new net with nat64
Niklas Yann Wettengel
3 years ago
parent
b53a8cf228
commit
fb0dbf28a0
@ -0,0 +1,19 @@
|
||||
---
|
||||
- name: add aurto repo (1/3)
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/pacman.conf
|
||||
line: "[aurto]"
|
||||
|
||||
- name: add aurto repo (2/3)
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/pacman.conf
|
||||
line: "SigLevel = Optional TrustAll"
|
||||
|
||||
- name: add aurto repo (3/3)
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/pacman.conf
|
||||
line: "Server = https://aur.niyawe.de/"
|
||||
|
||||
- name: update pacman cache
|
||||
pacman:
|
||||
update_cache: yes
|
||||
@ -0,0 +1,2 @@
|
||||
[Service]
|
||||
ExecStartPre=/usr/bin/ip addr replace {{ dns_ip }}/128 dev lo
|
||||
@ -1,73 +0,0 @@
|
||||
#!/usr/bin/perl -w
|
||||
# -*- perl -*-
|
||||
|
||||
=head1 NAME
|
||||
|
||||
fastd_peers_ - Plugin to monitor fastd peers
|
||||
|
||||
=head1 CONFIGURATION
|
||||
|
||||
Set user and group to have access to the socket
|
||||
Set path to socketfile if not /tmp/fastd.sock
|
||||
|
||||
[fastd_peers_*]
|
||||
user fastd
|
||||
group fastd
|
||||
env.socketfile /tmp/fastd.sock
|
||||
|
||||
=head1 USAGE
|
||||
|
||||
Link this plugin to /etc/munin/plugins/
|
||||
|
||||
After creating the links, restart munin-node. Don't forget to configure the plugin!
|
||||
|
||||
=head1 AUTHORS
|
||||
|
||||
Dominique Goersch <mail@dgoersch.info>
|
||||
Niklas Yann Wettengel <niyawe@niyawe.de>
|
||||
|
||||
=head1 LICENSE
|
||||
|
||||
GPLv2
|
||||
|
||||
=head1 MAGIC MARKERS
|
||||
|
||||
#%# family=manual
|
||||
|
||||
=cut
|
||||
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
use File::Basename;
|
||||
use IO::Socket::UNIX qw( SOCK_STREAM );
|
||||
use JSON;
|
||||
|
||||
if ($ARGV[0] and $ARGV[0] eq "config") { #config graph
|
||||
print "graph_title fastd peers\n";
|
||||
print "graph_info This graph shows the peers of the fastd on this supernode\n";
|
||||
print "graph_args -l 0\n";
|
||||
print "graph_scale no\n";
|
||||
print "graph_vlabel peers count\n";
|
||||
print "graph_category fastd\n";
|
||||
print "peers.label peers\n";
|
||||
print "peers.draw AREA\n";
|
||||
exit 0;
|
||||
}
|
||||
|
||||
|
||||
my $statusfile = exists $ENV{'socketfile'} ? $ENV{'socketfile'} : "/tmp/fastd.sock"; #get path to socket from environment or use default
|
||||
my $socket = IO::Socket::UNIX->new(Type => SOCK_STREAM,Peer => $statusfile) #open socket
|
||||
or die("Can't connect to server: $!\n");
|
||||
|
||||
my $fastdstatus = "";
|
||||
foreach my $line (<$socket>) {$fastdstatus .= $line;} #read contents from socket
|
||||
my $json = decode_json($fastdstatus); #decode json
|
||||
|
||||
#my $fastd_peers = scalar(keys(%{$json->{peers}})); #get number of peers from json
|
||||
my $fastd_peers = 0;
|
||||
for my $key (keys(%{$json->{peers}})) {
|
||||
$fastd_peers = $fastd_peers + ($json->{peers}{$key}{connection}? 1 : 0);
|
||||
}
|
||||
|
||||
print "peers.value $fastd_peers\n"; #return number of peers
|
||||
@ -1,124 +0,0 @@
|
||||
#!/usr/bin/perl -w
|
||||
# -*- perl -*-
|
||||
|
||||
=head1 NAME
|
||||
|
||||
fastd_ - Plugin to monitor fastd uptime, peers and traffic
|
||||
|
||||
=head1 CONFIGURATION
|
||||
|
||||
Set user and group to have access to the socket
|
||||
Set path to socketfile if not /tmp/fastd.sock
|
||||
|
||||
[fastd_*]
|
||||
user fastd
|
||||
group fastd
|
||||
env.socketfile /tmp/fastd.sock
|
||||
|
||||
=head1 USAGE
|
||||
|
||||
Link this plugin to /etc/munin/plugins/ with the type of graph (uptime, peers, traffic)
|
||||
append to the linkname, ie: /etc/munin/plugins/fastd_peers
|
||||
|
||||
After creating the links, restart munin-node. Don't forget to configure the plugin!
