+		else
+			preference = 160;
+		accept;
+	};
+	export filter {
+		if source = RTS_BGP then accept;
+{% if ffrl_tun is not defined %}
+		if source = RTS_STATIC then accept;
+{% endif %}
+		else reject;
+	};
+	gateway direct;
+	direct;
+	next hop self;
+};
+
+{% for host in groups['supernodes'] %}
+{% if hostvars[host].vm_id != vm_id %}
+protocol bgp ibgp_{{host|regex_replace('-','_')}} from internal {
+{% if hostvars[host].vm_id < vm_id %}
+	neighbor 2a03:2260:115:ffa1::{{hostvars[host].vm_id}}:{{vm_id}}:1 as {{ff_network.as_number}};
+{% else %}
+	neighbor 2a03:2260:115:ffa1::{{vm_id}}:{{hostvars[host].vm_id}}:0 as {{ff_network.as_number}};
+{% endif %}
+{% if hostvars[host].hoster|default('unknown') != hoster|default('unknown') %}
+	import filter {
+		preference = 50;
+		accept;
+	};
+{% endif %}
+}
+
+{% endif %}
+{% endfor %}
+
+{% if ffrl_tun is defined %}
+template bgp uplink {
+	table ffnet;
+	local as {{ff_network.as_number}};
+	import where is_default();
+	export filter export_to_upstream_filter;
+	gateway recursive;
+}
+
+{% for tun in ffrl_tun %}
+protocol bgp ffrl_{{tun.name}} from uplink {
+	description "Rheinland Backbone";
+	source address {{ tun.v6_remote | ipaddr('2') | ipaddr('address') }};
+	neighbor {{tun.v6_remote | ipaddr('address')}} as 201701;
+};
+
+{% endfor %}
+{% endif %}
+

roles/bird_dtm/templates/bird_ms.conf.j2

@@ -0,0 +1,194 @@
+# This file is managed by ansible, don't make changes here - they will be overwritten.
+log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };
+router id {{ vm_id }};
+
+table ffnet;
+
+filter freifunk {
+	if net ~ {{ff_network.v6_network}} then accept;
+{% if not ffrl_tun is defined %}
+	if net ~ [::/0] then accept;
+{% endif %}
+	reject;
+}
+
+protocol kernel {
+	scan time 20;
+	import all;
+	export all;
+	table ffnet;
+	kernel table 42;
+	device routes;
+	persist;
+};
+
+{% if domaenenliste is defined %}
+protocol radv {
+{% for domaene in domaenenliste|dictsort %}
+	interface "bat{{domaene[0]}}" {
+		max ra interval 20;
+		link mtu 1280;
+		prefix {{domaenen[domaene[0]].ffv6_network}} {
+		};
+		rdnss {
+			ns {{domaenen[domaene[0]].ffv6_network | ipaddr(domaene[1].server_id) | ipaddr('address') }};
+		};
+		dnssl "{{freifunk.search_domain}}";
+	};
+{% endfor %}
+};
+{% endif %}
+
+
+protocol bfd {
+	table ffnet;
+	interface "gre*";
+	interface "bck*";
+	multihop {
+		passive;
+	};
+};
+
+protocol device {
+	scan time 10;
+};
+
+protocol ospf {
+	table ffnet;
+	import filter freifunk;
+	export all;
+	area 0.0.0.0 {
+		interface "bat*" {
+			stub;
+		};
+{% for host in groups['supernodes'] %}
+{% if hostvars[host].hoster|default('unknown') != hoster|default('unknown') %}
+		interface "bck-{{host}}" {
+			cost 1000;
+		};
+{% endif %}
+{% endfor %}
+		interface "bck-*";
+{% if ffrl_tun is defined %}
+		interface "lo" {
+			stub;
+		};
+{% endif %}
+	};
+};
+
+function is_default() {
+	return (net ~ [::/0]);
+};
+
+{% if ffrl_tun is defined %}
+filter export_to_upstream_filter {
+	if source = RTS_STATIC then accept;
+	reject;
+};
+{% endif %}
+
+protocol static static_Gesamtnetzwerk {
+	table ffnet;
+	route {{ff_network.v6_network}} reject;
+};
+
+{% if domaenenliste is defined %}
+{% for domaene in domaenenliste|dictsort %}
+protocol static static_domaene{{domaene[0]}} {
+	table ffnet;
+	route {{domaenen[domaene[0]].ffv6_network | regex_replace('..::/\d+$','00::/56')}} reject;
+};
+{% endfor %}
+{% endif %}
+{% if dhcp is defined %}
+protocol static 'static_{{inventory_hostname_short}}' {
+	table ffnet;
+	route {{ff_network.v6_network | regex_replace('..::/\d+$','00::/56')}} reject;
+};
+{% endif %}
+
+protocol kernel 'kernel_master' {
+	scan time 20;
+	table master;
+	kernel table 254;
+	import all;
+	export all;
+	persist;
+};
+
+protocol static {
+	table master;
+	import all;
+	export none;
+};
+
+protocol direct {
+	interface "lo";
+	interface "tun-ffrl*";
+	interface "gre-*";
+	interface "bck-*";
+	interface "bat*";
+	table ffnet;
+}
+
+template bgp internal {
+	table ffnet;
+	local as {{ff_network.as_number}};
+	import filter {
+		if is_default() then
+			preference = 99;
+		else
+			preference = 160;
+		accept;
+	};
+	export filter {
+		if source = RTS_BGP then accept;
+{% if ffrl_tun is not defined %}
+		if source = RTS_STATIC then accept;
+{% endif %}
+		else reject;
+	};
+	gateway direct;
+	direct;
+	next hop self;
+};
+
+{% for host in groups['supernodes'] %}
+{% if hostvars[host].vm_id != vm_id %}
+protocol bgp ibgp_{{host|regex_replace('-','_')}} from internal {
+{% if hostvars[host].vm_id < vm_id %}
+	neighbor 2a03:2260:115:ffa1::{{hostvars[host].vm_id}}:{{vm_id}}:1 as {{ff_network.as_number}};
+{% else %}
+	neighbor 2a03:2260:115:ffa1::{{vm_id}}:{{hostvars[host].vm_id}}:0 as {{ff_network.as_number}};
+{% endif %}
+{% if hostvars[host].hoster|default('unknown') != hoster|default('unknown') %}
+	import filter {
+		preference = 50;
+		accept;
+	};
+{% endif %}
+}
+
+{% endif %}
+{% endfor %}
+
+{% if ffrl_tun is defined %}
+template bgp uplink {
+	table ffnet;
+	local as {{ff_network.as_number}};
+	import where is_default();
+	export filter export_to_upstream_filter;
+	gateway recursive;
+}
+
+{% for tun in ffrl_tun %}
+protocol bgp ffrl_{{tun.name}} from uplink {
+	description "Rheinland Backbone";
+	source address {{ tun.v6_remote | ipaddr('2') | ipaddr('address') }};
+	neighbor {{tun.v6_remote | ipaddr('address')}} as 201701;
+};
+
+{% endfor %}
+{% endif %}
+

roles/bird_dtm/templates/ospf.conf.j2

@@ -0,0 +1,41 @@
+define FFDO_subnet_new =
+[
+        10.0.0.0/8+
+];
+
+define FFDO_subnet_old =
+[
+        10.233.0.0/18+
+];
+
+define AS31371_nets =
+[
+        91.204.4.0/22{24,32},
+        195.160.168.0/23+,
+        193.43.221.0/24+
+];
+
+protocol ospf ospf5 {
+
+#        import where net ~ AS31371_nets || net ~ FFDO_subnet_old;
+        import where net ~ FFDO_subnet_old;
+        export filter {
+                if net ~ FFDO_subnet_new then {
+                        ospf_metric1 = 10;
+                        accept;
+                }
+                reject;
+        };
+
+        area 0.0.0.0 {
+                interface "{{secondary_vnic}}" {
+                        cost 10;
+                        type broadcast;
+                        hello 10;
+                        retransmit 5;
+                        dead 40;
+                        wait 10;
+                };
+        };
+};
+

roles/bird_dtm/templates/ospf6.conf.j2

@@ -0,0 +1,37 @@
+define FFDO6_subnet_new =
+[
+	2a03:2260:300a:1::/64+,
+	2a03:2260:300a:2::/64+,
+	2a03:2260:300a:3::/64+,
+	2a03:2260:300a:4::/64+,
+	2a03:2260:300a:5::/64+,
+	2a03:2260:300a:6::/64+,
+	2a03:2260:300a:7::/64+,
+	2a03:2260:300a:8::/64+,
+	2a03:2260:300a:9::/64+,
+	2a03:2260:300a:a::/64+,
+	2a03:2260:300a:b::/64+
+];
+
+define FFDO6_subnet_old =
+[
+	2a03:2260:300a:1000::/64+
+];
+
+protocol ospf ospfffdo6 {
+
+#	import where net ~ FFDO6_subnet_old;
+	import all;
+	export where net ~ FFDO6_subnet_new;
+
+	area 0.0.0.0 {
+		interface "{{secondary_vnic}}" {
+			cost 10;
+			type broadcast;
+			hello 10; 
+			retransmit 5; 
+			dead 40;
+			wait 10;
+		};
+	};
+};

roles/bird_dtm/templates/temp/batman.conf

@@ -0,0 +1,5 @@
+protocol direct bat01 {
+        interface "bat01";
+};
+
+#Todo: per Ansible erzeugen

