summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNiklas Yann Wettengel <niyawe@niyawe.de>2021-07-28 01:12:10 +0200
committerNiklas Yann Wettengel <niyawe@niyawe.de>2021-07-28 01:12:10 +0200
commit9ec1670a262597356c24bff27d473eccceb45b61 (patch)
tree8d94c1ab62fef270ea45a103be179609272b3f82
parentf394fd81667a44e267e83d3c453101598a21c58c (diff)
wg
-rw-r--r--host_vars/fastd-aw236
-rw-r--r--host_vars/fastd-ko236
-rw-r--r--host_vars/fastd-my236
-rw-r--r--host_vars/ff-kraftimion110
-rw-r--r--host_vars/ff-loppermann160
-rw-r--r--host_vars/ff-niyawe136
-rw-r--r--host_vars/ff-niyawe260
-rw-r--r--host_vars/ff-niyawe360
-rw-r--r--host_vars/ff-niyawe468
-rw-r--r--inventory.ini3
-rw-r--r--roles/configure_iptables/templates/ip6tables.rules31
-rw-r--r--roles/configure_iptables/templates/iptables.rules25
-rw-r--r--roles/configure_static_routes/tasks/main.yml3
-rw-r--r--roles/configure_static_routes/tasks/wg_tasks.yml14
-rw-r--r--roles/configure_static_routes/templates/ffmyk-iproute-down.j210
-rw-r--r--roles/configure_static_routes/templates/ffmyk-iproute-up.j210
-rw-r--r--roles/install_babeld/templates/babeld.conf.j27
-rw-r--r--roles/install_monitoring/tasks/install_munin.yml4
-rw-r--r--roles/install_wgkex/files/wgkex.service12
-rw-r--r--roles/install_wgkex/handlers/main.yml5
-rw-r--r--roles/install_wgkex/tasks/main.yml42
-rw-r--r--roles/install_wgkex/templates/wgkex.yaml.j212
-rw-r--r--roles/install_wireguard_backbone/tasks/main.yml5
-rw-r--r--roles/install_wireguard_backbone/tasks/uplink_tasks.yml16
-rw-r--r--roles/install_wireguard_backbone/tasks/wg_tasks.yml33
-rw-r--r--roles/install_wireguard_mesh/templates/down.sh.j210
-rw-r--r--roles/install_wireguard_mesh/templates/up.sh.j219
-rw-r--r--roles/install_wireguard_mesh/templates/wg.conf.j22
-rw-r--r--roles/setup_batman/templates/netctl_bat.j25
-rw-r--r--setup_fastd.yml29
30 files changed, 380 insertions, 319 deletions
diff --git a/host_vars/fastd-aw2 b/host_vars/fastd-aw2
index 9d8211a..351a5c9 100644
--- a/host_vars/fastd-aw2
+++ b/host_vars/fastd-aw2
@@ -19,7 +19,6 @@ sites:
63613666333161366366
fastd_mesh_mac: '02:ff:41:57:00:20'
fastd_port1: 10014
- fastd_port2: 10015
bat_ipv6: '2a03:2260:1016:0202::1'
bat_ipv4: '10.222.88.1'
bat_ipv4_cidr: 21
@@ -27,22 +26,23 @@ sites:
dhcp_netmask: '255.255.248.0'
dhcp_start: '10.222.88.50'
dhcp_end: '10.222.95.250'
+ vxlan_id: 11443185
wireguard_mesh_number: 2
wireguard_mesh_priv_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
- 38353835623539326161353437613231636465353366663537313433363263636339346230663736
- 3735616161383765343434356665633461623664383566370a313365666265313164643361653831
- 64383938633332343366316338313838633638333264663334353363316335303831303738656366
- 6438633936636563620a656231313465643330626333393163653435303135376233623434326566
- 64343864353865373062313263623133353366633639343933623466633365386366343839343936
- 3433656635626533373562633462633439366562316136363936
- wireguard_mesh_pub_key: 'jdboIn8RrZWcSNEoZKKaulhy/7qTcy5z5WM6xOOc0jg='
- wireguard_mesh_port: 10052
- wireguard_mesh_address: 'fdff:4157:bb::2'
- wireguard_mesh_endpoint: '2a01:4f8:1c0c:51f8::1'
- wireguard_mesh_mac_prefix: '02:ff:41:57:00:2'
+ 63616334663237313761666462326564376439633631633839373434393636366363666139653239
+ 3361623733653863613637616439616266393039316332380a373031626239383537316536353862
+ 66616563356131333439303665303039393965383939383038646236643063613231616330363938
+ 6536333561353564620a353634613666383430656639313231363431313662386138396236313364
+ 61653766653462343937396636643132323137636331346132313763313135633263613230366336
+ 6461376335353964343564383335346366633438383566653066
