ff-uniko1

host_vars/ff-loppermann1

@@ -28,7 +28,7 @@ wireguard_vpn_address: 'fe80::d3:16ff:fee5:6239'
 wireguard_vpn_client_range: '2a03:2260:1016:3000::/52'
 tayga_ipv4: 10.3.0.1
 tayga_pool: 10.3.0.0/16
-ffrl_router_id: 10.222.0.16
+ffrl_ip4: '185.66.194.105'
 ffrl_peers:
   - name: 'bbaakber'
     remote: '185.66.195.0'

host_vars/ff-uniko1

@@ -0,0 +1,68 @@
+---
+ansible_host: 2001:4c80:50:14::c04
+sites: []
+wireguard_bb_name: 'uniko1'
+wireguard_bb_endpoint: '{{ ansible_host }}'
+wireguard_bb_priv_key: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          33323865636533656363643734313137313933353762316661623164616232333730303032613736
+          6238353532643966316135323861393937623739656636650a343839373332343939316533363230
+          30333038643766663131316136373264343536343734356139393737303030383436616366336430
+          3762656635303866310a333930333034613963363562313930663932333237306462663364663762
+          39306631356330353035386164616164656339316362366366366532373065643034613561323233
+          6132653032393235336566363561323563666133306639376637
+wireguard_bb_pub_key: 'skqPL/XGmezXsF/3L/AO+kVF6XPw8ioGoN5T76Ukc30='
+wireguard_bb_ipv4: '10.222.0.13'
+wireguard_bb_ipv6: 'fe80::ffbb:ffbb:13'
+wireguard_bb_port: 10113
+wireguard_vpn_port: 10010
+wireguard_vpn_priv_key: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          32393830323730303332326634336466663262356131323333363936393431613137616462346662
+          6330386466393666626131303362633065393630323461380a373336633762643238643662663664
+          62383934616366373663653033353431633535393738393830363464303466313365373833306366
+          6533353438663861340a636638636265653136326130346133343332376663336161626234343136
+          39653135633037663766333863333063393635623937323139663063333863643637306630616565
+          6433343965626635393231646639366663393363363734623333
+wireguard_vpn_address: 'fe80::58:c9ff:fe34:9785'
+wireguard_vpn_client_range: '2a03:2260:1016:4000::/52'
+tayga_ipv4: 10.4.0.1
+tayga_pool: 10.4.0.0/16
+ffrl_ip4: '185.66.194.104'
+ffrl_peers:
+  - name: 'bbaakber'
+    remote: '185.66.195.0'
+    ip4: '100.64.11.81'
+    peer_ip4: '100.64.11.80'
+    ip6: '2a03:2260:0:5c1::2'
+    peer_ip6: '2a03:2260:0:5c1::1'
+  - name: 'bbafra2fra'
+    remote: '185.66.194.0'
+    ip4: '100.64.11.83'
+    peer_ip4: '100.64.11.82'
+    ip6: '2a03:2260:0:5c2::2'
+    peer_ip6: '2a03:2260:0:5c2::1'
+  - name: 'bbaixdus'
+    remote: '185.66.193.0'
+    ip4: '100.64.11.85'
+    peer_ip4: '100.64.11.84'
+    ip6: '2a03:2260:0:5c3::2'
+    peer_ip6: '2a03:2260:0:5c3::1'
+  - name: 'bbbakber'
+    remote: '185.66.195.1'
+    ip4: '100.64.11.87'
+    peer_ip4: '100.64.11.86'
+    ip6: '2a03:2260:0:5c4::2'
+    peer_ip6: '2a03:2260:0:5c4::1'
+  - name: 'bbbfra2fra'
+    remote: '185.66.194.1'
+    ip4: '100.64.11.89'
+    peer_ip4: '100.64.11.88'
+    ip6: '2a03:2260:0:5c5::2'
+    peer_ip6: '2a03:2260:0:5c5::1'
+  - name: 'bbbixdus'
+    remote: '185.66.193.1'
+    ip4: '100.64.11.91'
+    peer_ip4: '100.64.11.90'
+    ip6: '2a03:2260:0:5c6::2'
+    peer_ip6: '2a03:2260:0:5c6::1'

inventory.ini

@@ -2,3 +2,4 @@
 ff-niyawe1
 ff-niyawe2
 ff-loppermann1
+ff-uniko1

roles/install_bind/templates/named.conf.j2

@@ -4,7 +4,6 @@ options {
     directory "/var/named";
     pid-file "/run/named/named.pid";
 