roles/bird_dtm/templates/temp/ff6.conf_dis

@@ -0,0 +1,290 @@
+# This file is managed by ansible, don't make changes here - they will be overwritten.
+log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };
+router id 1;
+
+table ffnet;
+
+filter freifunk {
+	if net ~ 2a03:2260:300a::/48 then accept;
+	reject;
+}
+
+protocol kernel {
+	scan time 20;
+	import all;
+	export all;
+	table ffnet;
+	kernel table 42;
+	device routes;
+	persist;
+};
+
+protocol radv {
+	interface "bat01" {
+		max ra interval 20;
+		link mtu 1280;
+		prefix 2a03:2260:300a:2000::/64 {
+		};
+		rdnss {
+			ns 2a03:2260:300a:2000::1;
+		};
+		dnssl "ffdo";
+	};
+	interface "bat02" {
+		max ra interval 20;
+		link mtu 1280;
+		prefix 2a03:2260:300a:2100::/64 {
+		};
+		rdnss {
+			ns 2a03:2260:300a:2100::1;
+		};
+		dnssl "ffdo";
+	};
+	interface "bat03" {
+		max ra interval 20;
+		link mtu 1280;
+		prefix 2a03:2260:300a:2200::/64 {
+		};
+		rdnss {
+			ns 2a03:2260:300a:2200::1;
+		};
+		dnssl "ffdo";
+	};
+	interface "bat04" {
+		max ra interval 20;
+		link mtu 1280;
+		prefix 2a03:2260:300a:2300::/64 {
+		};
+		rdnss {
+			ns 2a03:2260:300a:2300::1;
+		};
+		dnssl "ffdo";
+	};
+	interface "bat05" {
+		max ra interval 20;
+		link mtu 1280;
+		prefix 2a03:2260:300a:2400::/64 {
+		};
+		rdnss {
+			ns 2a03:2260:300a:2400::1;
+		};
+		dnssl "ffdo";
+	};
+	interface "bat06" {
+		max ra interval 20;
+		link mtu 1280;
+		prefix 2a03:2260:300a:2500::/64 {
+		};
+		rdnss {
+			ns 2a03:2260:300a:2500::1;
+		};
+		dnssl "ffdo";
+	};
+	interface "bat07" {
+		max ra interval 20;
+		link mtu 1280;
+		prefix 2a03:2260:300a:2600::/64 {
+		};
+		rdnss {
+			ns 2a03:2260:300a:2600::1;
+		};
+		dnssl "ffdo";
+	};
+	interface "bat08" {
+		max ra interval 20;
+		link mtu 1280;
+		prefix 2a03:2260:300a:2700::/64 {
+		};
+		rdnss {
+			ns 2a03:2260:300a:2700::1;
+		};
+		dnssl "ffdo";
+	};
+	interface "bat09" {
+		max ra interval 20;
+		link mtu 1280;
+		prefix 2a03:2260:300a:2800::/64 {
+		};
+		rdnss {
+			ns 2a03:2260:300a:2800::1;
+		};
+		dnssl "ffdo";
+	};
+	interface "bat10" {
+		max ra interval 20;
+		link mtu 1280;
+		prefix 2a03:2260:300a:2900::/64 {
+		};
+		rdnss {
+			ns 2a03:2260:300a:2900::1;
+		};
+		dnssl "ffdo";
+	};
+	interface "bat11" {
+		max ra interval 20;
+		link mtu 1280;
+		prefix 2a03:2260:300a:2a00::/64 {
+		};
+		rdnss {
+			ns 2a03:2260:300a:2a00::1;
+		};
+		dnssl "ffdo";
+	};
+};
+
+
+protocol bfd {
+	table ffnet;
+	interface "gre*";
+	interface "bck*";
+	multihop {
+		passive;
+	};
+};
+
+protocol device {
+	scan time 10;
+};
+
+protocol ospf {
+	table ffnet;
+	import filter freifunk;
+	export all;
+	area 0.0.0.0 {
+		interface "bat*" {
+			stub;
+		};
+		interface "bck-*";
+		interface "lo" {
+			stub;
+		};
+	};
+};
+
+function is_default() {
+	return (net ~ [::/0]);
+};
+
+filter export_to_upstream_filter {
+	if source = RTS_STATIC then accept;
+	reject;
+};
+
+protocol static static_Gesamtnetzwerk {
+	table ffnet;
+	route 2a03:2260:300a::/48 reject;
+};
+
+protocol static static_domaene01 {
+	table ffnet;
+	route 2a03:2260:300a:2000::/56 reject;
+};
+protocol static static_domaene02 {
+	table ffnet;
+	route 2a03:2260:300a:2100::/56 reject;
+};
+protocol static static_domaene03 {
+	table ffnet;
+	route 2a03:2260:300a:2200::/56 reject;
+};
+protocol static static_domaene04 {
+	table ffnet;
+	route 2a03:2260:300a:2300::/56 reject;
+};
+protocol static static_domaene05 {
+	table ffnet;
+	route 2a03:2260:300a:2400::/56 reject;
+};
+protocol static static_domaene06 {
+	table ffnet;
+	route 2a03:2260:300a:2500::/56 reject;
+};
+protocol static static_domaene07 {
+	table ffnet;
+	route 2a03:2260:300a:2600::/56 reject;
+};
+protocol static static_domaene08 {
+	table ffnet;
+	route 2a03:2260:300a:2700::/56 reject;
+};
+protocol static static_domaene09 {
+	table ffnet;
+	route 2a03:2260:300a:2800::/56 reject;
+};
+protocol static static_domaene10 {
+	table ffnet;
+	route 2a03:2260:300a:2900::/56 reject;
+};
+protocol static static_domaene11 {
+	table ffnet;
+	route 2a03:2260:300a:2a00::/56 reject;
+};
+
+protocol kernel 'kernel_master' {
+	scan time 20;
+	table master;
+	kernel table 254;
+	import all;
+	export all;
+	persist;
+};
+
+protocol static {
+	table master;
+	import all;
+	export none;
+};
+
+protocol direct {
+	interface "lo";
+	interface "tun-ffrl*";
+	interface "gre-*";
+	interface "bck-*";
+	interface "bat*";
+	table ffnet;
+}
+
+template bgp internal {
+	table ffnet;
+	local as 65403;
+	import filter {
+		if is_default() then
+			preference = 99;
+		else
+			preference = 160;
+		accept;
+	};
+	export filter {
+		if source = RTS_BGP then accept;
+		else reject;
+	};
+	gateway direct;
+	direct;
+	next hop self;
+};
+
+protocol bgp ibgp_sn_dev2 from internal {
+	neighbor 2a03:2260:115:ffa1::1:2:0 as 65403;
+}
+
+
+template bgp uplink {
+	table ffnet;
+	local as 65403;
+	import where is_default();
+	export filter export_to_upstream_filter;
+	gateway recursive;
+}
+
+protocol bgp ffrl_dus from uplink {
+	description "Rheinland Backbone";
+	source address 2a03:2260:0:3f::2;
+	neighbor 2a03:2260:0:3f::1 as 201701;
+};
+
+protocol bgp ffrl_fra from uplink {
+	description "Rheinland Backbone";
+	source address 2a03:2260:0:3e::2;
+	neighbor 2a03:2260:0:3e::1 as 201701;
+};
+