+ wireguard_mesh_pub_key: 'm3JXl4RCr9xNeWo9L2GXiGVCpPvRX3maaLUw6qPse1I='
+ wireguard_mesh_port: 10015
+ wireguard_mesh_address: 'fe80::00ff:41ff:fe57:2'
+ wireguard_mesh_endpoint: '{{ ansible_host }}'
+ wireguard_mesh_mac: '02:ff:41:57:00:02'
wireguard_bb_name: 'fastd-aw2'
-wireguard_bb_endpoint: '2a01:4f8:1c0c:51f8::1'
+wireguard_bb_endpoint: '{{ ansible_host }}'
wireguard_bb_priv_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
36623563623837633836333132656663613264633233666563343464333234643761643534373939
@@ -56,3 +56,13 @@ wireguard_bb_ipv4: '10.222.0.22'
wireguard_bb_ipv6: 'fe80::ffbb:ffbb:22'
wireguard_bb_port: 10122
preferred_uplink: 'uplink2'
+wgkex_host: 'vpn.freifunk-myk.de'
+wgkex_port: 18883
+wgkex_username: fastd-aw2
+wgkex_password: !vault |
+ $ANSIBLE_VAULT;1.1;AES256
+ 64666261663332636331613262383063353234646633393261653239333137373339656235306531
+ 3865643538633738666330326664663866633138353938370a616134363036353233353365363935
+ 39656435303966353230396230613164653838633335623365396537303164633965356539633765
+ 3633346564303162630a373962336437356638346265346137643736316135343636633431323665
+ 38396434663337366233343831393163653061623532346431323265643537626532
diff --git a/host_vars/fastd-ko2 b/host_vars/fastd-ko2
index c72d7a8..735f184 100644
--- a/host_vars/fastd-ko2
+++ b/host_vars/fastd-ko2
@@ -19,7 +19,6 @@ sites:
39633866633130373430
fastd_mesh_mac: '02:ff:4b:4f:00:20'
fastd_port1: 10010
- fastd_port2: 10011
bat_ipv6: '2a03:2260:1016:0002::1'
bat_ipv4: '10.222.24.1'
bat_ipv4_cidr: 21
@@ -27,22 +26,23 @@ sites:
dhcp_netmask: '255.255.248.0'
dhcp_start: '10.222.24.50'
dhcp_end: '10.222.31.250'
+ vxlan_id: 10891866
wireguard_mesh_number: 2
wireguard_mesh_priv_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
- 32633166363930323130333238333439363735316434353562613737643130653164616161346564
- 3232313464343664613563663932393036653839343735390a363162383131303864613564376335
- 34633361353363646234633437383663613366343165336566656561373430666366366230663961
- 3439646436626135620a653431313938653634643337326430316131393261383938663333393535
- 61393535366561306662313933616163626230343361363962643862346332646438303830393362
- 3763343234653738333933313339356539613561326363313932
- wireguard_mesh_pub_key: 'faw8PD5cehdnu2zGUlwCLyC14l5vdjim8jl7VELktR8='
- wireguard_mesh_port: 10050
- wireguard_mesh_address: 'fdff:4b4f:bb::2'
- wireguard_mesh_endpoint: '2a01:4f8:1c0c:5a31::1'
- wireguard_mesh_mac_prefix: '02:ff:4b:4f:00:2'
+ 63313939383639656138636261363033336636303837303565623733663038646637363261386666
+ 3562656362636434653131623133396134646666633338320a303435636432363333376130626265
+ 66306336363565303433353731646336353764353333383339303865346334636334343231343266
+ 3732316335656636630a623364343866633765653232336363653335613065663639626439656533
+ 65313464663534626566613238666237623562383763316331306463643339636138623166623964
+ 3438626431373233666532623433313337356530346563323838
+ wireguard_mesh_pub_key: 'Nv+aZ3cD6a9qvsrXipMbVG7kGiXV3e7tb92MTbyXDl4='
+ wireguard_mesh_port: 10011
+ wireguard_mesh_address: 'fe80::00ff:4bff:fe4f:2'
+ wireguard_mesh_endpoint: '{{ ansible_host }}'
+ wireguard_mesh_mac: '02:ff:4b:4f:00:02'
wireguard_bb_name: 'fastd-ko2'
-wireguard_bb_endpoint: '2a01:4f8:1c0c:5a31::1'
+wireguard_bb_endpoint: '{{ ansible_host }}'
wireguard_bb_priv_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
31626338356431653462646438666437656665303438626335323664353134643332393566393064
@@ -56,3 +56,13 @@ wireguard_bb_ipv4: '10.222.0.24'
wireguard_bb_ipv6: 'fe80::ffbb:ffbb:24'
wireguard_bb_port: 10124
preferred_uplink: 'uplink2'
+wgkex_host: 'vpn.freifunk-myk.de'
+wgkex_port: 18883
+wgkex_username: fastd-ko2
