uplink: add additional peers

6 years ago · 663c6c74c6
parent 41b22ed59b
commit 663c6c74c6
6 changed files with 62 additions and 4 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,5 +1,6 @@
 inventory.ini
 host_vars/*
+group_vars/*

 *.swp
 *.retry
--- a/group_vars/uplink
+++ b/group_vars/uplink
@ -0,0 +1,6 @@
+wireguard_bb_peers:
+  - name: 'fastd4'
+    endpoint: '<ipv6 endpoint>'
+    pub_key: '<wireguard public key>'
+    ipv4: '<ipv4>'
+    port: <port>
--- a/roles/install_wireguard_backbone/tasks/uplink_tasks.yml
+++ b/roles/install_wireguard_backbone/tasks/uplink_tasks.yml
@ -1,29 +1,58 @@
 ---
- name: create wireguard config for peers
+- name: create wireguard config for fastds
  template:
      src: wg.conf.j2
      dest: /etc/wireguard/wgbb{{ hostvars[item]['wireguard_bb_name'] }}.conf
      mode: 0400
  with_items: "{{ groups['fastd'] }}"

- name: create wireguard up scripts for peers
+- name: create wireguard config for additional peers
+  template:
+      src: wg2.conf.j2
+      dest: /etc/wireguard/wgbb{{ item.name }}.conf
+      mode: 0400
+  with_items: "{{ wireguard_bb_peers }}"
+
+- name: create wireguard up scripts for fastds
  template:
      src: up.sh.j2
      dest: /etc/wireguard/upbb{{ hostvars[item]['wireguard_bb_name'] }}.sh
      mode: 0744
  with_items: "{{ groups['fastd'] }}"

- name: create wireguard down scripts for peers
+- name: create wireguard up scripts for additional peers
+  template:
+      src: up2.sh.j2
+      dest: /etc/wireguard/upbb{{ item.name }}.sh
+      mode: 0744
+  with_items: "{{ wireguard_bb_peers }}"
+
+- name: create wireguard down scripts for fastds
  template:
      src: down.sh.j2
      dest: /etc/wireguard/downbb{{ hostvars[item]['wireguard_bb_name'] }}.sh
      mode: 0744
  with_items: "{{ groups['fastd'] }}"

- name: start and enable wireguard mesh
+- name: create wireguard down scripts for additional peers
+  template:
+      src: down2.sh.j2
+      dest: /etc/wireguard/downbb{{ item.name }}.sh
+      mode: 0744
+  with_items: "{{ wireguard_bb_peers }}"
+
+- name: start and enable wireguard mesh for fastds
  systemd:
      name: wgbackbone@{{ hostvars[item]['wireguard_bb_name'] }}.service
      enabled: yes
      state: started
      daemon_reload: yes
  with_items: "{{ groups['fastd'] }}"
+
+- name: start and enable wireguard mesh for additional peers
+  systemd:
+      name: wgbackbone@{{ item.name }}.service
+      enabled: yes
+      state: started
+      daemon_reload: yes
+  with_items: "{{ wireguard_bb_peers }}"
--- a/roles/install_wireguard_backbone/templates/down2.sh.j2
+++ b/roles/install_wireguard_backbone/templates/down2.sh.j2
@ -0,0 +1,5 @@
+#!/bin/bash
+ip -4 rule del iif bb{{ item.name }} table ffmyk
+ip -6 rule del iif bb{{ item.name }} table ffmyk
+ip link set down dev bb{{ item.name }}
+ip link del bb{{ item.name }}
--- a/roles/install_wireguard_backbone/templates/up2.sh.j2
+++ b/roles/install_wireguard_backbone/templates/up2.sh.j2
@ -0,0 +1,8 @@
+#!/bin/bash
+ip link add bb{{ item.name }} type wireguard
+wg setconf bb{{ item.name }} /etc/wireguard/wgbb{{ item.name }}.conf
+ip addr add {{ wireguard_bb_ipv6 }} dev bb{{ item.name }}
+ip addr add {{ wireguard_bb_ipv4 }}/32 peer {{ item.ipv4 }}/32 dev bb{{ item.name }}
+ip link set up dev bb{{ item.name }}
+ip -4 rule add iif bb{{ item.name }} table ffmyk priority 10
+ip -6 rule add iif bb{{ item.name }} table ffmyk priority 10
--- a/roles/install_wireguard_backbone/templates/wg2.conf.j2
+++ b/roles/install_wireguard_backbone/templates/wg2.conf.j2
@ -0,0 +1,9 @@
+[Interface]
+ListenPort = {{ item.port }}
+PrivateKey = {{ wireguard_bb_priv_key }}
+
+[Peer]
+PublicKey = {{ item.pub_key }}
+AllowedIPs = 0.0.0.0/0,::/0
+Endpoint = [{{ item.endpoint }}]:{{ wireguard_bb_port }}
+PersistentKeepalive = 30