roles/bird_dtm/templates/temp/ffms.conf_dis

@@ -0,0 +1,290 @@
+# This file is managed by ansible, don't make changes here - they will be overwritten.
+log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };
+router id 1;
+
+table ffnet;
+
+filter freifunk {
+	if net ~ 2a03:2260:300a::/48 then accept;
+	reject;
+}
+
+protocol kernel {
+	scan time 20;
+	import all;
+	export all;
+	table ffnet;
+	kernel table 42;
+	device routes;
+	persist;
+};
+
+protocol radv {
+	interface "bat01" {
+		max ra interval 20;
+		link mtu 1280;
+		prefix 2a03:2260:300a:2000::/64 {
+		};
+		rdnss {
+			ns 2a03:2260:300a:2000::1;
+		};
+		dnssl "ffdo";
+	};
+	interface "bat02" {
+		max ra interval 20;
+		link mtu 1280;
+		prefix 2a03:2260:300a:2100::/64 {
+		};
+		rdnss {
+			ns 2a03:2260:300a:2100::1;
+		};
+		dnssl "ffdo";
+	};
+	interface "bat03" {
+		max ra interval 20;
+		link mtu 1280;
+		prefix 2a03:2260:300a:2200::/64 {
+		};
+		rdnss {
+			ns 2a03:2260:300a:2200::1;
+		};
+		dnssl "ffdo";
+	};
+	interface "bat04" {
+		max ra interval 20;
+		link mtu 1280;
+		prefix 2a03:2260:300a:2300::/64 {
+		};
+		rdnss {
+			ns 2a03:2260:300a:2300::1;
+		};
+		dnssl "ffdo";
+	};
+	interface "bat05" {
+		max ra interval 20;
+		link mtu 1280;
+		prefix 2a03:2260:300a:2400::/64 {
+		};
+		rdnss {
+			ns 2a03:2260:300a:2400::1;
+		};
+		dnssl "ffdo";
+	};
+	interface "bat06" {
+		max ra interval 20;
+		link mtu 1280;
+		prefix 2a03:2260:300a:2500::/64 {
+		};
+		rdnss {
+			ns 2a03:2260:300a:2500::1;
+		};
+		dnssl "ffdo";
+	};
+	interface "bat07" {
+		max ra interval 20;
+		link mtu 1280;
+		prefix 2a03:2260:300a:2600::/64 {
+		};
+		rdnss {
+			ns 2a03:2260:300a:2600::1;
+		};
+		dnssl "ffdo";
+	};
+	interface "bat08" {
+		max ra interval 20;
+		link mtu 1280;
+		prefix 2a03:2260:300a:2700::/64 {
+		};
+		rdnss {
+			ns 2a03:2260:300a:2700::1;
+		};
+		dnssl "ffdo";
+	};
+	interface "bat09" {
+		max ra interval 20;
+		link mtu 1280;
+		prefix 2a03:2260:300a:2800::/64 {
+		};
+		rdnss {
+			ns 2a03:2260:300a:2800::1;
+		};
+		dnssl "ffdo";
+	};
+	interface "bat10" {
+		max ra interval 20;
+		link mtu 1280;
+		prefix 2a03:2260:300a:2900::/64 {
+		};
+		rdnss {
+			ns 2a03:2260:300a:2900::1;
+		};
+		dnssl "ffdo";
+	};
+	interface "bat11" {
+		max ra interval 20;
+		link mtu 1280;
+		prefix 2a03:2260:300a:2a00::/64 {
+		};
+		rdnss {
+			ns 2a03:2260:300a:2a00::1;
+		};
+		dnssl "ffdo";
+	};
+};
+
+
+protocol bfd {
+	table ffnet;
+	interface "gre*";
+	interface "bck*";
+	multihop {
+		passive;
+	};
+};
+
+protocol device {
+	scan time 10;
+};
+
+protocol ospf {
+	table ffnet;
+	import filter freifunk;
+	export all;
+	area 0.0.0.0 {
+		interface "bat*" {
+			stub;
+		};
+		interface "bck-*";
+		interface "lo" {
+			stub;
+		};
+	};
+};
+
+function is_default() {
+	return (net ~ [::/0]);
+};
+
+filter export_to_upstream_filter {
+	if source = RTS_STATIC then accept;
+	reject;
+};
+
+protocol static static_Gesamtnetzwerk {
+	table ffnet;
+	route 2a03:2260:300a::/48 reject;
+};
+
+protocol static static_domaene01 {
+	table ffnet;
+	route 2a03:2260:300a:2000::/56 reject;
+};
+protocol static static_domaene02 {
+	table ffnet;
+	route 2a03:2260:300a:2100::/56 reject;
+};
+protocol static static_domaene03 {
+	table ffnet;
+	route 2a03:2260:300a:2200::/56 reject;
+};
+protocol static static_domaene04 {
+	table ffnet;
+	route 2a03:2260:300a:2300::/56 reject;
+};
+protocol static static_domaene05 {
+	table ffnet;
+	route 2a03:2260:300a:2400::/56 reject;
+};
+protocol static static_domaene06 {
+	table ffnet;
+	route 2a03:2260:300a:2500::/56 reject;
+};
+protocol static static_domaene07 {
+	table ffnet;
+	route 2a03:2260:300a:2600::/56 reject;
+};
+protocol static static_domaene08 {
+	table ffnet;
+	route 2a03:2260:300a:2700::/56 reject;
+};
+protocol static static_domaene09 {
+	table ffnet;
+	route 2a03:2260:300a:2800::/56 reject;
+};
+protocol static static_domaene10 {
+	table ffnet;
+	route 2a03:2260:300a:2900::/56 reject;
+};
+protocol static static_domaene11 {
+	table ffnet;
+	route 2a03:2260:300a:2a00::/56 reject;
+};
+
+protocol kernel 'kernel_master' {
+	scan time 20;
+	table master;
+	kernel table 254;
+	import all;
+	export all;
+	persist;
+};
+
+protocol static {
+	table master;
+	import all;
+	export none;
+};
+
+protocol direct {
+	interface "lo";
+	interface "tun-ffrl*";
+	interface "gre-*";
+	interface "bck-*";
+	interface "bat*";
+	table ffnet;
+}
+
+template bgp internal {
+	table ffnet;
+	local as 65403;
+	import filter {
+		if is_default() then
+			preference = 99;
+		else
+			preference = 160;
+		accept;
+	};
+	export filter {
+		if source = RTS_BGP then accept;
+		else reject;
+	};
+	gateway direct;
+	direct;
+	next hop self;
+};
+
+protocol bgp ibgp_sn_dev2 from internal {
+	neighbor 2a03:2260:115:ffa1::1:2:0 as 65403;
+}
+
+
+template bgp uplink {
+	table ffnet;
+	local as 65403;
+	import where is_default();
+	export filter export_to_upstream_filter;
+	gateway recursive;
+}
+
+protocol bgp ffrl_dus from uplink {
+	description "Rheinland Backbone";
+	source address 2a03:2260:0:3f::2;
+	neighbor 2a03:2260:0:3f::1 as 201701;
+};
+
+protocol bgp ffrl_fra from uplink {
+	description "Rheinland Backbone";
+	source address 2a03:2260:0:3e::2;
+	neighbor 2a03:2260:0:3e::1 as 201701;
+};
+

roles/calculate_missing_inventory_variables/tasks/find_partner.yml

@@ -1,4 +1,4 @@
 - name: Suche Partnergateway
-  when: "hostvars[gateway].domaenenliste[dom] is defined and gateway != inventory_hostname"
+  when: "hostvars[supernode].domaenenliste[dom] is defined and supernode != inventory_hostname"
   set_fact:
     domaenenliste: "{{domaenenliste | combine( {dom: {'partner' : gateway}}, recursive=True)}}"

roles/calculate_missing_inventory_variables/tasks/set_calculation_needed.yml

@@ -8,10 +8,10 @@
 
 - name: Partner setzen
   when: "domaenenliste[dom].calculation_needed is defined and domaenenliste[dom].calculation_needed == 'true'"
-  with_items: "{{ groups['gateways'] }}"
+  with_items: "{{ groups['supernodes'] }}"
   loop_control:
     loop_var: gates
-  include: find_partner.yml gateway={{gates}}
+  include: find_partner.yml supernode={{gates}}
 
 - name: server_id auf 2 setzen, falls andere vm_id größer
   when: "domaenenliste[dom].calculation_needed is defined and domaenenliste[dom].calculation_needed == 'true' and hostvars[domaenenliste[dom].partner].vm_id > vm_id"

roles/common/tasks/main.yml

@@ -78,6 +78,9 @@
   with_items:
     - rpcbind
 
+- name: Verzeichniss für SSH-Schlüsseldatei erstellen
+  file: path=/root/.ssh state=directory
+
 - name: SSH-Schlüsseldatei generieren
   template:
     src: authorized_keys.j2
@@ -93,25 +96,24 @@
 
 - locale_gen: name=de_DE.UTF-8 state=present
 
-- name: "Get all files in /etc/logrotate.d/"
-  raw: find /etc/logrotate.d/ -type f
-  register: logrotate_files
-  check_mode: no
-  changed_when: False
+- name: "Collect lograte files to update"
+  find:
+     paths: /etc/logrotate.d/
+  register: logrotate_result
 
 - name: "Update logrotate cycle in /etc/logrotate.d/"
   replace:
-    dest: "{{item}}"
+    path: "{{item.path}}"
     regexp: 'daily|weekly|monthly'
     replace: '{{logrotate.cycle}}'
-  with_items: "{{logrotate_files.stdout_lines}}"
+  with_items: '{{ logrotate_result.files }}'
 
 - name: "Update logrotate count in /etc/logrotate.d/"
   replace:
-    dest: "{{item}}"
+    path: "{{item.path}}"
     regexp: 'rotate[ \t]+[0-9]+'
     replace: 'rotate {{logrotate.count}}'
-  with_items: "{{logrotate_files.stdout_lines}}"
+  with_items: '{{ logrotate_result.files }}'
 
 - name: Logrotate Rotationszyklus und Anzahl anpassen
   template:

roles/gateways_2nd_vnic/templates/2nd_vnic_interface.cfg.j2

@@ -5,10 +5,10 @@ auto {{ secondary_vnic }}
 iface {{ secondary_vnic }} inet static
     address {{ secondary_vnic_ip4 }}
     netmask {{ secondary_vnic_netmask4 }}
-    pre-up ip rule add from 10.233.128.0/17 table ffnet
-    pre-up ip rule add to 10.233.128.0/17 table ffnet
-    post-up ip route add default via 10.233.254.5 dev eth1 table ffnet
-    pre-down ip route del default via 10.233.254.5 dev eth1 table ffnet
-    post-down ip rule del from 10.233.128.0/17 table ffnet
-    post-down ip rule del to 10.233.128.0/17 table ffnet
+    pre-up ip rule add from 10.0.0.0/8 table ffnet
+    pre-up ip rule add to 10.0.0.0/8 table ffnet
+    post-up ip route add default via 192.168.100.5 dev eth1 table ffnet
+    pre-down ip route del default via 192.168.100.5 dev eth1 table ffnet
+    post-down ip rule del from 10.0.0.0/8 table ffnet
+    post-down ip rule del to 10.0.0.0/8 table ffnet
 

roles/gateways_gre_upstream/templates/gre_peering.j2

@@ -0,0 +1,19 @@
+{% if ffrl_tun is defined %}
+{% for tun in ffrl_tun %}
+
+auto tun-ffrl-{{tun.name}}
+iface tun-ffrl-{{tun.name}} inet static
+        address {{tun.v4_remote | ipaddr( tun.v4_remote.split('.')[3] | int + 1) | ipaddr('address') }}
+        netmask {{tun.v4_remote | ipaddr('netmask')}}
+        pre-up ip tunnel add $IFACE mode gre local {{ansible_default_ipv4.address}} remote {{tun.gre_target | ipaddr('address') }} ttl 255
+        post-up ip link set $IFACE mtu 1400
+        post-down ip tunnel del $IFACE
+        post-up ip rule add iif $IFACE lookup ffnet
+        pre-down ip rule del iif $IFACE lookup ffnet ||:
+iface tun-ffrl-{{tun.name}} inet6 static
+        address {{tun.v6_remote | ipaddr('2') | ipaddr('address') }}
+        netmask {{tun.v6_remote | ipaddr('prefix')}}
+        post-up ip -6 rule add iif $IFACE lookup ffnet
+        pre-down ip -6 rule del iif $IFACE lookup ffnet ||:
+{% endfor %}
+{% endif %}