+wgkex_password: !vault |
+ $ANSIBLE_VAULT;1.1;AES256
+ 34643130343634366435323131373837303930313232636536386464363831326530623561393031
+ 3431653039363730643661333131343066363261623461370a376136616131666138626133666439
+ 34633765336366386532373436353763663337306633363532363332356163363938376335346135
+ 6266366561383638360a636261383661363039323162336639303338373133613437326165666335
+ 35633734383037343934383032313336376437656138333832393234616439316338
diff --git a/host_vars/fastd-my2 b/host_vars/fastd-my2
index 1111381..dd7b457 100644
--- a/host_vars/fastd-my2
+++ b/host_vars/fastd-my2
@@ -19,7 +19,6 @@ sites:
36396363306537636164
fastd_mesh_mac: '02:ff:4d:59:00:20'
fastd_port1: 10016
- fastd_port2: 10017
bat_ipv6: '2a03:2260:1016:0302::1'
bat_ipv4: '10.222.72.1'
bat_ipv4_cidr: 21
@@ -27,22 +26,23 @@ sites:
dhcp_netmask: '255.255.248.0'
dhcp_start: '10.222.72.50'
dhcp_end: '10.222.79.250'
+ vxlan_id: 6118532
wireguard_mesh_number: 2
wireguard_mesh_priv_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
- 35303465666162646130373132376638383738653865313335353931366634343535653464383639
- 3861656231343863336130386665303630336236343663380a626636653830326363363435303639
- 39643666363832343735383832306538383465643836393838333333343665353039623966623137
- 6531316631373164620a363339353538646436666430613039356531326465613161386165336532
- 64373438623331656132346566363262313865356132313236393633633432383635356531363162
- 3232386130343565633238326232623437373265363639613632
- wireguard_mesh_pub_key: 'acExsplIs2rSEk0NpYTREWxH2FsTR79Lpb3J3BzGWDM='
- wireguard_mesh_port: 10053
- wireguard_mesh_address: 'fdff:4d59:bb::2'
- wireguard_mesh_endpoint: '2a01:4f8:1c17:4584::1'
- wireguard_mesh_mac_prefix: '02:ff:4d:59:00:2'
+ 30353832633365613063633862383665666263393331323435393138643030393231643438353366
+ 3039393736333564666530346630346130653138316436370a613763333334663731326363653863
+ 39653139326462636531376136306666313537336265636334393831633035613337383464383838
+ 3564356534323262370a393434353238383535363135393734636261633533323462623932366436
+ 64613834363539303233356262373630373264623337356131623939646365653061663831343262
+ 6464393331633661356232323338653137333635396137373636
+ wireguard_mesh_pub_key: 'pwwP7VxQsVyi/GUSLvyenhHgf71SNKaGwItThTWGHDg='
+ wireguard_mesh_port: 10017
+ wireguard_mesh_address: 'fe80::00ff:4dff:fe59:2'
+ wireguard_mesh_endpoint: '{{ ansible_host }}'
+ wireguard_mesh_mac: '02:ff:4d:59:00:02'
wireguard_bb_name: 'fastd-my2'
-wireguard_bb_endpoint: '2a01:4f8:1c17:4584::1'
+wireguard_bb_endpoint: '{{ ansible_host }}'
wireguard_bb_priv_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
31323234396564386130646230326533323530633565643963346464366536363735346336363239
@@ -56,3 +56,13 @@ wireguard_bb_ipv4: '10.222.0.32'
wireguard_bb_ipv6: 'fe80::ffbb:ffbb:32'
wireguard_bb_port: 10132
preferred_uplink: 'uplink1'
+wgkex_host: 'vpn.freifunk-myk.de'
+wgkex_port: 18883
+wgkex_username: fastd-my2
+wgkex_password: !vault |
+ $ANSIBLE_VAULT;1.1;AES256
+ 39393164393433366239363561663166663734643333656562633536623538313334366331393132
+ 3964333964613465343433306431656662663863393935380a313835396238333239373938633739
+ 35616265643332333434323962323935346137313138623964643464383838653532613732313037
+ 3962376161346262350a316332333734373338666333666564373537383633313364346263306361
+ 32303065396339623566373134306665316430663332656364643633656132633031
diff --git a/host_vars/ff-kraftimion1 b/host_vars/ff-kraftimion1
index 6ee8511..d839b30 100644
--- a/host_vars/ff-kraftimion1
+++ b/host_vars/ff-kraftimion1
@@ -17,7 +17,6 @@ sites:
36323138306465396135
fastd_mesh_mac: '02:ff:57:57:00:20'
fastd_port1: 10022