|
||||
|
||||
=head1 AUTHORS
|
||||
|
||||
Dominique Goersch <mail@dgoersch.info>
|
||||
|
||||
=head1 LICENSE
|
||||
|
||||
GPLv2
|
||||
|
||||
=head1 MAGIC MARKERS
|
||||
|
||||
#%# family=manual
|
||||
#%# capabilities=suggest
|
||||
|
||||
=cut
|
||||
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
use File::Basename;
|
||||
use IO::Socket::UNIX qw( SOCK_STREAM );
|
||||
use JSON;
|
||||
|
||||
my $mode = basename($0); #get basename
|
||||
$mode =~ s/fastd_//; #and strip 'fastd_' to get the mode
|
||||
|
||||
if ($ARGV[0] and $ARGV[0] eq "config") { #config graph
|
||||
if ($mode eq 'uptime') { #for uptime
|
||||
print "graph_title fastd Uptime\n";
|
||||
print "graph_info This graph shows the uptime of the fastd on this supernode\n";
|
||||
print "graph_args -l 0\n";
|
||||
print "graph_scale no\n";
|
||||
print "graph_vlabel uptime in days\n";
|
||||
print "graph_category fastd\n";
|
||||
print "uptime.label uptime\n";
|
||||
print "uptime.draw AREA\n";
|
||||
}
|
||||
elsif ($mode eq 'peers') { #for peers
|
||||
print "graph_title fastd peers\n";
|
||||
print "graph_info This graph shows the peers of the fastd on this supernode\n";
|
||||
print "graph_args -l 0\n";
|
||||
print "graph_scale no\n";
|
||||
print "graph_vlabel peers count\n";
|
||||
print "graph_category fastd\n";
|
||||
print "peers.label peers\n";
|
||||
print "peers.draw AREA\n";
|
||||
}
|
||||
elsif ($mode eq 'traffic') { #for traffic
|
||||
print "graph_order down up\n";
|
||||
print "graph_title fastd traffic\n";
|
||||
print "graph_args --base 1000\n";
|
||||
print "graph_vlabel bits in (-) / out (+) per second\n";
|
||||
print "graph_category fastd\n";
|
||||
print "graph_info This graph shows the traffic of fast.\n";
|
||||
print "down.label received\n";
|
||||
print "down.type DERIVE\n";
|
||||
print "down.graph no\n";
|
||||
print "down.cdef down,8,*\n";
|
||||
print "down.min 0\n";
|
||||
print "up.label bps\n";
|
||||
print "up.type DERIVE\n";
|
||||
print "up.negative down\n";
|
||||
print "up.cdef up,8,*\n";
|
||||
print "up.min 0\n";
|
||||
}
|
||||
exit 0;
|
||||
}
|
||||
|
||||
if ($ARGV[0] and $ARGV[0] eq "suggest") { #tell munin about our graphs
|
||||
print "uptime\n";
|
||||
print "peers\n";
|
||||
print "traffic\n";
|
||||
}
|
||||
|
||||
|
||||
|
||||
my $statusfile = exists $ENV{'socketfile'} ? $ENV{'socketfile'} : "/tmp/fastd.sock"; #get path to socket from environment or use default
|
||||
my $socket = IO::Socket::UNIX->new(Type => SOCK_STREAM,Peer => $statusfile) #open socket
|
||||
or die("Can't connect to server: $!\n");
|
||||
|
||||
my $fastdstatus = "";
|
||||
foreach my $line (<$socket>) {$fastdstatus .= $line;} #read contents from socket
|
||||
my $json = decode_json($fastdstatus); #decode json
|
||||
|
||||
my $fastd_uptime = $json->{uptime}; #get the uptime from json
|
||||
#my $fastd_peers = scalar(keys(%{$json->{peers}})); #get number of peers from json
|
||||
my $fastd_peers = 0;
|
||||
for my $key (keys(%{$json->{peers}})) {
|
||||
