babel mesh between uplinks

roles/configure_iptables/templates/ip6tables.rules

@@ -19,6 +19,9 @@
 {% for peer in groups['fastd'] %}
 -A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff
 {% endfor %}
+{% for peer in groups['uplink'] | difference([inventory_hostname]) %}
+-A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff
+{% endfor %}
 {% endif %}
 COMMIT
 *filter
@@ -65,6 +68,10 @@ COMMIT
 -A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT
 -A INPUT -p udp --dport {{ hostvars[peer]['wireguard_bb_port'] }} -j ACCEPT
 {% endfor %}
+{% for peer in groups['uplink'] | difference([inventory_hostname]) %}
+-A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT
+-A INPUT -p udp --dport {{ hostvars[peer]['wireguard_bb_port'] }} -j ACCEPT
+{% endfor %}
 {% for peer in wireguard_bb_peers|default([]) %}
 -A INPUT -i bb{{ peer.name }} -p udp --dport 6696 -j ACCEPT
 -A INPUT -p udp --dport {{ peer.port }} -j ACCEPT

roles/configure_iptables/templates/iptables.rules

@@ -19,6 +19,9 @@
 {% for peer in groups['fastd'] %}
 -A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -j MARK --set-xmark 0x1/0xffffffff
 {% endfor %}
+{% for peer in groups['uplink'] | difference([inventory_hostname]) %}
+-A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -j MARK --set-xmark 0x1/0xffffffff
+{% endfor %}
 {% endif %}
 COMMIT
 *filter

roles/install_babeld/templates/babeld.conf.j2

@@ -14,6 +14,9 @@ interface bb{{ hostvars[peer]['wireguard_bb_name'] }}
 {% for peer in groups['fastd'] %}
 interface bb{{ hostvars[peer]['wireguard_bb_name'] }}
 {% endfor %}
+{% for peer in groups['uplink'] | difference([inventory_hostname]) %}
+interface bb{{ hostvars[peer]['wireguard_bb_name'] }}
+{% endfor %}
 {% for peer in wireguard_bb_peers|default([]) %}
 interface bb{{ peer.name }}
 {% endfor %}

roles/install_wireguard_backbone/tasks/uplink_tasks.yml

@@ -6,6 +6,13 @@
       mode: 0400
   with_items: "{{ groups['fastd'] }}"
 
+- name: create wireguard config for uplinks
+  template:
+      src: wg.conf.j2
+      dest: /etc/wireguard/wgbb{{ hostvars[item]['wireguard_bb_name'] }}.conf
+      mode: 0400
+  with_items: "{{ groups['uplink'] | difference([inventory_hostname]) }}"
+
 - name: create wireguard config for additional peers
   template:
       src: wg2.conf.j2
@@ -20,6 +27,13 @@
       mode: 0744
   with_items: "{{ groups['fastd'] }}"
 
+- name: create wireguard up scripts for uplinks
+  template:
+      src: up.sh.j2
+      dest: /etc/wireguard/upbb{{ hostvars[item]['wireguard_bb_name'] }}.sh
+      mode: 0744
+  with_items: "{{ groups['uplink'] | difference([inventory_hostname]) }}"
+
 - name: create wireguard up scripts for additional peers
   template:
       src: up2.sh.j2
@@ -34,6 +48,13 @@
       mode: 0744
   with_items: "{{ groups['fastd'] }}"
 
+- name: create wireguard down scripts for uplinks
+  template:
+      src: down.sh.j2
+      dest: /etc/wireguard/downbb{{ hostvars[item]['wireguard_bb_name'] }}.sh
+      mode: 0744
+  with_items: "{{ groups['uplink'] | difference([inventory_hostname]) }}"
+
 - name: create wireguard down scripts for additional peers
   template:
       src: down2.sh.j2
@@ -49,6 +70,14 @@
       daemon_reload: yes
   with_items: "{{ groups['fastd'] }}"
 
+- name: start and enable wireguard mesh for uplinks
+  systemd:
+      name: wgbackbone@{{ hostvars[item]['wireguard_bb_name'] }}.service
+      enabled: yes
+      state: started
+      daemon_reload: yes
+  with_items: "{{ groups['uplink'] | difference([inventory_hostname]) }}"
+
 - name: start and enable wireguard mesh for additional peers
   systemd:
       name: wgbackbone@{{ item.name }}.service