summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNiklas Yann Wettengel <niyawe@niyawe.de>2022-12-20 13:09:39 +0100
committerNiklas Yann Wettengel <niyawe@niyawe.de>2022-12-20 13:09:39 +0100
commit82e6f06b6bc5ab3baeb7b40fc4cd4afc44069e48 (patch)
tree3e4f140aa36502a337a963cf7c5fcfd48a33cb17
parentaa15d8285c715478885224a4fb52d97dd3161774 (diff)
ff-uniko1
-rw-r--r--host_vars/ff-loppermann12
-rw-r--r--host_vars/ff-uniko168
-rw-r--r--inventory.ini1
-rw-r--r--roles/install_bind/templates/named.conf.j221
-rwxr-xr-xroles/install_monitoring/files/ffmyk-influx/daemon.sh1
-rw-r--r--roles/install_monitoring/templates/ffmyk-influx/traffic.php.j21
-rw-r--r--roles/install_tayga/templates/tayga.conf.j21
-rw-r--r--roles/install_wireguard_vpn/templates/up.sh.j22
8 files changed, 81 insertions, 16 deletions
diff --git a/host_vars/ff-loppermann1 b/host_vars/ff-loppermann1
index 4cc245d..9730b30 100644
--- a/host_vars/ff-loppermann1
+++ b/host_vars/ff-loppermann1
@@ -28,7 +28,7 @@ wireguard_vpn_address: 'fe80::d3:16ff:fee5:6239'
wireguard_vpn_client_range: '2a03:2260:1016:3000::/52'
tayga_ipv4: 10.3.0.1
tayga_pool: 10.3.0.0/16
-ffrl_router_id: 10.222.0.16
+ffrl_ip4: '185.66.194.105'
ffrl_peers:
- name: 'bbaakber'
remote: '185.66.195.0'
diff --git a/host_vars/ff-uniko1 b/host_vars/ff-uniko1
new file mode 100644
index 0000000..b9fb419
--- /dev/null
+++ b/host_vars/ff-uniko1
@@ -0,0 +1,68 @@
+---
+ansible_host: 2001:4c80:50:14::c04
+sites: []
+wireguard_bb_name: 'uniko1'
+wireguard_bb_endpoint: '{{ ansible_host }}'
+wireguard_bb_priv_key: !vault |
+ $ANSIBLE_VAULT;1.1;AES256
+ 33323865636533656363643734313137313933353762316661623164616232333730303032613736
+ 6238353532643966316135323861393937623739656636650a343839373332343939316533363230
+ 30333038643766663131316136373264343536343734356139393737303030383436616366336430
+ 3762656635303866310a333930333034613963363562313930663932333237306462663364663762
+ 39306631356330353035386164616164656339316362366366366532373065643034613561323233
+ 6132653032393235336566363561323563666133306639376637
+wireguard_bb_pub_key: 'skqPL/XGmezXsF/3L/AO+kVF6XPw8ioGoN5T76Ukc30='
+wireguard_bb_ipv4: '10.222.0.13'
+wireguard_bb_ipv6: 'fe80::ffbb:ffbb:13'
+wireguard_bb_port: 10113
+wireguard_vpn_port: 10010
+wireguard_vpn_priv_key: !vault |
+ $ANSIBLE_VAULT;1.1;AES256
+ 32393830323730303332326634336466663262356131323333363936393431613137616462346662
+ 6330386466393666626131303362633065393630323461380a373336633762643238643662663664
+ 62383934616366373663653033353431633535393738393830363464303466313365373833306366
+ 6533353438663861340a636638636265653136326130346133343332376663336161626234343136
+ 39653135633037663766333863333063393635623937323139663063333863643637306630616565
+ 6433343965626635393231646639366663393363363734623333
+wireguard_vpn_address: 'fe80::58:c9ff:fe34:9785'
+wireguard_vpn_client_range: '2a03:2260:1016:4000::/52'
+tayga_ipv4: 10.4.0.1
+tayga_pool: 10.4.0.0/16
+ffrl_ip4: '185.66.194.104'
+ffrl_peers:
+ - name: 'bbaakber'
+ remote: '185.66.195.0'
+ ip4: '100.64.11.81'
+ peer_ip4: '100.64.11.80'
+ ip6: '2a03:2260:0:5c1::2'
+ peer_ip6: '2a03:2260:0:5c1::1'
+ - name: 'bbafra2fra'
+ remote: '185.66.194.0'
+ ip4: '100.64.11.83'
+ peer_ip4: '100.64.11.82'
+ ip6: '2a03:2260:0:5c2::2'
+ peer_ip6: '2a03:2260:0:5c2::1'
+ - name: 'bbaixdus'
+ remote: '185.66.193.0'
+ ip4: '100.64.11.85'
+ peer_ip4: '100.64.11.84'
+ ip6: '2a03:2260:0:5c3::2'
+ peer_ip6: '2a03:2260:0:5c3::1'
+ - name: 'bbbakber'
+ remote: '185.66.195.1'
+ ip4: '100.64.11.87'
+ peer_ip4: '100.64.11.86'
+ ip6: '2a03:2260:0:5c4::2'
+ peer_ip6: '2a03:2260:0:5c4::1'
+ - name: 'bbbfra2fra'
+ remote: '185.66.194.1'
+ ip4: '100.64.11.89'
+ peer_ip4: '100.64.11.88'
+ ip6: '2a03:2260:0:5c5::2'
+ peer_ip6: '2a03:2260:0:5c5::1'
+ - name: 'bbbixdus'
+ remote: '185.66.193.1'
+ ip4: '100.64.11.91'
+ peer_ip4: '100.64.11.90'