-    dnssec-enable yes;
     dnssec-validation auto;
 
     auth-nxdomain no;    # conform to RFC1035
@@ -29,9 +28,9 @@ options {
     hostname none;
     server-id none;
 
-    dns64 64:ff9b::/96 {
-        clients { any; };
-    };
+    //dns64 64:ff9b::/96 {
+    //    clients { any; };
+    //};
 
     max-cache-size 1024M;
 };
@@ -69,47 +68,47 @@ zone "ffaw" IN {
     type slave;
     file "bak/ffaw.zone";
     allow-query { any; };
-    masters { 2a01:4f8:a0:826b:1::17; };
+    masters { 2a01:4f8:a0:6396:1::17; };
 };
 
 zone "ffcoc" IN {
     type slave;
     file "bak/ffcoc.zone";
     allow-query { any; };
-    masters { 2a01:4f8:a0:826b:1::17; };
+    masters { 2a01:4f8:a0:6396:1::17; };
 };
 
 zone "ffems" IN {
     type slave;
     file "bak/ffems.zone";
     allow-query { any; };
-    masters { 2a01:4f8:a0:826b:1::17; };
+    masters { 2a01:4f8:a0:6396:1::17; };
 };
 
 zone "ffko" IN {
     type slave;
     file "bak/ffko.zone";
     allow-query { any; };
-    masters { 2a01:4f8:a0:826b:1::17; };
+    masters { 2a01:4f8:a0:6396:1::17; };
 };
 
 zone "ffmy" IN {
     type slave;
     file "bak/ffmy.zone";
     allow-query { any; };
-    masters { 2a01:4f8:a0:826b:1::17; };
+    masters { 2a01:4f8:a0:6396:1::17; };
 };
 
 zone "ffmyk" IN {
     type slave;
     file "bak/ffmyk.zone";
     allow-query { any; };
-    masters { 2a01:4f8:a0:826b:1::17; };
+    masters { 2a01:4f8:a0:6396:1::17; };
 };
 
 zone "ffsim" IN {
     type slave;
     file "bak/ffsim.zone";
     allow-query { any; };
-    masters { 2a01:4f8:a0:826b:1::17; };
+    masters { 2a01:4f8:a0:6396:1::17; };
 };

roles/install_monitoring/files/ffmyk-influx/daemon.sh

@@ -3,6 +3,5 @@ cd /opt/ffmyk-influx
 while : ;do
 	php -c ./php.ini -f dhcp.php
 	php -c ./php.ini -f traffic.php
-	php -c ./php.ini -f fastd.php
 	sleep 15
 done

roles/install_monitoring/templates/ffmyk-influx/traffic.php.j2

@@ -21,7 +21,6 @@ function traffic($iface, $alias=false) {
 {% endif %}
 {% for site in sites %}
 (traffic('bat{{ site.name }}'));
-(traffic('vpn{{ site.name }}'));
 (traffic('wg{{ site.name }}'));
 {% endfor %}
 

roles/install_tayga/templates/tayga.conf.j2

@@ -3,4 +3,3 @@ ipv4-addr {{ tayga_ipv4 }}
 ipv6-addr 2a03:2260:1016::64
 prefix 64:ff9b::/96
 dynamic-pool {{ tayga_pool }}
-data-dir /var/db/tayga

roles/install_wireguard_vpn/templates/up.sh.j2

@@ -5,5 +5,5 @@ ip -6 rule add from {{ wireguard_vpn_client_range }} table ffmyk priority 10
 
 ip -6 rule add from all iif wgmyk type unreachable priority 200
 
-ip -6 route add {{ wireguard_vpn_client_range }} table ffmyk dev wgmyk
+ip -6 route add {{ wireguard_vpn_client_range }} table ffmyk dev wgmyk proto static
 systemctl restart named.service