- fastd_port2: 10023
bat_ipv6: '2a03:2260:1016:0702::1'
bat_ipv4: '10.30.24.1'
bat_ipv4_cidr: 21
@@ -25,6 +24,7 @@ sites:
dhcp_netmask: '255.255.248.0'
dhcp_start: '10.30.24.50'
dhcp_end: '10.30.31.250'
+ vxlan_id: 1234
wireguard_mesh_number: 2
wireguard_mesh_priv_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
@@ -35,12 +35,12 @@ sites:
36383535333332653337393330663032396631306236633866376263303033373030313831306363
6332633533326431316338616233333263306662363837386263
wireguard_mesh_pub_key: '49N466A3ADnn56V84asWGAyrTGRHGv5YrkoXfZz58h8='
- wireguard_mesh_port: 10057
+ wireguard_mesh_port: 10023
wireguard_mesh_address: 'fdff:5757:bb::2'
- wireguard_mesh_endpoint: '2a01:4f8:161:122c:3:1:0:1'
- wireguard_mesh_mac_prefix: '02:ff:57:57:00:1'
+ wireguard_mesh_endpoint: '{{ ansible_host }}'
+ wireguard_mesh_mac: '02:ff:57:57:00:02'
wireguard_bb_name: 'kraftimion1'
-wireguard_bb_endpoint: '2a01:4f8:161:122c:3:1:0:1'
+wireguard_bb_endpoint: '{{ ansible_host }}'
wireguard_bb_priv_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
38376538313338636336346565626462623438333361303138633537666132633561383234306630
diff --git a/host_vars/ff-loppermann1 b/host_vars/ff-loppermann1
index ccf98ac..ebb00a8 100644
--- a/host_vars/ff-loppermann1
+++ b/host_vars/ff-loppermann1
@@ -17,7 +17,6 @@ sites:
35396461636664396633
fastd_mesh_mac: '02:ff:41:57:00:10'
fastd_port1: 10014
- fastd_port2: 10015
bat_ipv6: '2a03:2260:1016:0201::1'
bat_ipv4: '10.222.80.1'
bat_ipv4_cidr: 21
@@ -25,20 +24,21 @@ sites:
dhcp_netmask: '255.255.248.0'
dhcp_start: '10.222.80.50'
dhcp_end: '10.222.87.250'
+ vxlan_id: 11443185
wireguard_mesh_number: 1
wireguard_mesh_priv_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
- 63383761663434323865396664393839333861303233393666396462363662633238613963656164
- 3066633135353637356331393639353366393061373564320a343462396239636565366364643236
- 37643666333939626136316563363332323638323462373133656531643439363336326561623064
- 3735343534363736380a333238306136323465366662333861316237646334643332633566366634
- 62616135303462313262626335626331396366653238343637383931323563336162393334396437
- 3639383962636464636233353933613730366262666533626431
- wireguard_mesh_pub_key: '65M3xfawqfiCB6OZ2boH4rxZyC2jZnG5yqerurbVV10='
- wireguard_mesh_port: 10052
- wireguard_mesh_address: 'fdff:4157:bb::1'
- wireguard_mesh_endpoint: '2a01:4f8:140:1242:ff::2'
- wireguard_mesh_mac_prefix: '02:ff:41:57:00:1'
+ 35303461376637356232386239353362353333383966613030646361313338663839646666306237
+ 3433636237396630623830303938663735376337666337640a346635616337306235376434643265
+ 66396465393962326635313966653533313638646361383638373836313063346361343364306636
+ 3033393631306137630a333763386666623835623635633839616165616362633836626135323530
+ 35393363646161333062396139626563383334383262333066636663663634353635626334383935
+ 3437616563363566613736623361633934643962643662366338
+ wireguard_mesh_pub_key: 'tf/eNi+WOlsoXTmtAvQEwRv64YME0SIE+rlQysLd/Dc='
+ wireguard_mesh_port: 10015
+ wireguard_mesh_address: 'fe80::00ff:41ff:fe57:1'
+ wireguard_mesh_endpoint: '{{ ansible_host }}'
+ wireguard_mesh_mac: '02:ff:41:57:00:01'
- name: 'sim'
net4: '10.222.184.0/21'
net6: '2a03:2260:1016:0402::/64'
@@ -55,7 +55,6 @@ sites:
34303934616666633764
fastd_mesh_mac: '02:ff:53:49:4d:20'
fastd_port1: 10018
- fastd_port2: 10019
bat_ipv6: '2a03:2260:1016:0402::1'
bat_ipv4: '10.222.184.1'
bat_ipv4_cidr: 21
@@ -63,22 +62,23 @@ sites:
dhcp_netmask: '255.255.248.0'
dhcp_start: '10.222.184.50'
dhcp_end: '10.222.191.250'
+ vxlan_id: 10908477
wireguard_mesh_number: 2
wireguard_mesh_priv_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