$fastd_peers = $fastd_peers + ($json->{peers}{$key}{connection}? 1 : 0);
|
||||
}
|
||||
my $fastd_rx_bytes = $json->{statistics}->{rx}->{bytes}; #get recieved bytes from json
|
||||
my $fastd_tx_bytes = $json->{statistics}->{tx}->{bytes}; #get transmittetd bytes from json
|
||||
|
||||
if ( $mode eq 'uptime' ) {
|
||||
printf "uptime.value %.0f\n",$fastd_uptime/86400000; #return uptime in seconds
|
||||
} elsif ($mode eq 'peers') {
|
||||
print "peers.value $fastd_peers\n"; #return number of peers
|
||||
} elsif ($mode eq 'traffic') {
|
||||
print "up.value $fastd_tx_bytes\n"; #return transmitted bytes
|
||||
print "down.value $fastd_rx_bytes\n"; #and recieved bytes
|
||||
}
|
||||
@ -1,79 +0,0 @@
|
||||
#!/usr/bin/perl -w
|
||||
# -*- perl -*-
|
||||
|
||||
=head1 NAME
|
||||
|
||||
fastd_traffic_ - Plugin to monitor fastd traffic
|
||||
|
||||
=head1 CONFIGURATION
|
||||
|
||||
Set user and group to have access to the socket
|
||||
Set path to socketfile if not /tmp/fastd.sock
|
||||
|
||||
[fastd_traffic_*]
|
||||
user fastd
|
||||
group fastd
|
||||
env.socketfile /tmp/fastd.sock
|
||||
|
||||
=head1 USAGE
|
||||
|
||||
Link this plugin to /etc/munin/plugins/
|
||||
|
||||
After creating the links, restart munin-node. Don't forget to configure the plugin!
|
||||
|
||||
=head1 AUTHORS
|
||||
|
||||
Dominique Goersch <mail@dgoersch.info>
|
||||
Niklas Yann Wettengel <niyawe@niyawe.de>
|
||||
|
||||
=head1 LICENSE
|
||||
|
||||
GPLv2
|
||||
|
||||
=head1 MAGIC MARKERS
|
||||
|
||||
#%# family=manual
|
||||
|
||||
=cut
|
||||
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
use File::Basename;
|
||||
use IO::Socket::UNIX qw( SOCK_STREAM );
|
||||
use JSON;
|
||||
|
||||
if ($ARGV[0] and $ARGV[0] eq "config") { #config graph
|
||||
print "graph_order down up\n";
|
||||
print "graph_title fastd traffic\n";
|
||||
print "graph_args --base 1000\n";
|
||||
print "graph_vlabel bits in (-) / out (+) per second\n";
|
||||
print "graph_category fastd\n";
|
||||
print "graph_info This graph shows the traffic of fast.\n";
|
||||
print "down.label received\n";
|
||||
print "down.type DERIVE\n";
|
||||
print "down.graph no\n";
|
||||
print "down.cdef down,8,*\n";
|
||||
print "down.min 0\n";
|
||||
print "up.label bps\n";
|
||||
print "up.type DERIVE\n";
|
||||
print "up.negative down\n";
|
||||
print "up.cdef up,8,*\n";
|
||||
print "up.min 0\n";
|
||||
exit 0;
|
||||
}
|
||||
|
||||
|
||||
my $statusfile = exists $ENV{'socketfile'} ? $ENV{'socketfile'} : "/tmp/fastd.sock"; #get path to socket from environment or use default
|
||||
my $socket = IO::Socket::UNIX->new(Type => SOCK_STREAM,Peer => $statusfile) #open socket
|
||||
or die("Can't connect to server: $!\n");
|
||||
|
||||
my $fastdstatus = "";
|
||||
foreach my $line (<$socket>) {$fastdstatus .= $line;} #read contents from socket
|
||||
my $json = decode_json($fastdstatus); #decode json
|
||||
|
||||
my $fastd_rx_bytes = $json->{statistics}->{rx}->{bytes}; #get recieved bytes from json
|
||||
