fix

6 years ago · 09ae123075
parent b7615bd04e
commit 09ae123075
3 changed files with 13 additions and 5 deletions
--- a/roles/configure_iptables/templates/ip6tables.rules
+++ b/roles/configure_iptables/templates/ip6tables.rules
@ -58,6 +58,10 @@ COMMIT
 -A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT
 -A INPUT -p udp --dport {{ hostvars[peer]['wireguard_bb_port'] }} -j ACCEPT
 {% endfor %}
+{% for peer in wireguard_bb_peers|default([]) %}
+-A INPUT -i bb{{ peer.name }} -p udp --dport 6696 -j ACCEPT
+-A INPUT -p udp --dport {{ peer.port }} -j ACCEPT
+{% endfor %}
 {% endif %}
 # MOSH
 -A INPUT -p udp -m udp --dport 60000:61000 -j ACCEPT
--- a/roles/install_babeld/templates/babeld.conf.j2
+++ b/roles/install_babeld/templates/babeld.conf.j2
@ -14,6 +14,9 @@ interface bb{{ hostvars[peer]['wireguard_bb_name'] }}
 {% for peer in groups['fastd'] %}
 interface bb{{ hostvars[peer]['wireguard_bb_name'] }}
 {% endfor %}
+{% for peer in wireguard_bb_peers|default([]) %}
+interface bb{{ peer.name }}
+{% endfor %}
 {% endif %}

 # Global options you might want to set. There are many more, see the man page.
@ -61,6 +64,7 @@ redistribute if {{ peer.name }} metric 128
 # Only redistribute addresses from a given prefix, to avoid redistributing
 # all local addresses
 redistribute ip 10.222.0.0/16 allow
-redistribute ip 2001:470:cd45:FF00::/56 allow
+redistribute ip 2a01:198:70a:ff::0/64 allow
+redistribute ip 2001:470:cd45:ff00::/56 allow
 redistribute ip 2a03:2260:1016::/48 allow
 redistribute local deny
--- a/roles/install_wireguard_backbone/tasks/uplink_tasks.yml
+++ b/roles/install_wireguard_backbone/tasks/uplink_tasks.yml
@ -11,7 +11,7 @@
      src: wg2.conf.j2
      dest: /etc/wireguard/wgbb{{ item.name }}.conf
      mode: 0400
-  with_items: "{{ wireguard_bb_peers }}"
+  with_items: "{{ wireguard_bb_peers|default([]) }}"

 - name: create wireguard up scripts for fastds
  template:
@ -25,7 +25,7 @@
      src: up2.sh.j2
      dest: /etc/wireguard/upbb{{ item.name }}.sh
      mode: 0744
-  with_items: "{{ wireguard_bb_peers }}"
+  with_items: "{{ wireguard_bb_peers|default([]) }}"

 - name: create wireguard down scripts for fastds
  template:
@ -39,7 +39,7 @@
      src: down2.sh.j2
      dest: /etc/wireguard/downbb{{ item.name }}.sh
      mode: 0744
-  with_items: "{{ wireguard_bb_peers }}"
+  with_items: "{{ wireguard_bb_peers|default([]) }}"

 - name: start and enable wireguard mesh for fastds
  systemd:
@ -55,4 +55,4 @@
      enabled: yes
      state: started
      daemon_reload: yes
-  with_items: "{{ wireguard_bb_peers }}"
+  with_items: "{{ wireguard_bb_peers|default([]) }}"