roles/gateways_gre_upstream/templates/gre_upstream.j2

@@ -1,11 +1,31 @@
 {% if ffrl_tun is defined %}
 {% for tun in ffrl_tun %}
 
+#auto tun-ffrl-{{tun.name}}
+#iface tun-ffrl-{{tun.name}} inet static
+#        address {{tun.v4_remote | ipaddr( tun.v4_remote.split('.')[3] | int + 1) | ipaddr('address') }}
+#        netmask {{tun.v4_remote | ipaddr('netmask')}}
+#        pre-up ip tunnel add $IFACE mode gre local {{ansible_default_ipv4.address}} remote {{tun.gre_target | ipaddr('address') }} ttl 255
+#        post-up ip link set $IFACE mtu 1400
+#        post-down ip tunnel del $IFACE
+#        post-up ip rule add iif $IFACE lookup ffnet
+#        pre-down ip rule del iif $IFACE lookup ffnet ||:
+#iface tun-ffrl-{{tun.name}} inet6 static
+#        address {{tun.v6_remote | ipaddr('2') | ipaddr('address') }}
+#        netmask {{tun.v6_remote | ipaddr('prefix')}}
+#        post-up ip -6 rule add iif $IFACE lookup ffnet
+#        pre-down ip -6 rule del iif $IFACE lookup ffnet ||:
+
 auto tun-ffrl-{{tun.name}}
-iface tun-ffrl-{{tun.name}} inet static
-        address {{tun.v4_remote | ipaddr( tun.v4_remote.split('.')[3] | int + 1) | ipaddr('address') }}
-        netmask {{tun.v4_remote | ipaddr('netmask')}}
-        pre-up ip tunnel add $IFACE mode gre local {{ansible_default_ipv4.address}} remote {{tun.gre_target | ipaddr('address') }} ttl 255
+iface tun-ffrl-{{tun.name}} inet tunnel
+        mode gre
+        ttl 64
+        mtu 1400
+        address {{tun.v4_local  }}
+        netmask {{tun.v4_local | ipaddr('netmask')}}
+        dstaddr {{tun.v4_remote }}
+        local {{primary_vnic_ip4}}
+        endpoint {{tun.gre_target}}
         post-up ip link set $IFACE mtu 1400
         post-down ip tunnel del $IFACE
         post-up ip rule add iif $IFACE lookup ffnet
@@ -15,25 +35,7 @@ iface tun-ffrl-{{tun.name}} inet6 static
         netmask {{tun.v6_remote | ipaddr('prefix')}}
         post-up ip -6 rule add iif $IFACE lookup ffnet
         pre-down ip -6 rule del iif $IFACE lookup ffnet ||:
-{% endfor %}
-{% endif %}
-
-{% if ffnw_tun is defined %}
-{% for tun in ffnw_tun %}
 
-auto tun-ffnw-{{tun.name}}
-iface tun-ffnw-{{tun.name}} inet static
-        address {{tun.v4_remote | ipaddr( tun.v4_remote.split('.')[3] | int + 1) | ipaddr('address') }}
-        netmask {{tun.v4_remote | ipaddr('netmask')}}
-        pre-up ip tunnel add $IFACE mode gre local {{ansible_default_ipv4.address}} remote {{tun.gre_target | ipaddr('address') }} ttl 255
-        post-up ip link set $IFACE mtu 1400
-        post-down ip tunnel del $IFACE
-        post-up ip rule add iif $IFACE lookup ffnet
-        pre-down ip rule del iif $IFACE lookup ffnet ||:
-iface tun-ffnw-{{tun.name}} inet6 static
-        address {{tun.v6_remote | ipaddr('2') | ipaddr('address') }}
-        netmask {{tun.v6_remote | ipaddr('prefix')}}
-        post-up ip -6 rule add iif $IFACE lookup ffnet
-        pre-down ip -6 rule del iif $IFACE lookup ffnet ||:
 {% endfor %}
 {% endif %}
+

roles/gateways_gre_upstream/templates/lo.j2

@@ -1,20 +1,14 @@
 auto lo
 iface lo inet loopback
-{% if ffrl_tun is defined and ffrl_nat_ip is defined %}
-        up ip address add {{ ffrl_nat_ip }} dev lo
-        up ip rule add from {{ ffrl_nat_ip }} table ffnet
-        up ip rule add iif lo table ffnet suppress_prefixlength 0
-        up ip -6 rule add iif lo table ffnet suppress_prefixlength 0
-{% endif %}
-{% if ffnw_tun is defined %}
-        up ip address add {{ ffnw_nat_ip }} dev lo
-        up ip rule add from {{ ffnw_nat_ip }} table ffnet
-        up ip rule add iif lo table ffnet suppress_prefixlength 0
-        up ip -6 rule add iif lo table ffnet suppress_prefixlength 0
-{% endif %}
-{% if ffnw_tun is not defined and ffrl_tun is not defined %}
-        up ip address add 10.0.0.{{vm_id}} dev lo
-        up ip rule add from 10.0.0.{{vm_id}} table ffnet
-        up ip rule add iif lo table ffnet suppress_prefixlength 0
-        up ip -6 rule add iif lo table ffnet suppress_prefixlength 0
-{% endif %}
+#{% if ffrl_tun is defined and ffrl_nat_ip is defined %}
+#        up ip address add {{ ffrl_nat_ip }} dev lo
+#        up ip rule add from {{ ffrl_nat_ip }} table ffnet
+#        up ip rule add iif lo table ffnet suppress_prefixlength 0
+#        up ip -6 rule add iif lo table ffnet suppress_prefixlength 0
+#{% endif %}
+#{% if ffrl_tun is not defined %}
+#        up ip address add 10.0.0.{{vm_id}} dev lo
+#        up ip rule add from 10.0.0.{{vm_id}} table ffnet
+#        up ip rule add iif lo table ffnet suppress_prefixlength 0
+#        up ip -6 rule add iif lo table ffnet suppress_prefixlength 0
+#{% endif %}

roles/gateways_gretap/templates/gretap.j2

@@ -26,7 +26,7 @@ iface t{{domaene[0]}}-{{host}} inet manual
 {% if build_tunnels_over_ipv6_if_available is defined and build_tunnels_over_ipv6_if_available == "yes" and ansible_default_ipv6.address is defined %}
         pre-up ip link add $IFACE type ip6gretap local {{ansible_default_ipv6.address}} remote {{hostvars[host]['ansible_default_ipv6']['address']}} dev {{ansible_default_ipv6.interface}} key {{domaene[0]|int}}
 {% else %}
-        pre-up ip link add $IFACE type gretap local {{ansible_default_ipv4.address}} remote {{hostvars[host].ansible_ssh_host}} dev eth0 key {{domaene[0]|int}}
+        pre-up ip link add $IFACE type gretap local {{ansible_default_ipv4.address}} remote {{hostvars[host].ansible_ssh_host}} dev {{ primary_vnic }} key {{domaene[0]|int}}
 {% endif %}
         pre-up ip link set dev $IFACE address de:ad:be:ef:{{indexer[0]}}:{{vm_id}}
         pre-up ip link set $IFACE up

roles/gateways_l2tp_new/templates/l2tp_broker.cfg.j2

@@ -1,6 +1,7 @@
 [broker]
 ; IP address the broker will listen and accept tunnels on
-address={{ansible_eth0.ipv4.address}}
+; Test Stefan: address=ansible_eth0.ipv4.address  (Klammern entfernt!)
+address={{primary_vnic_ip4}}
 ; Ports where the broker will listen on
 {% if tunneldigger.instance_per_domain == True %}
 port={{20000 + (item.key | int)}}
@@ -12,7 +13,7 @@ port={{20000 + (item.key | int)}}
 port={{ports|join(',')}}
 {% endif %}
 ; Interface with that IP address
-interface={{tunneldigger.interface}}
+interface={{primary_vnic}}
 ; Maximum number of tunnels that will be allowed by the broker
 max_tunnels={{tunneldigger.max_tunnels}}
 ; Tunnel port base

roles/mapserver_hopglass-server/handlers/main.yml

@@ -0,0 +1,3 @@
+---
+- name: restart hopglass
+  service: name=hopglass-server@default state=restarted

roles/mapserver_hopglass-server/tasks/main.yml

@@ -0,0 +1,117 @@
+---
+- name: Increase Kernel default rx buffersize
+  sysctl:
+    name: net.core.rmem_default
+    value: 26214400
+    state: present
+    reload: yes
+  notify:
+    - "restart hopglass"
+
+- name: Increase Kernel max rx buffersize
+  sysctl:
+    name: net.core.rmem_max
+    value: 26214400
+    state: present
+    reload: yes
+  notify:
+    - "restart hopglass"
+
+- name: Increase Kernel max optmem buffersize
+  sysctl:
+    name: net.core.optmem_max
+    value: 81920
+    state: present
+    reload: yes
+  notify:
+    - "restart hopglass"
+
+- name: Increase max queue len of unhandled rx packets in Kernel
+  sysctl:
+    name: net.core.netdev_max_backlog
+    value: 5000
+    state: present
+    reload: yes
+  notify:
+    - "restart hopglass"
+
+- name: Add nodejs repo keys
+  apt_key:
+    id: 1655A0AB68576280
+    url: "https://deb.nodesource.com/gpgkey/nodesource.gpg.key"
+    state: present
+
+- name: Add repo for nodejs
+  apt_repository:
+    repo: "{{ item }}"
+    state: present
+    update_cache: yes
+  with_items:
+    - "deb https://deb.nodesource.com/node_6.x {{ ansible_distribution_release }} main"
+    - "deb-src https://deb.nodesource.com/node_6.x {{ ansible_distribution_release }} main"
+
+- name: Install nodejs
+  apt:
+    pkg: nodejs
+    state: installed
+
+- name: Create HopGlass-server directory if not existent
+  file:
+    path: /opt/hopglass
+    state: directory
+
+- name: Create HopGlass User
+  user:
+    name: hopglass
+    system: yes
+    createhome: yes
+    home: /opt/hopglass
+
+- name: Clone HopGlass Server Repo
+  git: repo=https://github.com/hopglass/hopglass-server.git dest=/opt/hopglass/server force=yes
+  notify:
+    - "restart hopglass"
+  register: hopglass_server_git_clone
+
+- name: Adjust permissions
+  file:
+    path: /opt/hopglass
+    owner: hopglass
+    group: hopglass
+    recurse: yes
+  when: hopglass_server_git_clone.changed
+
+- name: install dependencies
+  shell: npm install
+  args:
+    chdir: /opt/hopglass/server
+  when: hopglass_server_git_clone.changed
+
+- name: Create HopGlass-server Config directory if not existent
+  file: path=/etc/hopglass-server/default state=directory
+
+- name: Setup systemd service
+  copy:
+    src: /opt/hopglass/server/hopglass-server@.service
+    dest: /lib/systemd/system/
+    remote_src: True
+
+- name: Adjust permissions of /etc/hopglass-server
+  file:
+    path: /etc/hopglass-server
+    owner: hopglass
+    group: hopglass
+    recurse: yes
+
+- name: Copy config.json
+  template: 
+    src: config.json.j2 
+    dest: /etc/hopglass-server/default/config.json
+    owner: hopglass
+    group: hopglass
+    mode: 0644
+  notify:
+    - "restart hopglass"
+
+- name: install hopglass server service hopglass-server
+  service: name=hopglass-server@default enabled=yes