+ ip6: '2a03:2260:0:5c6::2'
+ peer_ip6: '2a03:2260:0:5c6::1'
diff --git a/inventory.ini b/inventory.ini
index 8ed0e39..f2adfe9 100644
--- a/inventory.ini
+++ b/inventory.ini
@@ -2,3 +2,4 @@
ff-niyawe1
ff-niyawe2
ff-loppermann1
+ff-uniko1
diff --git a/roles/install_bind/templates/named.conf.j2 b/roles/install_bind/templates/named.conf.j2
index 056a6ea..feba4de 100644
--- a/roles/install_bind/templates/named.conf.j2
+++ b/roles/install_bind/templates/named.conf.j2
@@ -4,7 +4,6 @@ options {
directory "/var/named";
pid-file "/run/named/named.pid";
- dnssec-enable yes;
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
@@ -29,9 +28,9 @@ options {
hostname none;
server-id none;
- dns64 64:ff9b::/96 {
- clients { any; };
- };
+ //dns64 64:ff9b::/96 {
+ // clients { any; };
+ //};
max-cache-size 1024M;
};
@@ -69,47 +68,47 @@ zone "ffaw" IN {
type slave;
file "bak/ffaw.zone";
allow-query { any; };
- masters { 2a01:4f8:a0:826b:1::17; };
+ masters { 2a01:4f8:a0:6396:1::17; };
};
zone "ffcoc" IN {
type slave;
file "bak/ffcoc.zone";
allow-query { any; };
- masters { 2a01:4f8:a0:826b:1::17; };
+ masters { 2a01:4f8:a0:6396:1::17; };
};
zone "ffems" IN {
type slave;
file "bak/ffems.zone";
allow-query { any; };
- masters { 2a01:4f8:a0:826b:1::17; };
+ masters { 2a01:4f8:a0:6396:1::17; };
};
zone "ffko" IN {
type slave;
file "bak/ffko.zone";
allow-query { any; };
- masters { 2a01:4f8:a0:826b:1::17; };
+ masters { 2a01:4f8:a0:6396:1::17; };
};
zone "ffmy" IN {
type slave;
file "bak/ffmy.zone";
allow-query { any; };
- masters { 2a01:4f8:a0:826b:1::17; };
+ masters { 2a01:4f8:a0:6396:1::17; };
};
zone "ffmyk" IN {
type slave;
file "bak/ffmyk.zone";
allow-query { any; };
- masters { 2a01:4f8:a0:826b:1::17; };
+ masters { 2a01:4f8:a0:6396:1::17; };
};
zone "ffsim" IN {
type slave;
file "bak/ffsim.zone";
allow-query { any; };
- masters { 2a01:4f8:a0:826b:1::17; };
+ masters { 2a01:4f8:a0:6396:1::17; };
};
diff --git a/roles/install_monitoring/files/ffmyk-influx/daemon.sh b/roles/install_monitoring/files/ffmyk-influx/daemon.sh
index 1cc5a8d..19f5d33 100755
--- a/roles/install_monitoring/files/ffmyk-influx/daemon.sh
+++ b/roles/install_monitoring/files/ffmyk-influx/daemon.sh
@@ -3,6 +3,5 @@ cd /opt/ffmyk-influx
while : ;do
php -c ./php.ini -f dhcp.php
php -c ./php.ini -f traffic.php
- php -c ./php.ini -f fastd.php
sleep 15
done
diff --git a/roles/install_monitoring/templates/ffmyk-influx/traffic.php.j2 b/roles/install_monitoring/templates/ffmyk-influx/traffic.php.j2
index 9a848da..78220da 100644
--- a/roles/install_monitoring/templates/ffmyk-influx/traffic.php.j2
+++ b/roles/install_monitoring/templates/ffmyk-influx/traffic.php.j2
@@ -21,7 +21,6 @@ function traffic($iface, $alias=false) {
{% endif %}
{% for site in sites %}
(traffic('bat{{ site.name }}'));
-(traffic('vpn{{ site.name }}'));
(traffic('wg{{ site.name }}'));
{% endfor %}
diff --git a/roles/install_tayga/templates/tayga.conf.j2 b/roles/install_tayga/templates/tayga.conf.j2
index 8606dcb..d2fe7d7 100644
--- a/roles/install_tayga/templates/tayga.conf.j2
+++ b/roles/install_tayga/templates/tayga.conf.j2
@@ -3,4 +3,3 @@ ipv4-addr {{ tayga_ipv4 }}
ipv6-addr 2a03:2260:1016::64
prefix 64:ff9b::/96
dynamic-pool {{ tayga_pool }}
-data-dir /var/db/tayga
diff --git a/roles/install_wireguard_vpn/templates/up.sh.j2 b/roles/install_wireguard_vpn/templates/up.sh.j2
index c57d16f..7aaa380 100644
--- a/roles/install_wireguard_vpn/templates/up.sh.j2
+++ b/roles/install_wireguard_vpn/templates/up.sh.j2
@@ -5,5 +5,5 @@ ip -6 rule add from {{ wireguard_vpn_client_range }} table ffmyk priority 10
ip -6 rule add from all iif wgmyk type unreachable priority 200
-ip -6 route add {{ wireguard_vpn_client_range }} table ffmyk dev wgmyk
+ip -6 route add {{ wireguard_vpn_client_range }} table ffmyk dev wgmyk proto static
systemctl restart named.service