From dfc02c3178f0075adf671d7450c71c1b75f67b93 Mon Sep 17 00:00:00 2001
From: Niklas Yann Wettengel <niyawe@niyawe.de>
Date: Wed, 2 May 2018 13:57:37 +0200
Subject: [PATCH] babel mesh between uplinks

---
 .../templates/ip6tables.rules                 |  7 +++++
 .../templates/iptables.rules                  |  3 ++
 roles/install_babeld/templates/babeld.conf.j2 |  3 ++
 .../tasks/uplink_tasks.yml                    | 29 +++++++++++++++++++
 4 files changed, 42 insertions(+)

diff --git a/roles/configure_iptables/templates/ip6tables.rules b/roles/configure_iptables/templates/ip6tables.rules
index bee7c48..8ee9f91 100644
--- a/roles/configure_iptables/templates/ip6tables.rules
+++ b/roles/configure_iptables/templates/ip6tables.rules
@@ -19,6 +19,9 @@
 {% for peer in groups['fastd'] %}
 -A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff
 {% endfor %}
+{% for peer in groups['uplink'] | difference([inventory_hostname]) %}
+-A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff
+{% endfor %}
 {% endif %}
 COMMIT
 *filter
@@ -65,6 +68,10 @@ COMMIT
 -A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT
 -A INPUT -p udp --dport {{ hostvars[peer]['wireguard_bb_port'] }} -j ACCEPT
 {% endfor %}
+{% for peer in groups['uplink'] | difference([inventory_hostname]) %}
+-A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT
+-A INPUT -p udp --dport {{ hostvars[peer]['wireguard_bb_port'] }} -j ACCEPT
+{% endfor %}
 {% for peer in wireguard_bb_peers|default([]) %}
 -A INPUT -i bb{{ peer.name }} -p udp --dport 6696 -j ACCEPT
 -A INPUT -p udp --dport {{ peer.port }} -j ACCEPT
diff --git a/roles/configure_iptables/templates/iptables.rules b/roles/configure_iptables/templates/iptables.rules
index 9a71279..f76fa56 100644
--- a/roles/configure_iptables/templates/iptables.rules
+++ b/roles/configure_iptables/templates/iptables.rules
@@ -19,6 +19,9 @@
 {% for peer in groups['fastd'] %}
 -A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -j MARK --set-xmark 0x1/0xffffffff
 {% endfor %}
+{% for peer in groups['uplink'] | difference([inventory_hostname]) %}
+-A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -j MARK --set-xmark 0x1/0xffffffff
+{% endfor %}
 {% endif %}
 COMMIT
 *filter
diff --git a/roles/install_babeld/templates/babeld.conf.j2 b/roles/install_babeld/templates/babeld.conf.j2
index bf39bd5..028e5b5 100644
--- a/roles/install_babeld/templates/babeld.conf.j2
+++ b/roles/install_babeld/templates/babeld.conf.j2
@@ -14,6 +14,9 @@ interface bb{{ hostvars[peer]['wireguard_bb_name'] }}
 {% for peer in groups['fastd'] %}
 interface bb{{ hostvars[peer]['wireguard_bb_name'] }}
 {% endfor %}
+{% for peer in groups['uplink'] | difference([inventory_hostname]) %}
+interface bb{{ hostvars[peer]['wireguard_bb_name'] }}
+{% endfor %}
 {% for peer in wireguard_bb_peers|default([]) %}
 interface bb{{ peer.name }}
 {% endfor %}
diff --git a/roles/install_wireguard_backbone/tasks/uplink_tasks.yml b/roles/install_wireguard_backbone/tasks/uplink_tasks.yml
index 7eed705..ea906e5 100644
--- a/roles/install_wireguard_backbone/tasks/uplink_tasks.yml
+++ b/roles/install_wireguard_backbone/tasks/uplink_tasks.yml
@@ -6,6 +6,13 @@
       mode: 0400
   with_items: "{{ groups['fastd'] }}"
 
+- name: create wireguard config for uplinks
+  template:
+      src: wg.conf.j2
+      dest: /etc/wireguard/wgbb{{ hostvars[item]['wireguard_bb_name'] }}.conf
+      mode: 0400
+  with_items: "{{ groups['uplink'] | difference([inventory_hostname]) }}"
+
 - name: create wireguard config for additional peers
   template:
       src: wg2.conf.j2
@@ -20,6 +27,13 @@
       mode: 0744
   with_items: "{{ groups['fastd'] }}"
 
+- name: create wireguard up scripts for uplinks
+  template:
+      src: up.sh.j2
+      dest: /etc/wireguard/upbb{{ hostvars[item]['wireguard_bb_name'] }}.sh
+      mode: 0744
+  with_items: "{{ groups['uplink'] | difference([inventory_hostname]) }}"
+
 - name: create wireguard up scripts for additional peers
   template:
       src: up2.sh.j2
@@ -34,6 +48,13 @@
       mode: 0744
   with_items: "{{ groups['fastd'] }}"
 
+- name: create wireguard down scripts for uplinks
+  template:
+      src: down.sh.j2
+      dest: /etc/wireguard/downbb{{ hostvars[item]['wireguard_bb_name'] }}.sh
+      mode: 0744
+  with_items: "{{ groups['uplink'] | difference([inventory_hostname]) }}"
+
 - name: create wireguard down scripts for additional peers
   template:
       src: down2.sh.j2
@@ -49,6 +70,14 @@
       daemon_reload: yes
   with_items: "{{ groups['fastd'] }}"
 
+- name: start and enable wireguard mesh for uplinks
+  systemd:
+      name: wgbackbone@{{ hostvars[item]['wireguard_bb_name'] }}.service
+      enabled: yes
+      state: started
+      daemon_reload: yes
+  with_items: "{{ groups['uplink'] | difference([inventory_hostname]) }}"
+
 - name: start and enable wireguard mesh for additional peers
   systemd:
       name: wgbackbone@{{ item.name }}.service