- 61356134643033316531313738343064633137373632356130336564636463396232326538363932
- 3262343039376663306662306235666163633337396564630a613263353762326532393434373664
- 32366461356635353563313335353761376137363638616137356261333236306461383638336262
- 6333626663646665660a313230326661663466323764323163623236663363356366363330303865
- 39383134396137343638376438376531343662353761336361303166313537346231333563393838
- 3563613064366234373639626134333862323832636461653931
- wireguard_mesh_pub_key: 'wi+IyKglGh9fZ+C4sGHa5RYCN334dryHROuDx5p2AxE='
- wireguard_mesh_port: 10054
- wireguard_mesh_address: 'fdff:5349:4dbb::2'
- wireguard_mesh_endpoint: '2a01:4f8:140:1242:ff::2'
- wireguard_mesh_mac_prefix: '02:ff:53:49:4d:2'
+ 31343338643330396338336365636336363537633939396265336639666464643563353362613863
+ 3234616436313331303433613837663033653437323839340a663838646136323265653861636539
+ 63373462646430376265356533363932393861626133356536306237373730303132313366306538
+ 3034653565386462640a666361653236373562653464643562636232303965663437376535646363
+ 63333662333630383162326166323239333966323537303238353164373939343735366230313031
+ 3731663830326363323062363637663730313736383139353732
+ wireguard_mesh_pub_key: 'hDx+zhY9WgabV3Sgp7fsfRRqNIzOP5z0Tl2t7wZjzBw='
+ wireguard_mesh_port: 10019
+ wireguard_mesh_address: 'fe80::00ff:53ff:fe49:4d02'
+ wireguard_mesh_endpoint: '{{ ansible_host }}'
+ wireguard_mesh_mac: '02:ff:53:49:4d:02'
wireguard_bb_name: 'loppermann1'
-wireguard_bb_endpoint: '2a01:4f8:140:1242:ff::2'
+wireguard_bb_endpoint: '{{ ansible_host }}'
wireguard_bb_priv_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
34613832343432386134316533323739613464396461396463303535393937353233363534346362
@@ -92,3 +92,13 @@ wireguard_bb_ipv4: '10.222.0.16'
wireguard_bb_ipv6: 'fe80::ffbb:ffbb:16'
wireguard_bb_port: 10116
preferred_uplink: 'uplink1'
+wgkex_host: 'vpn.freifunk-myk.de'
+wgkex_port: 18883
+wgkex_username: ff-loppermann1
+wgkex_password: !vault |
+ $ANSIBLE_VAULT;1.1;AES256
+ 34346166646261616633633164303864613233366165653866636437386164316335376639623066
+ 3935323336386461373463353964633562636631643134340a643463373766383864376636663438
+ 62336333386162663236613165393162316262333362633438623239633933643830663964373161
+ 3365666263623435350a363661656362643738653662316539316535373064393933633637386638
+ 63336462333631343838343634343162336436313262336432313233393235393765
diff --git a/host_vars/ff-niyawe1 b/host_vars/ff-niyawe1
index c3b8a58..30ea966 100644
--- a/host_vars/ff-niyawe1
+++ b/host_vars/ff-niyawe1
@@ -18,7 +18,6 @@ sites:
36656539623732333130
fastd_mesh_mac: '02:ff:4b:4f:00:10'
fastd_port1: 10010
- fastd_port2: 10011
bat_ipv6: '2a03:2260:1016:0001::1'
bat_ipv4: '10.222.16.1'
bat_ipv4_cidr: 21
@@ -26,22 +25,23 @@ sites:
dhcp_netmask: '255.255.248.0'
dhcp_start: '10.222.16.50'
dhcp_end: '10.222.23.250'
+ vxlan_id: 10891866
wireguard_mesh_number: 1
wireguard_mesh_priv_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
- 66336261633234613038313339626461653936393933666139386463366632666661353432623638
- 3665643537616631393130343730616366356232363735340a653365326533656261383636386432
- 39393664653937373562363466343261376265336564323938313734613538376465326466313861
- 3365346464666634380a666630366630353862663737363033353432393837303133643161326634
- 35326433356537333335313766663232313735336133633339356337613737393936343338323830
- 3732386237396637383433323465613461373362663965353533
- wireguard_mesh_pub_key: 'mbYqSr9Rurg2jbyVP3HMAaKXpV/nDugxNyl43V1eRS0='
- wireguard_mesh_port: 10050
- wireguard_mesh_address: 'fdff:4b4f:bb::1'
- wireguard_mesh_endpoint: '2a01:4f8:151:13cd:2::3'
- wireguard_mesh_mac_prefix: '02:ff:4b:4f:00:1'