my $fastd_tx_bytes = $json->{statistics}->{tx}->{bytes}; #get transmittetd bytes from json
|
||||
|
||||
print "up.value $fastd_tx_bytes\n"; #return transmitted bytes
|
||||
print "down.value $fastd_rx_bytes\n"; #and recieved bytes
|
||||
@ -0,0 +1,2 @@
|
||||
wgnlpy
|
||||
requests
|
||||
@ -0,0 +1,147 @@
|
||||
#!/usr/bin/env python
|
||||
|
||||
import socket
|
||||
import ipaddress
|
||||
import threading
|
||||
import time
|
||||
import zlib
|
||||
import json
|
||||
import os.path
|
||||
import sys
|
||||
from wgnlpy import WireGuard
|
||||
import requests
|
||||
from xml.etree import ElementTree
|
||||
|
||||
if not os.path.exists("/etc/respondd_poller.json"):
|
||||
print("/etc/respondd_poller.json missing")
|
||||
sys.exit(1)
|
||||
|
||||
interface = None
|
||||
prefix = None
|
||||
yanic_addr = None
|
||||
request = None
|
||||
|
||||
with open("/etc/respondd_poller.json", "r") as f:
|
||||
config = json.load(f)
|
||||
if "interface" in config:
|
||||
interface = config["interface"]
|
||||
if "prefix" in config:
|
||||
prefix = ipaddress.IPv6Network(config["prefix"])
|
||||
if "yanic_addr" in config and "yanic_port" in config:
|
||||
yanic_addr = (config["yanic_addr"], int(config["yanic_port"]))
|
||||
if "request" in config:
|
||||
request = config["request"].encode("ascii")
|
||||
|
||||
wg = WireGuard()
|
||||
sock = socket.socket(socket.AF_INET6, socket.SOCK_DGRAM)
|
||||
last_request = dict()
|
||||
last_response = dict()
|
||||
|
||||
def get_wg_peers():
|
||||
wgpeers = wg.get_interface(interface).peers
|
||||
for peer in wgpeers:
|
||||
for ip in wgpeers[peer].allowedips:
|
||||
if ip.subnet_of(prefix):
|
||||
yield ip
|
||||
|
||||
def inflate(data):
|
||||
decompress = zlib.decompressobj(-zlib.MAX_WBITS)
|
||||
inflated = decompress.decompress(data)
|
||||
inflated += decompress.flush()
|
||||
return inflated.decode()
|
||||
|
||||
def cleanup():
|
||||
while True:
|
||||
time.sleep(60)
|
||||
old = time.monotonic() - 360
|
||||
ips = []
|
||||
macs = []
|
||||
for ip in last_request:
|
||||
if last_response[ip] < old:
|
||||
ips.append(ip)
|
||||
for ip in ips:
|
||||
del last_response[ip]
|
||||
del last_request[ip]
|
||||
|
||||
def recv():
|
||||
global sock
|
||||
while True:
|
||||
data, addr = sock.recvfrom(1500)
|
||||
sock.sendto(data, yanic_addr)
|
||||
j = json.loads(inflate(data))
|
||||
last_response[ipaddress.IPv6Address(addr[0])] = time.monotonic()
|
||||
|
||||
def send(ip):
|
||||
global request
|
||||
try:
|
||||
sock.sendto(request, (bytearray(str(ip).encode('ascii')), 1001))
|
||||
except:
|
||||
print("failed to send packet to", ip)
|
||||
return
|
||||
|
||||
def get_http_nodeinfo(ip):
|
||||
global last_request
|
||||
now = time.monotonic()
|
||||
try:
|
||||
status = requests.get('http://[' + str(ip) + ']/cgi-bin/status')
|
||||
except:
|
||||
return
|
||||
status_tree = ElementTree.fromstring(status.content)
|
||||
mesh_ifs = []
|
||||
interface_list = status_tree.findall(".//*[@data-interface]")
|
||||
for interface in interface_list:
