added uplink group

master
Niklas Yann Wettengel 7 years ago
parent 03eb642632
commit 8225aa0e7c

@ -10,6 +10,10 @@ ff-uplink2
[ffrl_uplink] [ffrl_uplink]
ff-uplink1 ff-uplink1
[uplink:children]
mullvad_uplink
ffrl_uplink
[all:vars] [all:vars]
hetzner_webservice_username=<hetzner_webservice_username> hetzner_webservice_username=<hetzner_webservice_username>
hetzner_webservice_password=<hetzner_webservice_password> hetzner_webservice_password=<hetzner_webservice_password>

@ -11,19 +11,11 @@
{% endif %} {% endif %}
{% if 'fastd' in group_names %} {% if 'fastd' in group_names %}
{% for peer in groups['ffrl_uplink'] %} {% for peer in groups['uplink'] %}
-A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff
{% endfor %}
{% for peer in groups['mullvad_uplink'] %}
-A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff
{% endfor %}
{% endif %}
{% if 'mullvad_uplink' in group_names %}
{% for peer in groups['fastd'] %}
-A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff -A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if 'ffrl_uplink' in group_names %} {% if 'uplink' in group_names %}
{% for peer in groups['fastd'] %} {% for peer in groups['fastd'] %}
-A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff -A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff
{% endfor %} {% endfor %}
@ -56,22 +48,12 @@ COMMIT
{% endif %} {% endif %}
# wireguard_backbone # wireguard_backbone
{% if 'fastd' in group_names %} {% if 'fastd' in group_names %}
{% for peer in groups['ffrl_uplink'] %} {% for peer in groups['uplink'] %}
-A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT
-A INPUT -p udp --dport {{ hostvars[peer]['wireguard_bb_port'] }} -j ACCEPT
{% endfor %}
{% for peer in groups['mullvad_uplink'] %}
-A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT
-A INPUT -p udp --dport {{ hostvars[peer]['wireguard_bb_port'] }} -j ACCEPT
{% endfor %}
{% endif %}
{% if 'mullvad_uplink' in group_names %}
{% for peer in groups['fastd'] %}
-A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT -A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT
-A INPUT -p udp --dport {{ hostvars[peer]['wireguard_bb_port'] }} -j ACCEPT -A INPUT -p udp --dport {{ hostvars[peer]['wireguard_bb_port'] }} -j ACCEPT
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if 'ffrl_uplink' in group_names %} {% if 'uplink' in group_names %}
{% for peer in groups['fastd'] %} {% for peer in groups['fastd'] %}
-A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT -A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT
-A INPUT -p udp --dport {{ hostvars[peer]['wireguard_bb_port'] }} -j ACCEPT -A INPUT -p udp --dport {{ hostvars[peer]['wireguard_bb_port'] }} -j ACCEPT

@ -11,16 +11,11 @@
{% endif %} {% endif %}
{% if 'fastd' in group_names %} {% if 'fastd' in group_names %}
{% for peer in groups['ffrl_uplink'] %} {% for peer in groups['uplink'] %}
-A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -j MARK --set-xmark 0x1/0xffffffff -A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -j MARK --set-xmark 0x1/0xffffffff
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if 'mullvad_uplink' in group_names %} {% if 'uplink' in group_names %}
{% for peer in groups['fastd'] %}
-A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -j MARK --set-xmark 0x1/0xffffffff
{% endfor %}
{% endif %}
{% if 'ffrl_uplink' in group_names %}
{% for peer in groups['fastd'] %} {% for peer in groups['fastd'] %}
-A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -j MARK --set-xmark 0x1/0xffffffff -A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -j MARK --set-xmark 0x1/0xffffffff
{% endfor %} {% endfor %}

@ -6,19 +6,11 @@ ipv6-subtrees true
# You must provide at least one interface for babeld to operate on. # You must provide at least one interface for babeld to operate on.
{% if 'fastd' in group_names %} {% if 'fastd' in group_names %}
{% for peer in groups['ffrl_uplink'] %} {% for peer in groups['uplink'] %}
interface bb{{ hostvars[peer]['wireguard_bb_name'] }}
{% endfor %}
{% for peer in groups['mullvad_uplink'] %}
interface bb{{ hostvars[peer]['wireguard_bb_name'] }}
{% endfor %}
{% endif %}
{% if 'mullvad_uplink' in group_names %}
{% for peer in groups['fastd'] %}
interface bb{{ hostvars[peer]['wireguard_bb_name'] }} interface bb{{ hostvars[peer]['wireguard_bb_name'] }}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if 'ffrl_uplink' in group_names %} {% if 'uplink' in group_names %}
{% for peer in groups['fastd'] %} {% for peer in groups['fastd'] %}
interface bb{{ hostvars[peer]['wireguard_bb_name'] }} interface bb{{ hostvars[peer]['wireguard_bb_name'] }}
{% endfor %} {% endfor %}