+ 34656161316639303136656263333135366332393530646366373463356164326466316239303936
+ 3932353863383437636630613562303662326232663131640a393833386164666634633964626138
+ 33336365373833316266353865633930346664613363633235346432326430326233396336316265
+ 3230373439313932360a653139636530383331666265393135653239363936663430623436663566
+ 66333332363636343865663234396134346531633066626138663533333735323837373532636531
+ 3966323936353934633637633965656663333366363634636165
+ wireguard_mesh_pub_key: 'jEPb55U0LjcVb+3ekAIW2Tmn07AmrBwU9DwJHwWO7i4='
+ wireguard_mesh_port: 10011
+ wireguard_mesh_address: 'fe80::00ff:4bff:fe4f:1'
+ wireguard_mesh_endpoint: '{{ ansible_host }}'
+ wireguard_mesh_mac: '02:ff:4b:4f:00:01'
wireguard_bb_name: 'niyawe1'
-wireguard_bb_endpoint: '2a01:4f8:151:13cd:2::3'
+wireguard_bb_endpoint: '{{ ansible_host }}'
wireguard_bb_priv_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
62623537663537643532356163613166336165323463663033303431613136353936383439383036
@@ -55,3 +55,13 @@ wireguard_bb_ipv4: '10.222.0.11'
wireguard_bb_ipv6: 'fe80::ffbb:ffbb:11'
wireguard_bb_port: 10111
preferred_uplink: 'uplink1'
+wgkex_host: 'vpn.freifunk-myk.de'
+wgkex_port: 18883
+wgkex_username: niyawe1
+wgkex_password: !vault |
+ $ANSIBLE_VAULT;1.1;AES256
+ 36663866376238393738383262353531363531653134383962346166643661626361626431373334
+ 3062653736326232646239653733303165666433653864370a363031396136313335366239633665
+ 64656434323338346666393334656535616237313639316536303431343036653335626231633933
+ 3730643362666330630a616333613961636534306235313365353064383337343366353735663639
+ 34336138333864373262396434356265373162356161666235666436366562666264
diff --git a/host_vars/ff-niyawe2 b/host_vars/ff-niyawe2
index 25553a7..c57d17d 100644
--- a/host_vars/ff-niyawe2
+++ b/host_vars/ff-niyawe2
@@ -18,7 +18,6 @@ sites:
63646437393532356338
fastd_mesh_mac: '02:ff:45:4d:53:10'
fastd_port1: 10020
- fastd_port2: 10021
bat_ipv6: '2a03:2260:1016:0501::1'
bat_ipv4: '10.222.192.1'
bat_ipv4_cidr: 21
@@ -26,20 +25,21 @@ sites:
dhcp_netmask: '255.255.248.0'
dhcp_start: '10.222.192.50'
dhcp_end: '10.222.199.250'
+ vxlan_id: 337565
wireguard_mesh_number: 1
wireguard_mesh_priv_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
- 63623465313439373532643831653635646236616234373836353866656566363561323863373839
- 3338303064653766633231633361656535666134343261650a626362346535313561376238623837
- 39393238386266626663323830333664396331343431626436363533356633396565656437353262
- 6461633864323038380a306336663536633231346533313936303765663736313933323964336232
- 32653462343239373734623330303766333261383837353963623766363138626634656165343033
- 3532373331656561613832613134613965336532663839363266
- wireguard_mesh_pub_key: 'SOXPYthzuHKPDTWJRJ391jmL4aOXKVif+La4zXYSbR0='
- wireguard_mesh_port: 10055
- wireguard_mesh_address: 'fdff:454d:53bb::1'
- wireguard_mesh_endpoint: '2a01:4f8:a0:826b:2::4'
- wireguard_mesh_mac_prefix: '02:ff:45:4d:53:1'
+ 32383031666464633861313732653264663463383036366539366431383066323438663738613265
+ 6339636531646365336462353065633937373836323431610a343432616361646334636338306331
+ 38663662373334653931656633373064613866336231613463303261646261323831623339616537
+ 3933663036616664390a373965633838353535386239343864633435646566393334373637636561
+ 38663566373433356165616535343366623562623464653034653963653235643935346632643533
+ 6665633237376664613030373236396663383461366433303631
+ wireguard_mesh_pub_key: '97Ih/Gvgwj6W3Dcf0iMFm+DtLlkNEiSwIEwnUwlmMUI='
+ wireguard_mesh_port: 10021
+ wireguard_mesh_address: 'fe80::00ff:45ff:fe4d:5301'
+ wireguard_mesh_endpoint: '{{ ansible_host }}'
+ wireguard_mesh_mac: '02:ff:45:4d:53:01'
- name: 'my'
