diff options
author | Niklas Yann Wettengel <niyawe@niyawe.de> | 2018-01-26 16:10:11 +0100 |
---|---|---|
committer | Niklas Yann Wettengel <niyawe@niyawe.de> | 2018-01-26 16:10:11 +0100 |
commit | 09ae1230753c1db32eac9c3e30ebceab7d6d2b56 (patch) | |
tree | 6cf4bdd2d35b12d03dae3085d566716c6e79142c | |
parent | b7615bd04e0baf7be264af874f1ab7260402e49d (diff) |
fix
-rw-r--r-- | roles/configure_iptables/templates/ip6tables.rules | 4 | ||||
-rw-r--r-- | roles/install_babeld/templates/babeld.conf.j2 | 6 | ||||
-rw-r--r-- | roles/install_wireguard_backbone/tasks/uplink_tasks.yml | 8 |
3 files changed, 13 insertions, 5 deletions
diff --git a/roles/configure_iptables/templates/ip6tables.rules b/roles/configure_iptables/templates/ip6tables.rules index dd2d1f2..d8cf4ea 100644 --- a/roles/configure_iptables/templates/ip6tables.rules +++ b/roles/configure_iptables/templates/ip6tables.rules @@ -58,6 +58,10 @@ COMMIT -A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT -A INPUT -p udp --dport {{ hostvars[peer]['wireguard_bb_port'] }} -j ACCEPT {% endfor %} +{% for peer in wireguard_bb_peers|default([]) %} +-A INPUT -i bb{{ peer.name }} -p udp --dport 6696 -j ACCEPT +-A INPUT -p udp --dport {{ peer.port }} -j ACCEPT +{% endfor %} {% endif %} # MOSH -A INPUT -p udp -m udp --dport 60000:61000 -j ACCEPT diff --git a/roles/install_babeld/templates/babeld.conf.j2 b/roles/install_babeld/templates/babeld.conf.j2 index 47a4d3e..ff38930 100644 --- a/roles/install_babeld/templates/babeld.conf.j2 +++ b/roles/install_babeld/templates/babeld.conf.j2 @@ -14,6 +14,9 @@ interface bb{{ hostvars[peer]['wireguard_bb_name'] }} {% for peer in groups['fastd'] %} interface bb{{ hostvars[peer]['wireguard_bb_name'] }} {% endfor %} +{% for peer in wireguard_bb_peers|default([]) %} +interface bb{{ peer.name }} +{% endfor %} {% endif %} # Global options you might want to set. There are many more, see the man page. @@ -61,6 +64,7 @@ redistribute if {{ peer.name }} metric 128 # Only redistribute addresses from a given prefix, to avoid redistributing # all local addresses redistribute ip 10.222.0.0/16 allow -redistribute ip 2001:470:cd45:FF00::/56 allow +redistribute ip 2a01:198:70a:ff::0/64 allow +redistribute ip 2001:470:cd45:ff00::/56 allow redistribute ip 2a03:2260:1016::/48 allow redistribute local deny diff --git a/roles/install_wireguard_backbone/tasks/uplink_tasks.yml b/roles/install_wireguard_backbone/tasks/uplink_tasks.yml index 05d8783..7eed705 100644 --- a/roles/install_wireguard_backbone/tasks/uplink_tasks.yml +++ b/roles/install_wireguard_backbone/tasks/uplink_tasks.yml @@ -11,7 +11,7 @@ src: wg2.conf.j2 dest: /etc/wireguard/wgbb{{ item.name }}.conf mode: 0400 - with_items: "{{ wireguard_bb_peers }}" + with_items: "{{ wireguard_bb_peers|default([]) }}" - name: create wireguard up scripts for fastds template: @@ -25,7 +25,7 @@ src: up2.sh.j2 dest: /etc/wireguard/upbb{{ item.name }}.sh mode: 0744 - with_items: "{{ wireguard_bb_peers }}" + with_items: "{{ wireguard_bb_peers|default([]) }}" - name: create wireguard down scripts for fastds template: @@ -39,7 +39,7 @@ src: down2.sh.j2 dest: /etc/wireguard/downbb{{ item.name }}.sh mode: 0744 - with_items: "{{ wireguard_bb_peers }}" + with_items: "{{ wireguard_bb_peers|default([]) }}" - name: start and enable wireguard mesh for fastds systemd: @@ -55,4 +55,4 @@ enabled: yes state: started daemon_reload: yes - with_items: "{{ wireguard_bb_peers }}" + with_items: "{{ wireguard_bb_peers|default([]) }}" |