roles/mapserver_hopglass-server/templates/config.json.j2

@@ -0,0 +1,56 @@
+{
+  "receiver": {
+    "receivers": [
+      { "module": "announced",
+        "config": {
+          "interval": {
+            "statistics": 60,
+            "nodeinfo": 500
+          }
+        }
+      },
+      { "module": "aliases",
+        "config": {
+          "file": "./aliases.json"
+        },
+        "overlay": true
+      }
+    ],
+    "ifaces": [
+{% for domaene in domaenen|dictsort %}
+      "bat{{domaene[0]}}"{% if not loop.last %},{% endif %}
+
+{% endfor %}
+    ],
+    "storage": {
+      "file": "./raw.json"
+    },
+    "purge": {
+      "maxAge": {{ mapconfig.hopglassServer.purge.max_age }}
+    }
+  },
+  "provider": {
+    "offlineTime": 900,
+    "named": {
+      "mapTemplate": "https://{{inventory_hostname_short}}.{{freifunk.domain_short}}/map/#!v:m;n:{node_id}",
+      "origin": "knoten.{{freifunk.domain}}.",
+      "defaultTtl": 86400,
+      "refresh": 86400,
+      "retry": 7200,
+      "expire": 2419200,
+      "minTtl": 86400,
+      "nameservers":  [
+        "ns1.{{freifunk.domain}}.",
+        "ns2.{{freifunk.domain}}.",
+        "ns3.{{freifunk.domain}}."
+      ],
+      "subdomainNet": [
+          "{{ff_network.v6_network}}"
+      ],
+      "namePadding" : 40
+    }
+  },
+  "webserver": {
+    "port": 4000
+  }
+}

roles/mapserver_hopglass/tasks/main.yml

@@ -0,0 +1,114 @@
+---
+- name: Create HopGlass directory if not existent
+  file:
+    path: /opt/hopglass/client
+    state: directory
+
+- name: Git for HopGlass
+  git:
+    repo: https://github.com/FreiFunkMuenster/hopglass.git
+    dest: /opt/hopglass/client
+    force: yes
+    version: ffms
+  register: hopglass_git_clone
+
+- name: Create hwpics directory if not exists
+  file:
+    path: /opt/hopglass/hwpics
+    state: directory
+
+- name: Clone meshviewer hwpics repo
+  git:
+    repo: https://github.com/Moorviper/meshviewer_hwpics.git
+    dest: /opt/hopglass/hwpics
+    update: yes
+  register: hopglass_git_clone
+
+- name: Add nodejs repo keys
+  apt_key:
+    id: 1655A0AB68576280
+    url: "https://deb.nodesource.com/gpgkey/nodesource.gpg.key"
+    state: present
+
+- name: Add repo for nodejs
+  apt_repository:
+    repo: "{{ item }}"
+    state: present
+    update_cache: yes
+  with_items:
+    - "deb https://deb.nodesource.com/node_6.x {{ ansible_distribution_release }} main"
+    - "deb-src https://deb.nodesource.com/node_6.x {{ ansible_distribution_release }} main"
+
+- name: Install nodejs
+  apt:
+    pkg: nodejs
+    state: installed
+
+- name: Install dependencies
+  shell: npm install
+  args:
+    chdir: /opt/hopglass/client
+  when: hopglass_git_clone.changed
+
+- name: Install grunt-cli
+  shell: npm install grunt-cli
+  args:
+    chdir: /opt/hopglass/client
+  when: hopglass_git_clone.changed
+
+- name: Build HopGlass
+  shell: node_modules/.bin/grunt
+  args:
+    chdir: /opt/hopglass/client
+  when: hopglass_git_clone.changed
+
+- name: Adjust permissions
+  file:
+    path: /opt/hopglass/client
+    owner: hopglass
+    group: hopglass
+    recurse: yes
+  when: hopglass_git_clone.changed
+
+- name: Create directory
+  file:
+    path: /opt/hopglass/client/build/
+    state: directory
+
+- name: Deploy config.json
+  template:
+    src: config.json.j2
+    dest: /opt/hopglass/client/build/config.json
+    owner: hopglass
+    group: hopglass
+    mode: 0644
+
+- name: Create directory for domainspecific config files
+  file:
+    path: /opt/hopglass/client/build/config/
+    state: directory
+
+- name: Deploy config.json domainspecific
+  template:
+    src: configdom.json.j2
+    dest: "/opt/hopglass/client/build/config/config_{{item[0]}}.json"
+    owner: hopglass
+    group: hopglass
+    mode: 0644
+  with_items:
+    - "{{domaenen|dictsort}}"
+
+- name: Generate list of all community names
+  set_fact:
+    communities: "{{ domaenen | list | map('extract', domaenen, 'community') | list | unique | sort }}"
+
+- name: Deploy config.json configcommunity
+  template:
+    src: configcommunity.json.j2
+    dest: "/opt/hopglass/client/build/config/config_{{item}}.json"
+    owner: hopglass
+    group: hopglass
+    mode: 0644
+  when: item != "None"
+  with_items:
+    - "{{communities}}"

roles/mapserver_hopglass/templates/config.json.j2

@@ -0,0 +1,61 @@
+{
+  "dataPath": "/data/",
+  "siteName": "{{freifunk.name}}",
+  "mapSigmaScale": {{ mapconfig.globalMap.map_scale }},
+  "showContact": {{ mapconfig.globalMap.map_show_contact | lower}},
+  "maxAge": {{ mapconfig.globalMap.map_max_age }},
+{% if "max_goto_zoom" in mapconfig.globalMap %}
+  "maxGotoZoom": {{ mapconfig.globalMap.max_goto_zoom }},
+{% endif %}
+  "mapLayers": [
+{% for layer in mapconfig.layers %}
+    {
+      "name": "{{layer.name}}",
+      "url": "{{layer.url}}",
+      "config": {
+{% for k,v in layer.config|dictsort %}
+        "{{k}}": {% if v is number %}{{v}}{% else %}"{{v}}"{% endif %}{% if not loop.last %},{% endif %}
+
+{% endfor %}
+      }
+    }{% if not loop.last %},{% endif %}
+
+{% endfor %}
+  ],
+  "siteNames": [
+{% for domaene in domaenen|dictsort %}
+    { "site": "{{freifunk.kurzname}}d{{domaene[0]}}", "name": "Domäne {{domaene[0]}} - {{domaene[1].name}}" }{% if not loop.last %},{% endif %}
+
+{% endfor %}
+  ],
+{% if mapconfig.globalInfos is defined %}
+  "globalInfos": [
+{% for globalInfo in mapconfig.globalInfos %}
+    { "name": "{{ globalInfo.name }}",
+      "iframe": "{{ globalInfo.iframe }}"{% if globalInfo.caption is defined %},
+      "caption": "{{ globalInfo.caption }}"{% endif %}
+
+    }{% if not loop.last %},{% endif %}
+
+{% endfor %}
+  ],
+{% endif %}
+{% if mapconfig.nodeInfos is defined %}
+  "nodeInfos": [
+{% for nodeInfo in mapconfig.nodeInfos %}
+    { "name": "{{ nodeInfo.name }}",
+      "iframe": "{{ nodeInfo.iframe }}"{% if nodeInfo.caption is defined %},
+      "caption": "{{ nodeInfo.caption }}"{% endif %}
+
+    }{% if not loop.last %},{% endif %}
+
+{% endfor %}
+  ],
+{% endif %}
+  "hwImg": [
+    {
+      "thumbnail": "/hwpics/{MODELHASH}.svg",
+      "caption": "Knoten {MODELHASH}"
+    }
+  ]
+}

