From 060a041a7bf07960877099081554065bba155b4e Mon Sep 17 00:00:00 2001 From: Emil Renner Berthing Date: Thu, 11 Oct 2018 20:48:06 +0200 Subject: Migrate to new ipv6 prefix ..to avoid overlapping /32 announced by DKUUG. --- roles/space_server/files/bird/symbol6.conf | 4 ++-- roles/space_server/files/blackhole/blackhole.sh | 2 +- .../files/networkd/network/10-lan11.network | 6 +++--- .../files/networkd/network/10-lan12.network | 6 +++--- .../files/networkd/network/10-lan13.network | 6 +++--- .../files/networkd/network/10-lan14.network | 6 +++--- .../files/networkd/network/10-lan15.network | 2 +- .../files/networkd/network/10-lan20.network | 6 +++--- .../files/networkd/network/10-lo.network | 2 +- roles/space_server/files/nftables/nftables.conf | 16 +++++++-------- roles/space_server/files/radvd/radvd.conf | 20 +++++++++--------- roles/space_server/tasks/avahi.yml | 2 +- .../space_server/templates/unbound/unbound.conf.j2 | 24 +++++++++++----------- roles/space_server/vars/main.yml | 2 +- 14 files changed, 52 insertions(+), 52 deletions(-) diff --git a/roles/space_server/files/bird/symbol6.conf b/roles/space_server/files/bird/symbol6.conf index 0dbd7b6..fd142c9 100644 --- a/roles/space_server/files/bird/symbol6.conf +++ b/roles/space_server/files/bird/symbol6.conf @@ -1,7 +1,7 @@ define DEFAULT_ROUTE = ::/0; define LABITAT_PREFIXES = [ - 2a01:4260:1ab::/48 + 2a01:4262:1ab::/48 ]; -define PREFSRC = 2a01:4260:1ab::; +define PREFSRC = 2a01:4262:1ab::; diff --git a/roles/space_server/files/blackhole/blackhole.sh b/roles/space_server/files/blackhole/blackhole.sh index 695f0ea..56a6c10 100755 --- a/roles/space_server/files/blackhole/blackhole.sh +++ b/roles/space_server/files/blackhole/blackhole.sh @@ -3,4 +3,4 @@ set -e ip route add unreachable 185.38.175.0/24 -ip route add unreachable 2a01:4260:1ab::/48 +ip route add unreachable 2a01:4262:1ab::/48 diff --git a/roles/space_server/files/networkd/network/10-lan11.network b/roles/space_server/files/networkd/network/10-lan11.network index 152f836..88d714f 100644 --- a/roles/space_server/files/networkd/network/10-lan11.network +++ b/roles/space_server/files/networkd/network/10-lan11.network @@ -6,7 +6,7 @@ DHCP=no IPv6AcceptRA=no LinkLocalAddressing=no Address=10.42.1.1/24 -#Address=2a01:4260:1ab:b::1/64 +#Address=2a01:4262:1ab:b::1/64 Address=fe80::1/64 IPForward=yes LLMNR=yes @@ -15,5 +15,5 @@ LLDP=yes EmitLLDP=yes [Route] -Destination=2a01:4260:1ab:b::/64 -PreferredSource=2a01:4260:1ab:: +Destination=2a01:4262:1ab:b::/64 +PreferredSource=2a01:4262:1ab:: diff --git a/roles/space_server/files/networkd/network/10-lan12.network b/roles/space_server/files/networkd/network/10-lan12.network index 879cfc4..7f48f5b 100644 --- a/roles/space_server/files/networkd/network/10-lan12.network +++ b/roles/space_server/files/networkd/network/10-lan12.network @@ -6,7 +6,7 @@ DHCP=no IPv6AcceptRA=no LinkLocalAddressing=no Address=10.42.2.1/24 -#Address=2a01:4260:1ab:c::1/64 +#Address=2a01:4262:1ab:c::1/64 Address=fe80::1/64 IPForward=yes LLMNR=yes @@ -15,5 +15,5 @@ LLDP=yes EmitLLDP=yes [Route] -Destination=2a01:4260:1ab:c::/64 -PreferredSource=2a01:4260:1ab:: +Destination=2a01:4262:1ab:c::/64 +PreferredSource=2a01:4262:1ab:: diff --git a/roles/space_server/files/networkd/network/10-lan13.network b/roles/space_server/files/networkd/network/10-lan13.network index 3bb0e36..81e3911 100644 --- a/roles/space_server/files/networkd/network/10-lan13.network +++ b/roles/space_server/files/networkd/network/10-lan13.network @@ -6,7 +6,7 @@ DHCP=no IPv6AcceptRA=no LinkLocalAddressing=no Address=10.42.3.1/24 -#Address=2a01:4260:1ab:d::1/64 +#Address=2a01:4262:1ab:d::1/64 Address=fe80::1/64 IPForward=yes LLMNR=yes @@ -15,5 +15,5 @@ LLDP=yes EmitLLDP=yes [Route] -Destination=2a01:4260:1ab:d::/64 -PreferredSource=2a01:4260:1ab:: +Destination=2a01:4262:1ab:d::/64 +PreferredSource=2a01:4262:1ab:: diff --git a/roles/space_server/files/networkd/network/10-lan14.network b/roles/space_server/files/networkd/network/10-lan14.network index 849aabd..5b40bbf 100644 --- a/roles/space_server/files/networkd/network/10-lan14.network +++ b/roles/space_server/files/networkd/network/10-lan14.network @@ -6,7 +6,7 @@ DHCP=no IPv6AcceptRA=no LinkLocalAddressing=no Address=10.42.4.1/24 -#Address=2a01:4260:1ab:e::1/64 +#Address=2a01:4262:1ab:e::1/64 Address=fe80::1/64 IPForward=yes LLMNR=yes @@ -15,5 +15,5 @@ LLDP=yes EmitLLDP=yes [Route] -Destination=2a01:4260:1ab:e::/64 -PreferredSource=2a01:4260:1ab:: +Destination=2a01:4262:1ab:e::/64 +PreferredSource=2a01:4262:1ab:: diff --git a/roles/space_server/files/networkd/network/10-lan15.network b/roles/space_server/files/networkd/network/10-lan15.network index bd2b570..e3c99dd 100644 --- a/roles/space_server/files/networkd/network/10-lan15.network +++ b/roles/space_server/files/networkd/network/10-lan15.network @@ -5,7 +5,7 @@ Name=lan15 DHCP=no IPv6AcceptRA=no LinkLocalAddressing=no -Address=2a01:4260:1ab:f::1/64 +Address=2a01:4262:1ab:f::1/64 Address=fe80::1/64 IPForward=ipv6 LLMNR=yes diff --git a/roles/space_server/files/networkd/network/10-lan20.network b/roles/space_server/files/networkd/network/10-lan20.network index d480287..b30caa4 100644 --- a/roles/space_server/files/networkd/network/10-lan20.network +++ b/roles/space_server/files/networkd/network/10-lan20.network @@ -6,7 +6,7 @@ DHCP=no IPv6AcceptRA=no LinkLocalAddressing=no Address=185.38.175.65/26 -Address=2a01:4260:1ab:20::1/64 +Address=2a01:4262:1ab:20::1/64 Address=fe80::1/64 IPForward=yes LLMNR=no @@ -15,5 +15,5 @@ LLDP=yes EmitLLDP=no [Route] -Destination=2a01:4260:1ab::cafe/128 -Gateway=2a01:4260:1ab:20::5 +Destination=2a01:4262:1ab::cafe/128 +Gateway=2a01:4262:1ab:20::5 diff --git a/roles/space_server/files/networkd/network/10-lo.network b/roles/space_server/files/networkd/network/10-lo.network index d97da93..2321ce5 100644 --- a/roles/space_server/files/networkd/network/10-lo.network +++ b/roles/space_server/files/networkd/network/10-lo.network @@ -3,4 +3,4 @@ Name=lo [Network] Address=185.38.175.0/32 -Address=2a01:4260:1ab::/128 +Address=2a01:4262:1ab::/128 diff --git a/roles/space_server/files/nftables/nftables.conf b/roles/space_server/files/nftables/nftables.conf