|
||||
mesh_ifs.append(interface.attrib["data-interface"])
|
||||
for mesh_if in mesh_ifs:
|
||||
try:
|
||||
nodeinfo = requests.get('http://[' + str(ip) + ']/cgi-bin/dyn/neighbours-nodeinfo?' + mesh_if)
|
||||
except:
|
||||
return
|
||||
for line in nodeinfo.content.split(b'\n'):
|
||||
if line.startswith(b'data: {'):
|
||||
data = line.split(b': ', maxsplit=1)[1]
|
||||
data = json.loads(data)
|
||||
if "network" in data and "addresses" in data["network"]:
|
||||
for address in data["network"]["addresses"]:
|
||||
if ipaddress.IPv6Network(address).subnet_of(prefix):
|
||||
node_ip = ipaddress.IPv6Address(address)
|
||||
if node_ip not in last_request:
|
||||
last_request[node_ip] = now
|
||||
last_response[node_ip] = now
|
||||
|
||||
def scan_wg_peers():
|
||||
global last_request
|
||||
while True:
|
||||
print("scanning wg peers")
|
||||
request_threads = []
|
||||
now = time.monotonic()
|
||||
for net in get_wg_peers():
|
||||
ip = ipaddress.IPv6Address(str(net.network_address) + "1")
|
||||
if ip not in last_request:
|
||||
last_request[ip] = now
|
||||
last_response[ip] = now
|
||||
request_thread = threading.Thread(target=get_http_nodeinfo, args=(ip,))
|
||||
request_thread.start()
|
||||
request_threads.append(request_thread)
|
||||
if len(request_threads) > 10:
|
||||
for thread in request_threads:
|
||||
thread.join()
|
||||
request_threads = []
|
||||
time.sleep(60)
|
||||
|
||||
|
||||
listen_thread = threading.Thread(target=recv)
|
||||
listen_thread.start()
|
||||
cleanup_thread = threading.Thread(target=cleanup)
|
||||
cleanup_thread.start()
|
||||
scan_thread = threading.Thread(target=scan_wg_peers)
|
||||
scan_thread.start()
|
||||
|
||||
last_wg_time = 0
|
||||
|
||||
while True:
|
||||
now = time.monotonic()
|
||||
for ip in last_request:
|
||||
if now - last_request[ip] > 15:
|
||||
last_request[ip] = now
|
||||
send(ip)
|
||||
time.sleep(1)
|
||||
@ -0,0 +1,12 @@
|
||||
[Unit]
|
||||
Description=respondd_poller
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
ExecStart=/opt/respondd_poller/venv/bin/python -u /opt/respondd_poller/respondd_poller.py
|
||||
Restart=always
|
||||
WorkingDirectory=/opt/respondd_poller
|
||||
Environment=PYTHONPATH=/opt/respondd_poller
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
@ -0,0 +1,48 @@
|
||||
---
|
||||
- name: install respondd_poller dependencies
|
||||
pacman:
|
||||
name:
|
||||
- git
|
||||
- python-virtualenv
|
||||
- python-setuptools
|
||||
state: present
|
||||
|
||||
- name: create venv
|
||||
command:
|
||||
cmd: "python -m venv /opt/respondd_poller/venv"
|
||||
creates: /opt/respondd_poller/venv
|
||||
|
||||
- name: install respondd_poller requirements
|
||||
copy:
|
||||
src: requirements.txt
|
||||
dest: /opt/respondd_poller/requirements.txt
|
||||
mode: 0644
|
||||
|
||||
- name: install respondd_poller script
|
||||
copy:
|
||||
src: respondd_poller.py
|
||||
dest: /opt/respondd_poller/respondd_poller.py
|
||||
mode: 0644
|
||||
|
||||
- name: install requirements