roles/mapserver_hopglass/templates/configcommunity.json.j2

@@ -0,0 +1,67 @@
+{% set map_domains = [] %}
+{% for domain in domaenen|dictsort %}
+{% if item == domain[1]['community'] %}
+{% if map_domains.append(domain) %}{% endif %}
+{% endif %}
+{% endfor %}
+{
+  "dataPath": "/data/map_{% for domain in map_domains %}{{freifunk.kurzname}}d{{domain[0]}}{% if not loop.last %},{% endif %}{% endfor %}/",
+  "siteName": "Freifunk {{item}}",
+  "mapSigmaScale": {{ mapconfig.communityMap.map_scale }},
+  "showContact": {{ mapconfig.communityMap.map_show_contact | lower}},
+  "maxAge": {{ mapconfig.communityMap.map_max_age }},
+{% if "max_goto_zoom" in mapconfig.communityMap %}
+  "maxGotoZoom": {{ mapconfig.communityMap.max_goto_zoom }},
+{% endif %}
+  "mapLayers": [
+{% for layer in mapconfig.layers %}
+    {
+      "name": "{{layer.name}}",
+      "url": "{{layer.url}}",
+      "config": {
+{% for k,v in layer.config|dictsort %}
+        "{{k}}": {% if v is number %}{{v}}{% else %}"{{v}}"{% endif %}{% if not loop.last %},{% endif %}
+
+{% endfor %}
+      }
+    }{% if not loop.last %},{% endif %}
+
+{% endfor %}
+  ],
+  "siteNames": [
+{% for domain in map_domains %}
+    { "site": "{{freifunk.kurzname}}d{{domain[0]}}", "name": "Domäne {{domain[0]}} - {{domain[1].name}}" }{% if not loop.last %},{% endif %}
+
+{% endfor %}
+  ],
+{% if mapconfig.globalInfos is defined %}
+  "globalInfos": [
+{% for globalInfo in mapconfig.globalInfos %}
+    { "name": "{{ globalInfo.name }}",
+      "iframe": "{{ globalInfo.iframe }}"{% if globalInfo.caption is defined %},
+      "caption": "{{ globalInfo.caption }}"{% endif %}
+
+    }{% if not loop.last %},{% endif %}
+
+{% endfor %}
+  ],
+{% endif %}
+{% if mapconfig.nodeInfos is defined %}
+  "nodeInfos": [
+{% for nodeInfo in mapconfig.nodeInfos %}
+    { "name": "{{ nodeInfo.name }}",
+      "iframe": "{{ nodeInfo.iframe }}"{% if nodeInfo.caption is defined %},
+      "caption": "{{ nodeInfo.caption }}"{% endif %}
+
+    }{% if not loop.last %},{% endif %}
+
+{% endfor %}
+  ],
+{% endif %}
+  "hwImg": [
+    {
+      "thumbnail": "/hwpics/{MODELHASH}.svg",
+      "caption": "Knoten {MODELHASH}"
+    }
+  ]
+}

roles/mapserver_hopglass/templates/configdom.json.j2

@@ -0,0 +1,58 @@
+{
+  "dataPath": "/data/map_{{freifunk.kurzname}}d{{item[0]}}/",
+  "siteName": "{% if item[1].community is defined %}Freifunk {{item[1].community}}{% else %}{{freifunk.name}}{% endif %} - Domäne {{item[1].name}}",
+  "mapSigmaScale": {{item[1].map_scale}},
+  "showContact": {{item[1].map_show_contact | lower}},
+  "maxAge": {{item[1].map_max_age}},
+{% if "max_goto_zoom" in mapconfig.communityMap %}
+  "maxGotoZoom": {{ mapconfig.communityMap.max_goto_zoom }},
+{% endif %}
+  "mapLayers": [
+{% for layer in mapconfig.layers %}
+    {
+      "name": "{{layer.name}}",
+      "url": "{{layer.url}}",
+      "config": {
+{% for k,v in layer.config|dictsort %}
+        "{{k}}": {% if v is number %}{{v}}{% else %}"{{v}}"{% endif %}{% if not loop.last %},{% endif %}
+
+{% endfor %}
+      }
+    }{% if not loop.last %},{% endif %}
+
+{% endfor %}
+  ],
+  "siteNames": [
+    { "site": "{{freifunk.kurzname}}d{{item[0]}}", "name": "Domäne {{item[0]}} - {{item[1].name}}" }
+  ],
+{% if mapconfig.globalInfos is defined %}
+  "globalInfos": [
+{% for globalInfo in mapconfig.globalInfos %}
+    { "name": "{{ globalInfo.name }}",
+      "iframe": "{{ globalInfo.iframe }}"{% if globalInfo.caption is defined %},
+      "caption": "{{ globalInfo.caption }}"{% endif %}
+
+    }{% if not loop.last %},{% endif %}
+
+{% endfor %}
+  ],
+{% endif %}
+{% if mapconfig.nodeInfos is defined %}
+  "nodeInfos": [
+{% for nodeInfo in mapconfig.nodeInfos %}
+    { "name": "{{ nodeInfo.name }}",
+      "iframe": "{{ nodeInfo.iframe }}"{% if nodeInfo.caption is defined %},
+      "caption": "{{ nodeInfo.caption }}"{% endif %}
+
+    }{% if not loop.last %},{% endif %}
+
+{% endfor %}
+  ],
+{% endif %}
+  "hwImg": [
+    {
+      "thumbnail": "/hwpics/{MODELHASH}.svg",
+      "caption": "Knoten {MODELHASH}"
+    }
+  ]
+}

roles/mapserver_interfaces/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: restart networking
+  service:
+    name: networking
+    state: restarted

roles/mapserver_interfaces/tasks/main.yml

@@ -0,0 +1,12 @@
+
+# creating batman interfaces
+- name: Create interfaces - batman file
+  template: src="batman.j2" dest="/etc/network/interfaces.d/30_batman.cfg"
+  notify:
+    - restart networking
+
+#append line in interfaces file for reading additional config files
+- name: let read interfaces from interfaces
+  lineinfile: dest="/etc/network/interfaces" line="source /etc/network/interfaces.d/*"
+  notify:
+    - restart networking

roles/mapserver_interfaces/templates/batman.j2

@@ -0,0 +1,80 @@
+# This file is managed by ansible, don't make changes here - they will be overwritten.
+
+{% set indexer = [0] -%}
+{% for domaene in domaenen|dictsort %}
+
+{% set group = "supernodes" -%}
+{% if domaene[0] == "00" -%}
+{% set group = "domaene-test" -%}
+{% endif -%}
+{% if "domaene-"+domaene[0] in groups -%}
+{% set group = "domaene-"+domaene[0] -%}
+{% endif -%}
+
+# BEGIN: Domäne-{{domaene[0]}}
+{% if indexer.append(indexer.pop() + 1) %}{% endif %}{# increment indexer by 1 #}
+# BATMAN Interface für Domäne-{{domaene[0]}}
+auto bat{{domaene[0]}}
+iface bat{{domaene[0]}} inet6 static
+        address fe80::dcad:beff:feef:{{ '%02x' % indexer[0] }}{{'%02d' % server_id}}
+        netmask 64
+        pre-up modprobe batman-adv
+	pre-up ip link add bat{{domaene[0]}} type batadv
+	post-up ip link set address de:ad:be:ef:{{ '%02x' % indexer[0] }}:{{server_id}} dev bat{{domaene[0]}}
+        post-up ip link set dev bat{{domaene[0]}} up
+        post-up batctl -m bat{{domaene[0]}} it 10000
+{% for host in groups[group] %}
+{% if group == "supernodes" %}
+{% if domaene[0] in hostvars[host].domaenenliste %}
+	post-up batctl -m bat{{domaene[0]}} if add t{{domaene[0]}}-{{ host }} ||:
+{% endif %}
+{% else %}
+        post-up batctl -m bat{{domaene[0]}} if add tap-{{ host }} ||:
+{% endif %}
+{% endfor %}
+	post-up ip -6 addr add {{domaene[1].ffv6_network | ipaddr(server_id) | ipaddr('address')}}/64 dev bat{{domaene[0]}}
+	post-up pgrep -a -x -f "batadv-vis -i bat{{domaene[0]}}.*" || batadv-vis -i bat{{domaene[0]}} -u /run/batadvvis.{{domaene[0]}}.sock -s >/dev/null 2>&1&
+        pre-down pkill -x -f "batadv-vis -i bat{{domaene[0]}}.*" ||:
+
+iface bat{{domaene[0]}} inet static
+        address {{domaene[1].ffv4_network | ipaddr(server_id) | ipaddr('address') }}
+        netmask {{domaene[1].ffv4_network | ipaddr('netmask')}}
+        post-down ip link del bat{{domaene[0]}}
+
+# Tunnel-Interfaces für Domäne-{{domaene[0]}}
+{% for host in groups[group] %}
+{% if group == "supernodes" %}
+{% if domaene[0] in hostvars[host].domaenenliste %}
+{% if indexer.append(indexer.pop() + 1) %}{% endif %}{# increment indexer by 1 #}
+auto t{{domaene[0]}}-{{ host }}
+iface t{{domaene[0]}}-{{ host }} inet manual
+{% if build_tunnels_over_ipv6_if_available is defined and build_tunnels_over_ipv6_if_available == "yes" and ansible_default_ipv6.address is defined %}
+        pre-up ip link add $IFACE type ip6gretap local {{ansible_default_ipv6.address}} remote {{hostvars[host]['ansible_default_ipv6']['address']}} dev {{ansible_default_ipv6.interface}} key {{domaene[0]|int}}
+
+{% else %}
+        pre-up ip link add $IFACE type gretap local {{ansible_default_ipv4.address}} remote {{hostvars[host].ansible_ssh_host}} dev eth0 key {{domaene[0]|int}}
+{% endif %}
+        pre-up ip link set dev $IFACE address de:ad:be:ef:{{ '%02x' % indexer[0] }}:{{server_id}}
+        pre-up ip link set $IFACE up
+        post-up batctl -m bat{{domaene[0]}} if add $IFACE ||:
+        pre-down batctl -m bat{{domaene[0]}} if del $IFACE ||:
+        post-down ip link del $IFACE
+
+{% endif %}
+{% else %}
+{% if indexer.append(indexer.pop() + 1) %}{% endif %}{# increment indexer by 1 #}
+auto tap-{{ host }}
+iface tap-{{ host }} inet manual
+        pre-up ip link add $IFACE type gretap local {{ansible_default_ipv4.address}} remote {{hostvars[host].ansible_ssh_host}} dev eth0
+        pre-up ip link set dev $IFACE address de:ad:be:ef:{{ '%02x' % indexer[0] }}:{{server_id}}
+        pre-up ip link set $IFACE up
+        post-up batctl -m bat{{domaene[0]}} if add $IFACE ||:
+        pre-down batctl -m bat{{domaene[0]}} if del $IFACE ||:
+        post-down ip link del $IFACE
+
+{% endif %}
+{% endfor %}
+# END: Domäne-{{domaene[0]}}
+
+{% endfor %} 
+

roles/mapserver_nginx/handlers/main.yml

@@ -0,0 +1,3 @@
+---
+- name: restart nginx
+  service: name=nginx state=restarted