@ -5,8 +5,7 @@
dest: /etc/wireguard/wgbb{{ hostvars[item]['wireguard_bb_name'] }}.conf dest: /etc/wireguard/wgbb{{ hostvars[item]['wireguard_bb_name'] }}.conf
mode: 0400 mode: 0400
with_items: with_items:
- "{{ groups['mullvad_uplink'] }}" - "{{ groups['uplink'] }}"
- "{{ groups['ffrl_uplink'] }}"
- name: create wireguard up scripts for peers - name: create wireguard up scripts for peers
template: template:
@ -14,8 +13,7 @@
dest: /etc/wireguard/upbb{{ hostvars[item]['wireguard_bb_name'] }}.sh dest: /etc/wireguard/upbb{{ hostvars[item]['wireguard_bb_name'] }}.sh
mode: 0744 mode: 0744
with_items: with_items:
- "{{ groups['mullvad_uplink'] }}" - "{{ groups['uplink'] }}"
- "{{ groups['ffrl_uplink'] }}"
- name: create wireguard down scripts for peers - name: create wireguard down scripts for peers
template: template:
@ -23,8 +21,7 @@
dest: /etc/wireguard/downbb{{ hostvars[item]['wireguard_bb_name'] }}.sh dest: /etc/wireguard/downbb{{ hostvars[item]['wireguard_bb_name'] }}.sh
mode: 0744 mode: 0744
with_items: with_items:
- "{{ groups['mullvad_uplink'] }}" - "{{ groups['uplink'] }}"
- "{{ groups['ffrl_uplink'] }}"
- name: start and enable wireguard mesh - name: start and enable wireguard mesh
systemd: systemd:
@ -33,5 +30,4 @@
state: started state: started
daemon_reload: yes daemon_reload: yes
with_items: with_items:
- "{{ groups['mullvad_uplink'] }}" - "{{ groups['uplink'] }}"
- "{{ groups['ffrl_uplink'] }}"

@ -7,9 +7,5 @@
- include_tasks: fastd_tasks.yml - include_tasks: fastd_tasks.yml
when: "'fastd' in group_names" when: "'fastd' in group_names"
- include_tasks: mullvad_uplink_tasks.yml - include_tasks: uplink_tasks.yml
when: "'mullvad_uplink' in group_names" when: "'uplink' in group_names"
- include_tasks: ffrl_uplink_tasks.yml
when: "'ffrl_uplink' in group_names"

@ -1,29 +0,0 @@
---
- name: create wireguard config for peers
template:
src: wg.conf.j2
dest: /etc/wireguard/wgbb{{ hostvars[item]['wireguard_bb_name'] }}.conf
mode: 0400
with_items: "{{ groups['fastd'] }}"
- name: create wireguard up scripts for peers
template:
src: up.sh.j2
dest: /etc/wireguard/upbb{{ hostvars[item]['wireguard_bb_name'] }}.sh
mode: 0744
with_items: "{{ groups['fastd'] }}"
- name: create wireguard down scripts for peers
template:
src: down.sh.j2
dest: /etc/wireguard/downbb{{ hostvars[item]['wireguard_bb_name'] }}.sh
mode: 0744
with_items: "{{ groups['fastd'] }}"
- name: start and enable wireguard mesh
systemd:
name: wgbackbone@{{ hostvars[item]['wireguard_bb_name'] }}.service
enabled: yes
state: started
daemon_reload: yes
with_items: "{{ groups['fastd'] }}"

@ -19,15 +19,15 @@
- install_radvd - install_radvd
- install_bind - install_bind
- install_wireguard - install_wireguard
#- install_wireguard_mesh - install_wireguard_mesh
- install_wireguard_backbone - install_wireguard_backbone
- install_babeld - install_babeld
- install_fastd - install_fastd
#- install_monitoring #- install_monitoring
- update_ssh_keys - update_ssh_keys
- install_admin_packages - install_admin_packages
- name: install openvpn uplink - name: basic uplink config
hosts: mullvad_uplink hosts: uplink
user: root user: root
roles: roles:
- configure_journald - configure_journald
@ -42,26 +42,16 @@
- install_wireguard - install_wireguard
- install_wireguard_backbone - install_wireguard_backbone
- install_babeld - install_babeld
- install_openvpn #- install_monitoring
- update_ssh_keys - update_ssh_keys
- install_admin_packages - install_admin_packages
- name: install openvpn uplink
hosts: mullvad_uplink
user: root
roles:
- install_openvpn
- name: setup ffrl - name: setup ffrl
hosts: ffrl_uplink hosts: ffrl_uplink
user: root user: root
roles: roles:
- configure_journald
- configure_sysctl
- configure_iptables
- configure_static_routes
- install_cronie
#- install_php
#- install_nginx
- install_ntp
- install_haveged
- install_wireguard
- install_wireguard_backbone
- install_babeld
- setup_ffrl_tunnel - setup_ffrl_tunnel
#- install_monitoring
- update_ssh_keys
- install_admin_packages

Loading…
Cancel
Save