|
||||
pip:
|
||||
requirements: /opt/respondd_poller/requirements.txt
|
||||
virtualenv: /opt/respondd_poller/venv
|
||||
|
||||
- name: install respondd_poller config
|
||||
template:
|
||||
src: respondd_poller.json.j2
|
||||
dest: /etc/respondd_poller.json
|
||||
mode: 0644
|
||||
|
||||
- name: create respondd_poller service
|
||||
copy:
|
||||
src: respondd_poller.service
|
||||
dest: /etc/systemd/system/respondd_poller.service
|
||||
mode: 0644
|
||||
|
||||
- name: start and enable respondd_poller service
|
||||
systemd:
|
||||
name: respondd_poller
|
||||
state: started
|
||||
enabled: yes
|
||||
@ -0,0 +1,7 @@
|
||||
{
|
||||
"interface":"wgmyk",
|
||||
"prefix":"2a03:2260:1016::/48",
|
||||
"yanic_addr": "fe80::41:18ff:fec5:5041%wgmyk",
|
||||
"yanic_port": 10001,
|
||||
"request":"GET nodeinfo statistics neighbours"
|
||||
}
|
||||
@ -0,0 +1,5 @@
|
||||
---
|
||||
- name: restart tayga
|
||||
systemd:
|
||||
name: tayga.service
|
||||
state: restarted
|
||||
@ -0,0 +1,25 @@
|
||||
---
|
||||
- name: install tayga
|
||||
pacman:
|
||||
name: tayga
|
||||
state: present
|
||||
|
||||
- name: tayga.conf
|
||||
template:
|
||||
src: tayga.conf.j2
|
||||
dest: /etc/tayga.conf
|
||||
mode: 0644
|
||||
notify: restart tayga
|
||||
|
||||
- name: systemd override.conf
|
||||
template:
|
||||
src: systemd_override.conf.j2
|
||||
dest: /etc/systemd/system/tayga.service.d/override.conf
|
||||
mode: 0644
|
||||
notify: restart tayga
|
||||
|
||||
- name: start and enable tayga service
|
||||
systemd:
|
||||
name: tayga.service
|
||||
enabled: yes
|
||||
state: started
|
||||
@ -0,0 +1,10 @@
|
||||
[Service]
|
||||
ExecStart=
|
||||
ExecStartPre=/usr/bin/tayga --mktun --config /etc/tayga.conf
|
||||
ExecStartPre=/usr/bin/ip link set nat64 up
|
||||
ExecStartPre=/usr/bin/ip addr replace {{ tayga_ipv4 }}/32 dev nat64
|
||||
ExecStartPre=/usr/bin/ip addr replace 2a03:2260:1016::64/128 dev nat64
|
||||
ExecStartPre=/usr/bin/ip route replace {{ tayga_pool }} dev nat64 table ffmyk
|
||||
ExecStartPre=/usr/bin/ip -6 route replace 64:ff9b::/96 dev nat64 table ffmyk
|
||||
ExecStart=/usr/bin/tayga --nodetach --config /etc/tayga.conf
|
||||
Restart=always
|
||||
@ -0,0 +1,6 @@
|
||||
tun-device nat64
|
||||
ipv4-addr {{ tayga_ipv4 }}
|
||||
ipv6-addr 2a03:2260:1016::64
|
||||
prefix 64:ff9b::/96
|
||||
dynamic-pool {{ tayga_pool }}
|
||||
data-dir /var/db/tayga
|
||||
@ -0,0 +1,30 @@
|
||||
---
|
||||
- name: install wg_add dependencies
|
||||
pacman:
|
||||
name:
|
||||
- git
|
||||
- make
|
||||
- gcc
|
||||
state: present
|
||||
|
||||
- name: clone wg_add repo
|
||||
git:
|
||||
repo: https://github.com/FreifunkMYK/wg_add.git
|
||||
dest: /opt/wg_add_vpn
|
||||
version: vpn
|
||||
|
||||
- name: build wg_add
|
||||
make:
|
||||
chdir: /opt/wg_add_vpn
|
||||
|
||||
- name: install wg_add service
|
||||
template:
|
||||
src: wg_add_vpn.service.j2
|
||||
dest: /etc/systemd/system/wg_add_vpn.service
|
||||
mode: 0644
|
||||
|
||||
- name: start and enable wgkex service