roles/mapserver_nginx/tasks/main.yml

@@ -0,0 +1,143 @@
+- name: install nginx
+  apt:
+    pkg: "{{ item }}"
+    update_cache: no
+    state: latest
+  with_items:
+    - nginx
+
+- name: create letsencrypt directory
+  file: name=/var/www/letsencrypt state=directory
+
+- name: Install default nginx site for letsencrypt requests and https rewrite
+  template:
+    src: templates/default.j2
+    dest: /etc/nginx/sites-available/default
+  register: gendefconf
+
+- name: Activate default nginx site
+  file: src=/etc/nginx/sites-available/default dest=/etc/nginx/sites-enabled/default state=link
+  register: actdefconf
+
+- name: Reload nginx to activate letsencrypt site
+  service: name=nginx state=restarted
+  when: gendefconf.changed or actdefconf.changed
+
+- name: acme install
+  shell: wget -O -  https://get.acme.sh | sh
+  args:
+    creates: /root/.acme.sh/acme.sh
+
+#- name: Create certificate
+#  shell: /root/.acme.sh/acme.sh --issue -d {{inventory_hostname_short}}.{{freifunk.domain_short}} -d karte.freifunk-dortmund.de -w /var/www/letsencrypt
+#  args:
+#    creates: /root/.acme.sh/{{inventory_hostname_short}}.{{freifunk.domain}}/ca.cer
+
+#- name: install cert to Nginx
+#  shell: /root/.acme.sh/acme.sh --installcert -d {{inventory_hostname_short}}.{{freifunk.domain_short}} -d karte.freifunk-dortmund.de --keypath "/etc/ssl/key.pem" --fullchainpath "/etc/ssl/fullchain.pem" --reloadcmd "systemctl restart nginx"
+#  args:
+#    creates: /etc/ssl/certs/key.pem
+  
+- name: Generate dhparams
+  shell: openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
+  args:
+    creates: /etc/ssl/certs/dhparam.pem
+
+- name: Create nginx caching dir
+  file:
+    path: /opt/hopglass_nginx_cache
+    state: directory
+
+- name: Create nginx caching dirs for tiles caching
+  file:
+    path: "{{item.path}}"
+    state: directory
+  with_items:
+    - "{{nginx_tiles_cache.cache_locations}}"
+  when: nginx_tiles_cache is defined and "cache_locations" in nginx_tiles_cache
+
+- name: Define cache in nginx.conf
+  lineinfile:
+    regexp: "^[\t ]*proxy_cache_path.*hopglass"
+    line: "\tproxy_cache_path /opt/hopglass_nginx_cache levels=1:2 keys_zone=hopglass:10m inactive=1h max_size=1g;"
+    insertafter: "^[\t ]*http[\t ]*\\{"
+    dest: /etc/nginx/nginx.conf
+  notify:
+    - restart nginx
+
+- name: Define include for tiles cache in nginx.conf
+  lineinfile:
+    regexp: "^[\t ]*include /etc/nginx/tiles_cache.conf;"
+    line: "\tinclude /etc/nginx/tiles_cache.conf;"
+    insertafter: "^[\t ]*http[\t ]*\\{"
+    dest: /etc/nginx/nginx.conf
+  notify:
+    - restart nginx
+  when: nginx_tiles_cache is defined
+
+- name: Deploy tiles_cache.conf
+  template:
+    src: tiles_cache.conf.j2
+    dest: /etc/nginx/tiles_cache.conf
+  notify:
+    - restart nginx
+  when: nginx_tiles_cache is defined
+
+- name: Deploy default ssl nginx site
+  template:
+    src: default_ssl.j2
+    dest: /etc/nginx/sites-available/default_ssl
+  notify:
+    - restart nginx
+
+- name: Aktivate default ssl nginx site
+  file: src=/etc/nginx/sites-available/default_ssl dest=/etc/nginx/sites-enabled/default_ssl state=link
+  register: actsslconf
+
+- name: Reload nginx to activate letsencrypt site
+  service: name=nginx state=restarted
+  when: actsslconf.changed
+
+- name: Clone bootstrap and css files
+  git: repo=https://github.com/FreiFunkMuenster/nodesmap-page.git dest=/opt/nodesmappage force=yes
+
+- name: link css
+  file:
+    src: /opt/nodesmappage/css
+    dest: /var/www/html/css
+    state: link
+
+- name: link js
+  file:
+    src: /opt/nodesmappage/js
+    dest: /var/www/html/js
+    state: link
+
+- name: link fonts
+  file:
+    src: /opt/nodesmappage/fonts
+    dest: /var/www/html/fonts
+    state: link
+
+- name: link icons
+  file:
+    src: /opt/nodesmappage/icons
+    dest: /var/www/html/icons
+    state: link
+
+- name: Generate index.html
+  template:
+    src: index.html.j2
+    dest: /var/www/html/index.html
+
+- name: link hopglass
+  file:
+    src: /opt/hopglass/client/build
+    dest: /var/www/html/map
+    state: link
+
+- name: link hwpics
+  file:
+    src: /opt/hopglass/hwpics/nodes
+    dest: /var/www/html/hwpics
+    state: link

roles/mapserver_nginx/templates/default.j2

@@ -0,0 +1,21 @@
+server {
+    listen 80 default_server;
+    listen [::]:80 default_server;
+    server_name {{inventory_hostname_short}}.{{freifunk.domain_short}} karte.freifunk-dortmund.de;
+
+    location /.well-known/acme-challenge {
+        root /var/www/letsencrypt;
+        try_files $uri $uri/ =404;
+    }
+
+    location /nginx_status {
+        stub_status on;
+        access_log off;
+        allow 127.0.0.1;
+        deny all;
+    }
+
+    location / {
+        return 301 https://$server_name$request_uri;
+    }
+}

roles/mapserver_nginx/templates/default_ssl.j2

@@ -0,0 +1,98 @@
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name {{inventory_hostname_short}}.{{freifunk.domain_short}} karte.freifunk-dortmund.de;
+
+    ssl_certificate /etc/ssl/fullchain.pem;
+    ssl_certificate_key /etc/ssl/key.pem;
+
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
+    ssl_ecdh_curve secp384r1;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_tickets off;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+    resolver 8.8.8.8 8.8.4.4 valid=300s;		 
+    
+    resolver_timeout 5s;
+    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
+    add_header X-Content-Type-Options nosniff;
+
+    ssl_dhparam /etc/ssl/certs/dhparam.pem;
+
+    root /var/www/html;
+
+    location / {
+
+        # redirect into directory to get correct docroot
+        rewrite "^/map([0-9]{2})$" /map$1/ permanent;
+        rewrite "^/map_([^/]+)$" /map$1/ permanent;
+
+        # rewrite config.json to special path
+        rewrite "^/map([0-9]{2})/config.json$" /map/config/config_$1.json break;
+        rewrite "^/map_([^/]+)/config.json$" /map/config/config_$1.json break;
+
+        # rewrite all other
+        rewrite "^/map[0-9]{2}/(.*)$" /map/$1 break;
+        rewrite "^/map_[^/]+/(.*)$" /map/$1 break;
+
+        # First attempt to serve request as file, then
+        # as directory, then fall back to displaying a 404.
+        try_files $uri $uri/ =404;
+
+        # enable gzip compression
+        gzip                    on;
+        gzip_http_version       1.0;
+        gzip_vary               on;
+        gzip_comp_level         2;
+        gzip_proxied            any;
+        gzip_types              text/plain text/css text/javascript application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss;
+    }
+
+    # Proxy for mapdata
+    location /data/ {
+
+        # mapdata foreach domain, because hopglass can't handle args in uri)
+        rewrite "^/data/map_([^/]+)/(.+)$" /$2?filter=site&value=$1 break;
+
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+
+        proxy_pass              http://127.0.0.1:4000/;
+        proxy_redirect          off;
+
+        proxy_cache             hopglass;
+        proxy_cache_valid       2m;
+
+        # enable gzip compression
+        gzip                    on;
+        gzip_http_version       1.0;
+        gzip_vary               on;
+        gzip_comp_level         4;
+        gzip_proxied            any;
+        gzip_types              text/plain text/css text/javascript application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss;
+    }
+
+{% if nginx_tiles_cache is defined and 'instances' in nginx_tiles_cache %}
+{% for instance in nginx_tiles_cache.instances %}
+    # tiles cache for {{instance.name}}
+    location {{instance.location}} {
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+
+        proxy_pass              {{instance.dest_url}};
+        proxy_redirect          off;
+
+        proxy_cache             {{instance.cache_location_name}};
+        proxy_cache_valid       {{instance.valid_time}};
+    }
+{% endfor %}
+{% endif %}
+}