index 5583749..d33a7bf 100644 --- a/roles/space_server/files/nftables/nftables.conf +++ b/roles/space_server/files/nftables/nftables.conf @@ -4,15 +4,15 @@ define ap2 = 10.42.0.6 define labitat = 185.38.172.72 define spacewand4 = 185.38.175.70 -define spacewand6 = 2a01:4260:1ab::cafe +define spacewand6 = 2a01:4262:1ab::cafe # internal stuff define ext_if = wan define ext_ip4 = 185.38.175.0 -define ext_ip6 = 2a01:4260:1ab:: +define ext_ip6 = 2a01:4262:1ab:: define int_net4 = 10.42.0.0/16 define ext_net4 = 185.38.175.0/24 -define ext_net6 = 2a01:4260:1ab::/48 +define ext_net6 = 2a01:4262:1ab::/48 define link_net4 = 193.106.167.40/29 define link_net6 = 2a03:5440:1:2935:1ab::/120 @@ -23,27 +23,27 @@ define adm_net4 = 10.42.0.0/24 define wire_if = lan11 define wire_ip4 = 10.42.1.1 define wire_net4 = 10.42.1.0/24 -define wire_net6 = 2a01:4260:1ab:b::/64 +define wire_net6 = 2a01:4262:1ab:b::/64 define priv_if = lan12 define priv_ip4 = 10.42.2.1 define priv_net4 = 10.42.2.0/24 -define priv_net6 = 2a01:4260:1ab:c::/64 +define priv_net6 = 2a01:4262:1ab:c::/64 define free_if = lan13 define free_ip4 = 10.42.3.1 define free_net4 = 10.42.3.0/24 -define free_net6 = 2a01:4260:1ab:d::/64 +define free_net6 = 2a01:4262:1ab:d::/64 define pass_if = lan14 define pass_ip4 = 10.42.4.1 define pass_net4 = 10.42.4.0/24 -define pass_net6 = 2a01:4260:1ab:e::/64 +define pass_net6 = 2a01:4262:1ab:e::/64 define serv_if = lan20 define serv_ip4 = 185.38.175.65 define serv_net4 = 185.38.175.64/24 -define serv_net6 = 2a01:4260:1ab:20::/64 +define serv_net6 = 2a01:4262:1ab:20::/64 define avahi_ifs = { $wire_if, $priv_if, $pass_if } diff --git a/roles/space_server/files/radvd/radvd.conf b/roles/space_server/files/radvd/radvd.conf index 7f259ae..9f994a3 100644 --- a/roles/space_server/files/radvd/radvd.conf +++ b/roles/space_server/files/radvd/radvd.conf @@ -4,9 +4,9 @@ interface lan11 { MinRtrAdvInterval 3; MaxRtrAdvInterval 6; AdvLinkMTU 1500; - RDNSS 2a01:4260:1ab:: {}; + RDNSS 2a01:4262:1ab:: {}; - prefix 2a01:4260:1ab:b::/64 { + prefix 2a01:4262:1ab:b::/64 { #AdvValidLifetime 0; #AdvPreferredLifetime 0; }; @@ -18,9 +18,9 @@ interface lan12 { MinRtrAdvInterval 3; MaxRtrAdvInterval 6; AdvLinkMTU 1500; - RDNSS 2a01:4260:1ab:: {}; + RDNSS 2a01:4262:1ab:: {}; - prefix 2a01:4260:1ab:c::/64 { + prefix 2a01:4262:1ab:c::/64 { #AdvValidLifetime 0; #AdvPreferredLifetime 0; }; @@ -32,9 +32,9 @@ interface lan13 { MinRtrAdvInterval 3; MaxRtrAdvInterval 6; AdvLinkMTU 1500; - RDNSS 2a01:4260:1ab:: {}; + RDNSS 2a01:4262:1ab:: {}; - prefix 2a01:4260:1ab:d::/64 { + prefix 2a01:4262:1ab:d::/64 { #AdvValidLifetime 0; #AdvPreferredLifetime 0; }; @@ -46,9 +46,9 @@ interface lan14 { MinRtrAdvInterval 3; MaxRtrAdvInterval 6; AdvLinkMTU 1500; - RDNSS 2a01:4260:1ab:: {}; + RDNSS 2a01:4262:1ab:: {}; - prefix 2a01:4260:1ab:e::/64 { + prefix 2a01:4262:1ab:e::/64 { #AdvValidLifetime 0; #AdvPreferredLifetime 0; }; @@ -60,9 +60,9 @@ interface lan15 { MinRtrAdvInterval 3; MaxRtrAdvInterval 6; AdvLinkMTU 1500; - RDNSS 2a01:4260:1ab:: {}; + RDNSS 2a01:4262:1ab:: {}; - prefix 