This document provides a rough overview of all the roles available for deployment.
This role ensures all packages that can be safely upgraded are up to date and reboots the system in case of kernel version changes.
This role ensures that the correct version of the B.A.T.M.A.N. kernel module and user space tools are installed and the batman_adv kernel module is loaded.
This roles sets up IPv4 BGP. The setup includes automatic peering with all devices in the bgp4 group.
This roles sets up IPv6 BGP. The setup includes automatic peering with all devices in the bgp6 group.
This role is a meta role that sets up common requirements for ffnw4 and ffnw6.
This role sets up an IPv4 peering with ffnw including IPv4 exit setup with NAT.
This role sets up an IPv6 peering with ffnw including IPv6 exit.
This role is the base role for setting up a gateway. It combines setup of required network interfaces, services and deployment of firewall rules.
This role is a hack that clamps the mss of tcp connections on the mesh interface as a fix for broken path MTU discovery.
This role sets up a fastd mesh vpn endpoint.
This role sets up a user for automated deployment of mesh vpn peer keys and allows the ci system to push repo updates via a preconfigured ssh key.
This role retrieves a set of ssh public keys from a git repo and creates users with administrative privileges that can be accessed by those keys.