roles/mapserver_nginx/templates/index.html.j2

@@ -0,0 +1,137 @@
+<!DOCTYPE html>
+<html lang="en"><!-- Mit Ansible erzeugt - änderungen werden überschrieben -->
+<head>
+  <title>{{freifunk.name}} - Karten</title>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <link rel="apple-touch-icon" sizes="180x180" href="/icons/apple-touch-icon.png?v=2">
+  <link rel="icon" type="image/png" href="/icons/favicon-32x32.png?v=2" sizes="32x32">
+  <link rel="icon" type="image/png" href="/icons/favicon-16x16.png?v=2" sizes="16x16">
+  <link rel="manifest" href="/icons/manifest.json?v=2">
+  <link rel="mask-icon" href="/icons/safari-pinned-tab.svg?v=2" color="#ffb400">
+  <link rel="shortcut icon" href="/icons/favicon.ico?v=2">
+  <meta name="apple-mobile-web-app-title" content="Freifunk">
+  <meta name="application-name" content="Freifunk">
+  <meta name="msapplication-config" content="/icons/browserconfig.xml?v=2">
+  <meta name="theme-color" content="#dc0067">
+  <link rel="stylesheet" href="css/bootstrap.min.css">
+  <link rel="stylesheet" href="css/ffms.css">
+</head>
+<body>
+	<div class="container">
+	  <div class="page-header">
+    <div class="row">
+      <div class="col-md-2 col-sm-3">
+        <img id="{{freifunk.kurzname}}-logo" src="logo.svg" class="img" alt="Logo {{freifunk.name}}">
+      </div>
+      <div class="col-md-10 col-sm-9">
+        <h2>Karten - {{freifunk.name}}
+    <br/><small>Karten der einzelnen Domänen und der Communities</small></h2>
+      </div>
+    </div>
+    </div>
+  </div>
+  <div class="container">
+  <div class="row">
+    <!-- Suchfeld und Links -->
+    <div class="col-md-4 col-sm-4 col-xs-12">
+        <form type="text" action="javascript:myScroll()"> 
+        <div class="input-group">
+          <!-- USE TWITTER TYPEAHEAD JSON WITH API TO SEARCH -->
+          <input class="form-control" id="system-search" 
+                name="q" placeholder="Suche nach" autofocus>
+            <span class="input-group-btn">
+                <button type="submit" id="searchbutton" class="btn btn-ffms">                
+                    <i class="glyphicon glyphicon-search"></i>
+                </button>
+            </span>
+          </input>
+        </div>
+        </form>
+      <br/>
+      <h4><strong><a href="map/">Gesamtkarte des {{freifunk.name}}</a></strong></h4>
+      <p><a class="btn-ffms-collapse visible-xs" data-toggle="collapse" data-target="#narrow-results">&#187; Mehr Freifunk Links</a></p>
+      <div id="narrow-results" class="narrow-results collapse">
+{% if indexconfig.links is defined %}
+{% for link in indexconfig.links %}
+      <p><a href="{{link.link}}">{{link.name}}</a></p>
+{% endfor %}
+{% endif %}
+      </div>
+    </div>
+    <!-- Spalte mit Domänen -->
+    <div class="col-md-4 col-sm-4 col-xs-6">
+        <div class="ffms-align-center">
+        <table  class="table table-list-search table-hover">
+          <thead>
+            <tr>
+              <th>
+                  <div style=text-align:center><h4>Domänen</h4></div>
+              </th>
+            </tr>
+          </thead>
+          <tbody>
+            <!-- Alle Domänen einfügen -->
+{% for domaene in domaenen|dictsort %}
+            <tr>
+              <td>
+                  <a href="map{{domaene[0]}}/">{{domaene[0]}} - {{domaene[1].name}}</a> 
+                  &ensp;
+{% if indexconfig.linktofwdownloader is defined %}
+                  <span class="small">
+                      <a class="ffms-muted" href="{{indexconfig.linktofwdownloader}}{{domaene[0]}}">Firmware </a>
+                  </span>
+{% endif %}
+              </td>
+            </tr>
+{% endfor %}
+          </tbody>
+        </table>
+        </div>
+    </div>
+    <!-- Spalte mit Gruppen -->
+{% set communities = domaenen | list | map('extract', domaenen, 'community') | list | unique | sort %}
+    <div class="col-md-4 col-sm-4 col-xs-6">
+        <div class="ffms-align-center">
+        <table class="table  table-list-search table-hover">
+          <thead>
+            <tr>
+              <th><div style=text-align:center><h4>Gruppen</h4></div></th>
+            </tr>
+          </thead>
+          <tbody>
+            <!-- Alle Communities einfügen -->
+{% for community in communities %}
+{% if community != "None" %}
+            <tr>
+                <td><a Community href="map_{{community}}/">Community {{community}}</a><br/> <span class="ffms-muted">Domänen:</span>  
+{% for domaene in domaenen|dictsort %}
+{% if community == domaene[1].community %}
+                    <a href="map{{domaene[0]}}/">{{domaene[0]}}</a>
+{% endif %}
+{% endfor %}
+                </td>
+            </tr>
+ 
+{% endif %}
+{% endfor %}
+          </tbody>
+        </table>
+        </div>
+    </div>
+  </div>
+  </div>
+    <!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->
+    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
+    <!-- Include all compiled plugins (below), or include individual files as needed -->
+    <!-- optional via CDN: <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"  </script> -->
+    <script src="js/bootstrap.min.js"></script> 
+    <script src="js/search.js"></script>
+    <script>
+        function myScroll(my) {
+        $('html, body').animate({
+            scrollTop: $(".table").offset().top
+            }, 200);
+        }
+    </script>
+</body>

roles/mapserver_nginx/templates/tiles_cache.conf.j2

@@ -0,0 +1,15 @@
+{% if 'cache_locations' in nginx_tiles_cache %}
+{% for cache in nginx_tiles_cache.cache_locations %}
+    proxy_cache_path  {{cache.path}} levels=1:2 keys_zone={{cache.name}}:10m max_size={{cache.max_size}} inactive=365d;
+#   proxy_temp_path   {{cache.path}}/tmp;
+{% endfor %}
+{% endif %}
+{% if 'upstreams' in nginx_tiles_cache %}
+{% for upstream in nginx_tiles_cache.upstreams %}
+    upstream {{upstream.name}} {
+{% for server in upstream.servers %}
+        server {{server}};
+{% endfor %}
+    }
+{% endfor %}
+{% endif %}

roles/mapserver_stats/tasks/main.yml

@@ -0,0 +1,22 @@
+---
+# configure node-stats for respondd 
+
+- name: Clone node-stats repo for respondd.
+  git:
+    repo: https://github.com/FreiFunkMuenster/node-stats.git
+    dest: /opt/node-stats
+    version: respondd
+    force: yes
+
+- name: Deploy update.sh script
+  template:
+    src: update.sh.j2
+    dest: /opt/node-stats/update.sh
+    mode: "u+x,g+x"
+
+- name: Define cron for node-stats.
+  cron:
+    name: "node-stats"
+    minute: "*"
+    job: "/opt/node-stats/update.sh >/dev/null 2>&1"
+

roles/mapserver_stats/templates/update.sh.j2

@@ -0,0 +1,15 @@
+#!/bin/bash
+parallel=0
+path=$(realpath $(dirname $0))
+for i in /proc/sys/net/ipv4/conf/bat*; do
+    ((parallel++))
+    num=${i#*bat}
+    python $path/main.py --server=148.251.101.196 --port=2003 --domain=domaene-${num} --batif=bat${num} &
+
+    if ((parallel >= 16))
+    then
+        parallel=0
+        wait
+    fi
+done
+wait

roles/motd/tasks/main.yml

@@ -46,9 +46,9 @@
   when: motd_stat.stat.exists and motd_stat.stat.islnk == False
 
 - name: Create /var/run/motd if necessary
-  command: touch /var/run/motd
-  args:
-    creates: /var/run/motd
+  file: 
+    path: /var/run/motd
+    state: touch
   when: ansible_distribution == "Debian"
 
 - name: get /var/run/motd state

roles/py_respondd/templates/config.json.j2

@@ -38,7 +38,7 @@
 {% if 'gateways' in group_names %}
 			"br_iface": "br{{domaene[0]}}",
 {%endif%}
-			"site_code": "ffmsd{{domaene[0]}}"
+			"site_code": "ffdo-d{{domaene[0]}}"
 		}{% if not loop.last %},{% endif %}
 {% endfor %}
 

supernodes.yml

@@ -13,17 +13,18 @@
     - { role: tunearpcache, tags: "tunearpcache"}
     - { role: ip_forwarding, tags: "ip_forwarding"}
     - { role: iptables, tags: "iptables"}
-#F    - { role: gateways_gre_upstream, tags: "gateways_gre_upstream"}
-#F    - { role: backbone_gre_ffms, tags: "backbone_gre_ffms"}
+    - { role: gateways_gre_upstream, tags: "gateways_gre_upstream", when "Hoster == 'FFRL-Berlin'"}
+    - { role: backbone_gre_ffdo, tags: "backbone_gre_ffms"}
     - { role: batman_build, tags: "batman_build", when:  "'batman_version' in hostvars[inventory_hostname] and domaenenliste is defined"}
     - { role: gateways_batman, tags: "gateways_batman"}
     - { role: gateways_gretap, tags: "gateways_gretap"}
     - { role: gateways_l2tp_new, tags: "gateways_l2tp_new"}
-    - { role: bird, tags: "bird"}
+    - { role: bird_dtm, tags: "bird", when: secondary_vnic is defined }
+    - { role: bird, tags: "bird", when: secondary_vnic is undefined }
     - { role: gateways_dhcp, tags: "gateways_dhcp", when: "'dhcp_type' not in hostvars[inventory_hostname] or dhcp_type == 'isc-dhcp'"}
 #F    - { role: gateways_bind, tags: "gateways_bind"}
     - { role: gateways_unbound, tags: "gateways_unbound"}
-    - { role: collectd, tags: "collectd"}
+#    - { role: collectd, tags: "collectd"}
     - { role: gateways_kea_build, tags: "gateways_kea_build", when: "'dhcp_type' in hostvars[inventory_hostname] and dhcp_type == 'kea'"}
     - { role: gateways_kea_postgres, tags: "gateways_kea_postgres", when: "'dhcp_type' in hostvars[inventory_hostname] and dhcp_type == 'kea' and kea.database.type == 'postgresql'"}
     - { role: gateways_kea_configure, tags: "gateways_kea_configure", when: "'dhcp_type' in hostvars[inventory_hostname] and dhcp_type == 'kea'"}
@@ -31,5 +32,5 @@
 #F    - { role: nrpe, tags: "nrpe"}
 #    - { role: set_kernel_param_maxcpus, tags: "set_kernel_param_maxcpus"}
     - { role: unattended_upgrades, tags: "unattended_upgrades"}
-    - { role: gateways_2nd_vnic, tags: "gateways_2nd_vnic" }
+    - { role: gateways_2nd_vnic, tags: "gateways_2nd_vnic", when: "hoster == 'Eimann'"}
     - { role: services_ntp, tags: "services_ntp" }