uplink: add additional peers

master
Niklas Yann Wettengel 7 years ago
parent 41b22ed59b
commit 663c6c74c6

1
.gitignore vendored

@ -1,5 +1,6 @@
inventory.ini inventory.ini
host_vars/* host_vars/*
group_vars/*
*.swp *.swp
*.retry *.retry

@ -0,0 +1,6 @@
wireguard_bb_peers:
- name: 'fastd4'
endpoint: '<ipv6 endpoint>'
pub_key: '<wireguard public key>'
ipv4: '<ipv4>'
port: <port>

@ -1,29 +1,58 @@
--- ---
- name: create wireguard config for peers - name: create wireguard config for fastds
template: template:
src: wg.conf.j2 src: wg.conf.j2
dest: /etc/wireguard/wgbb{{ hostvars[item]['wireguard_bb_name'] }}.conf dest: /etc/wireguard/wgbb{{ hostvars[item]['wireguard_bb_name'] }}.conf
mode: 0400 mode: 0400
with_items: "{{ groups['fastd'] }}" with_items: "{{ groups['fastd'] }}"
- name: create wireguard up scripts for peers - name: create wireguard config for additional peers
template:
src: wg2.conf.j2
dest: /etc/wireguard/wgbb{{ item.name }}.conf
mode: 0400
with_items: "{{ wireguard_bb_peers }}"
- name: create wireguard up scripts for fastds
template: template:
src: up.sh.j2 src: up.sh.j2
dest: /etc/wireguard/upbb{{ hostvars[item]['wireguard_bb_name'] }}.sh dest: /etc/wireguard/upbb{{ hostvars[item]['wireguard_bb_name'] }}.sh
mode: 0744 mode: 0744
with_items: "{{ groups['fastd'] }}" with_items: "{{ groups['fastd'] }}"
- name: create wireguard down scripts for peers - name: create wireguard up scripts for additional peers
template:
src: up2.sh.j2
dest: /etc/wireguard/upbb{{ item.name }}.sh
mode: 0744
with_items: "{{ wireguard_bb_peers }}"
- name: create wireguard down scripts for fastds
template: template:
src: down.sh.j2 src: down.sh.j2
dest: /etc/wireguard/downbb{{ hostvars[item]['wireguard_bb_name'] }}.sh dest: /etc/wireguard/downbb{{ hostvars[item]['wireguard_bb_name'] }}.sh
mode: 0744 mode: 0744
with_items: "{{ groups['fastd'] }}" with_items: "{{ groups['fastd'] }}"
- name: start and enable wireguard mesh - name: create wireguard down scripts for additional peers
template:
src: down2.sh.j2
dest: /etc/wireguard/downbb{{ item.name }}.sh
mode: 0744
with_items: "{{ wireguard_bb_peers }}"
- name: start and enable wireguard mesh for fastds
systemd: systemd:
name: wgbackbone@{{ hostvars[item]['wireguard_bb_name'] }}.service name: wgbackbone@{{ hostvars[item]['wireguard_bb_name'] }}.service
enabled: yes enabled: yes
state: started state: started
daemon_reload: yes daemon_reload: yes
with_items: "{{ groups['fastd'] }}" with_items: "{{ groups['fastd'] }}"
- name: start and enable wireguard mesh for additional peers
systemd:
name: wgbackbone@{{ item.name }}.service
enabled: yes
state: started
daemon_reload: yes
with_items: "{{ wireguard_bb_peers }}"

@ -0,0 +1,5 @@
#!/bin/bash
ip -4 rule del iif bb{{ item.name }} table ffmyk
ip -6 rule del iif bb{{ item.name }} table ffmyk
ip link set down dev bb{{ item.name }}
ip link del bb{{ item.name }}

@ -0,0 +1,8 @@
#!/bin/bash
ip link add bb{{ item.name }} type wireguard
wg setconf bb{{ item.name }} /etc/wireguard/wgbb{{ item.name }}.conf
ip addr add {{ wireguard_bb_ipv6 }} dev bb{{ item.name }}
ip addr add {{ wireguard_bb_ipv4 }}/32 peer {{ item.ipv4 }}/32 dev bb{{ item.name }}
ip link set up dev bb{{ item.name }}
ip -4 rule add iif bb{{ item.name }} table ffmyk priority 10
ip -6 rule add iif bb{{ item.name }} table ffmyk priority 10

@ -0,0 +1,9 @@
[Interface]
ListenPort = {{ item.port }}
PrivateKey = {{ wireguard_bb_priv_key }}
[Peer]
PublicKey = {{ item.pub_key }}
AllowedIPs = 0.0.0.0/0,::/0
Endpoint = [{{ item.endpoint }}]:{{ wireguard_bb_port }}
PersistentKeepalive = 30
Loading…
Cancel
Save