2a01:4260:1ab:f::/64 { + prefix 2a01:4262:1ab:f::/64 { #AdvValidLifetime 0; #AdvPreferredLifetime 0; }; diff --git a/roles/space_server/tasks/avahi.yml b/roles/space_server/tasks/avahi.yml index 59a8836..a725b58 100644 --- a/roles/space_server/tasks/avahi.yml +++ b/roles/space_server/tasks/avahi.yml @@ -64,7 +64,7 @@ value: 'yes' - section: publish option: 'publish-dns-servers' - value: '185.38.175.0,2a01:4260:1ab::' + value: '185.38.175.0,2a01:4262:1ab::' - section: publish option: 'publish-resolv-conf-dns-servers' value: 'no' diff --git a/roles/space_server/templates/unbound/unbound.conf.j2 b/roles/space_server/templates/unbound/unbound.conf.j2 index d2d3aed..d09d7af 100644 --- a/roles/space_server/templates/unbound/unbound.conf.j2 +++ b/roles/space_server/templates/unbound/unbound.conf.j2 @@ -11,10 +11,10 @@ server: interface: 127.0.0.1 interface: ::1 interface: 185.38.175.0 - interface: 2a01:4260:1ab:: + interface: 2a01:4262:1ab:: outgoing-interface: 185.38.175.0 - outgoing-interface: 2a01:4260:1ab:: + outgoing-interface: 2a01:4262:1ab:: outgoing-port-permit: 32768-60999 outgoing-port-avoid: 0-32767 @@ -33,13 +33,13 @@ server: # not free wifi 10.42.3.0/24 access-control-tag: 10.42.4.0/24 "local" access-control-tag: 10.42.5.0/24 "local" - access-control: 2a01:4260:1ab::/48 allow - access-control-tag: 2a01:4260:1ab:a::/64 "local" - access-control-tag: 2a01:4260:1ab:b::/64 "local" - access-control-tag: 2a01:4260:1ab:c::/64 "local" - # not free wifi 2a01:4260:1ab:d::/64 - access-control-tag: 2a01:4260:1ab:e::/64 "local" - access-control-tag: 2a01:4260:1ab:f::/64 "local" + access-control: 2a01:4262:1ab::/48 allow + access-control-tag: 2a01:4262:1ab:a::/64 "local" + access-control-tag: 2a01:4262:1ab:b::/64 "local" + access-control-tag: 2a01:4262:1ab:c::/64 "local" + # not free wifi 2a01:4262:1ab:d::/64 + access-control-tag: 2a01:4262:1ab:e::/64 "local" + access-control-tag: 2a01:4262:1ab:f::/64 "local" chroot: "" username: "unbound" @@ -100,11 +100,11 @@ server: local-data: "s. IN SOA space.labitat.dk. esmil.labitat.dk. 20171119 3600 1200 604800 10800" local-data: "s. IN NS space.labitat.dk." local-data: "s. IN A 10.42.1.1" - local-data: "s. IN AAAA 2a01:4260:1ab::" + local-data: "s. IN AAAA 2a01:4262:1ab::" local-data: "labitrack.s. IN A 185.38.175.70" - local-data: "labitrack.s. IN AAAA 2a01:4260:1ab::cafe" + local-data: "labitrack.s. IN AAAA 2a01:4262:1ab::cafe" local-data: "track.s. IN A 185.38.175.70" - local-data: "track.s. IN AAAA 2a01:4260:1ab::cafe" + local-data: "track.s. IN AAAA 2a01:4262:1ab::cafe" {% for host in local_hosts %} {% for ip in host.ips | ipv4 %} {% if loop.index <= 1 %} diff --git a/roles/space_server/vars/main.yml b/roles/space_server/vars/main.yml index 18d45cd..94dec47 100644 --- a/roles/space_server/vars/main.yml +++ b/roles/space_server/vars/main.yml @@ -100,7 +100,7 @@ local_hosts: mdns: false ips: - 10.42.1.37 - - 2a01:4260:1ab:b:9657:a5ff:fece:e26c + - 2a01:4262:1ab:b:9657:a5ff:fece:e26c - name: snakeskin description: Snakeskin controlling Raspberry Pi mac: b8:27:eb:9b:64:d9 -- cgit v1.2.1