|
||||
systemd:
|
||||
name: wg_add_vpn
|
||||
state: started
|
||||
enabled: yes
|
||||
@ -0,0 +1,10 @@
|
||||
[Unit]
|
||||
Description=wg_add
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
ExecStart=/opt/wg_add_vpn/wg_add {{ ansible_default_ipv4.interface }} wgmyk
|
||||
Restart=always
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
@ -0,0 +1,29 @@
|
||||
---
|
||||
- name: install wg_prefix_provider dependencies
|
||||
pacman:
|
||||
name:
|
||||
- git
|
||||
- make
|
||||
- gcc
|
||||
state: present
|
||||
|
||||
- name: clone wg_prefix_provider repo
|
||||
git:
|
||||
repo: https://github.com/FreifunkMYK/wg_prefix_provider.git
|
||||
dest: /opt/wg_prefix_provider
|
||||
|
||||
- name: build wg_prefix_provider
|
||||
make:
|
||||
chdir: /opt/wg_prefix_provider
|
||||
|
||||
- name: install wg_prefix_provider service
|
||||
template:
|
||||
src: wg_prefix_provider.service.j2
|
||||
dest: /etc/systemd/system/wg_prefix_provider.service
|
||||
mode: 0644
|
||||
|
||||
- name: start and enable wg_prefix_provider service
|
||||
systemd:
|
||||
name: wg_prefix_provider
|
||||
state: started
|
||||
enabled: yes
|
||||
@ -0,0 +1,10 @@
|
||||
[Unit]
|
||||
Description=wg_prefix_provider
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
ExecStart=/opt/wg_prefix_provider/wg_prefix_provider wgmyk 9999 {{ wireguard_vpn_client_range }}
|
||||
Restart=always
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
@ -0,0 +1,24 @@
|
||||
---
|
||||
- name: create wireguard config for wgmyk
|
||||
template:
|
||||
src: wg.conf.j2
|
||||
dest: /etc/wireguard/wgmyk.conf
|
||||
mode: 0400
|
||||
|
||||
- name: create wireguard up scripts for wgmyk
|
||||
template:
|
||||
src: up.sh.j2
|
||||
dest: /etc/wireguard/upmyk.sh
|
||||
mode: 0744
|
||||
|
||||
- name: create wireguard down scripts for wgmyk
|
||||
template:
|
||||
src: down.sh.j2
|
||||
dest: /etc/wireguard/downmyk.sh
|
||||
mode: 0744
|
||||
|
||||
- name: start and enable wireguard mesh
|
||||
systemd:
|
||||
name: wg-quick@wgmyk.service
|
||||
enabled: yes
|
||||
state: started
|
||||
@ -0,0 +1,6 @@
|
||||
#!/bin/bash
|
||||
|
||||
ip -6 route del {{ wireguard_vpn_client_range }} table ffmyk dev wgmyk
|
||||
|
||||
ip -6 rule del iif wgmyk
|
||||
ip -6 rule del from {{ wireguard_vpn_client_range }}
|
||||
@ -0,0 +1,9 @@
|
||||
#!/bin/bash
|
||||
|
||||
ip -6 rule add iif wgmyk table ffmyk priority 10
|
||||
ip -6 rule add from {{ wireguard_vpn_client_range }} table ffmyk priority 10
|
||||
|
||||
ip -6 rule add from all iif wgmyk type unreachable priority 200
|
||||
|
||||
ip -6 route add {{ wireguard_vpn_client_range }} table ffmyk dev wgmyk
|
||||
systemctl restart named.service
|
||||
@ -0,0 +1,7 @@
|
||||
[Interface]
|
||||
ListenPort = {{ wireguard_vpn_port }}
|
||||
PrivateKey = {{ wireguard_vpn_priv_key }}
|
||||
Address = {{ wireguard_vpn_address }}/128
|
||||
MTU = 1400
|
||||
PostUp = /etc/wireguard/upmyk.sh
|
||||
PreDown = /etc/wireguard/downmyk.sh
|
||||
Loading…
Reference in New Issue