net4: '10.222.64.0/21'
net6: '2a03:2260:1016:0301::/64'
@@ -56,7 +56,6 @@ sites:
36303333346530376134
fastd_mesh_mac: '02:ff:4d:59:00:10'
fastd_port1: 10016
- fastd_port2: 10017
bat_ipv6: '2a03:2260:1016:0301::1'
bat_ipv4: '10.222.64.1'
bat_ipv4_cidr: 21
@@ -64,22 +63,23 @@ sites:
dhcp_netmask: '255.255.248.0'
dhcp_start: '10.222.64.50'
dhcp_end: '10.222.71.250'
+ vxlan_id: 6118532
wireguard_mesh_number: 1
wireguard_mesh_priv_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
- 30373738613931353235333135323137626661663530656237343031653938653763373937333339
- 6131386232633866633038643230393433653764633830380a333532323531653863333163373463
- 62356638366134336134633333393630313763353262393564613038646266393733343831333439
- 6635373035343836340a663530383865653037396530613434376637633136353163366239633266
- 37646337366630653632623432323162383965666330316337383962363761323162303534303032
- 3561326432633130653332306236643637343736646163333732
- wireguard_mesh_pub_key: 'savF0Td3FRi8HcffTG+Hv/k/djVcbzGkQhTNYTAMtRg='
- wireguard_mesh_port: 10053
- wireguard_mesh_address: 'fdff:4d59:bb::1'
- wireguard_mesh_endpoint: '2a01:4f8:a0:826b:2::4'
- wireguard_mesh_mac_prefix: '02:ff:4d:59:00:1'
+ 63656233363539313336616565373830326235316135656535326364386339323762663433336266
+ 6133336162323639663332343466666263653462376533620a623731663765646462663438653762
+ 39376330613036353638356462376165393630393034343265383334616331643632323235376661
+ 3632613063343461340a613637366461663134323738313566386432313233613862376335393732
+ 61616262613936396661623735343131613835643431663935386134643062626430306430346130
+ 6339373236313865653265636463373236316333646565313939
+ wireguard_mesh_pub_key: '+7I9fQugmzYpTssYZwQaLGwC2PfIElHyPY2iPZ7+NEs='
+ wireguard_mesh_port: 10017
+ wireguard_mesh_address: 'fe80::00ff:4dff:fe59:1'
+ wireguard_mesh_endpoint: '{{ ansible_host }}'
+ wireguard_mesh_mac: '02:ff:4d:59:00:01'
wireguard_bb_name: 'niyawe2'
-wireguard_bb_endpoint: '2a01:4f8:a0:826b:2::4'
+wireguard_bb_endpoint: '{{ ansible_host }}'
wireguard_bb_priv_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
35363033353438343934353931643434386239316435326139643133366438646261643261653430
@@ -93,3 +93,13 @@ wireguard_bb_ipv4: '10.222.0.12'
wireguard_bb_ipv6: 'fe80::ffbb:ffbb:12'
wireguard_bb_port: 10112
preferred_uplink: 'uplink2'
+wgkex_host: 'vpn.freifunk-myk.de'
+wgkex_port: 18883
+wgkex_username: ff-niyawe2
+wgkex_password: !vault |
+ $ANSIBLE_VAULT;1.1;AES256
+ 65656636353639633062316439333865636537373337646162613265333537653037643264363366
+ 3565336561613065303661666335383465346364356365320a353037353034666338646138646631
+ 61356138343238323464393238646261363965363034373138333832323762633433376139376265
+ 3930346161666561380a333433333064386364363735666535386165353466303964393362656431
+ 31373135666239633437363030666533646262353565636638616632303735313666
diff --git a/host_vars/ff-niyawe3 b/host_vars/ff-niyawe3
index 8301103..6fa9d4a 100644
--- a/host_vars/ff-niyawe3
+++ b/host_vars/ff-niyawe3
@@ -17,7 +17,6 @@ sites:
61303232626638303231
fastd_mesh_mac: '02:ff:43:4f:43:10'
fastd_port1: 10012
- fastd_port2: 10013
bat_ipv6: '2a03:2260:1016:0101::1'
bat_ipv4: '10.222.48.1'
bat_ipv4_cidr: 21
@@ -25,20 +24,21 @@ sites:
dhcp_netmask: '255.255.248.0'
dhcp_start: '10.222.48.50'
dhcp_end: '10.222.55.250'
+ vxlan_id: 10540244
wireguard_mesh_number: 1
wireguard_mesh_priv_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
- 65393166666534346265306137336538623436363861653665616334313539643935633538366532
- 3237313434633365353936643261343930346266663032350a356464363739333961636462336138
- 34323637643834333635633366336132373034353865653864343335363139643066383536653362
- 3564393430333862650a333364343162613362633461383063323031343661303139343036623332
- 61656335373662653163393363633366643138383335653639343663613262323837623062373035
- 3431353931643661633362623166643763643039343862326664
- wireguard_mesh_pub_key: '1l8yIMvXfhtP+pKEB5ivOFDK99VtL++L5Z8hdnScHEg='
- wireguard_mesh_port: 10051
- wireguard_mesh_address: 'fdff:434f:43bb::1'
- wireguard_mesh_endpoint: '2a01:4f8:160:33c1:2::3'
- wireguard_mesh_mac_prefix: '02:ff:43:4f:43:1'
+ 37346162323035633263653630353265333838376165636664363434666263636230383339336535
+ 3666316438633539313137666461353133376532386434650a306262643965636431303138326436
+ 62306233303134653232663233343134393833643866396466663664656638663864656266386336
+ 3630343163393334390a303632663962316365626330613464353263616364366533316566633730
+ 32366232336331653366656237323561323939356235323864393463616133373035323763363261
+ 3937633731373231316433373866643365316637323134363931
+ wireguard_mesh_pub_key: 'dqyoKKWYSfaov1zc1SpKbtVJPsoCDui5NsFzTCoqkBs='
+ wireguard_mesh_port: 10013
+ wireguard_mesh_address: 'fe80::00ff:43ff:fe4f:4301'
+ wireguard_mesh_endpoint: '{{ ansible_host }}'
+ wireguard_mesh_mac: '02:ff:43:4f:43:01'
- name: 'ems'
net4: '10.222.200.0/21'
net6: '2a03:2260:1016:0502::/64'
@@ -55,7 +55,6 @@ sites:
33396464306363333965
fastd_mesh_mac: '02:ff:45:4d:53:20'
fastd_port1: 10020
- fastd_port2: 10021
bat_ipv6: '2a03:2260:1016:0502::1'
bat_ipv4: '10.222.200.1'
bat_ipv4_cidr: 21
@@ -63,22 +62,23 @@ sites:
dhcp_netmask: '255.255.248.0'
dhcp_start: '10.222.200.50'
dhcp_end: '10.222.207.250'
+ vxlan_id: 337565
wireguard_mesh_number: 2
wireguard_mesh_priv_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
- 65323566376335353033303561663336343266383032343333323564653162333136646130326436
- 3337643031616531346332383639396533623032356332390a393563373133643465613230356561
- 31393461396531373436316639653138306337633831376164373434616262323830396532353937
- 6230333938303038340a383664373762316363626664636639363736343836376637366362346231
- 39343462316361653932306438313537396536663830626137656565373363663161343463326637
- 3035626464626263316634373161396135363261336236613063
- wireguard_mesh_pub_key: '2RULJYV2+K8ZCmab91dqeCBDGSEJkJ5lPC3iJg0w3R8='
- wireguard_mesh_port: 10055
- wireguard_mesh_address: 'fdff:454d:53bb::2'
- wireguard_mesh_endpoint: '2a01:4f8:160:33c1:2::3'
- wireguard_mesh_mac_prefix: '02:ff:45:4d:53:2'
+ 64643165393762323161656536383934313365353664373636663937353531383333326164623434
+ 3063356664313437353465346430303233303233343965320a373733326437616163616464356436
+ 36323839353437656539383937333032353233316639363130666238303238623565363664613735
+ 3037313661383930640a346235346661353435633362373861633134396466376631336637663534
+ 34623365386161333230616339326665623535366333373436616633623634636139653766643165
+ 3334653163353965383235356266623566666136663832396461
+ wireguard_mesh_pub_key: 'bOg54QrGq1DjyVQ13DKNkRYXKSy2bwhy3UM+HfCJPE8='
+ wireguard_mesh_port: 10021
+ wireguard_mesh_address: 'fe80::00ff:45ff:fe4d:5302'
+ wireguard_mesh_endpoint: '{{ ansible_host }}'
+ wireguard_mesh_mac: '02:ff:45:4d:53:02'
wireguard_bb_name: 'niyawe3'
-wireguard_bb_endpoint: '2a01:4f8:160:33c1:2::3'
+wireguard_bb_endpoint: '{{ ansible_host }}'
wireguard_bb_priv_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
36646461356165306461613362613937343861353538646234656230313937386263663435366432
@@ -92,3 +92,13 @@ wireguard_bb_ipv4: '10.222.0.13'
wireguard_bb_ipv6: 'fe80::ffbb:ffbb:13'
wireguard_bb_port: 10113
preferred_uplink: 'uplink1'
+wgkex_host: 'vpn.freifunk-myk.de'
+wgkex_port: 18883
+wgkex_username: ff-niyawe3
+wgkex_password: !vault |
+ $ANSIBLE_VAULT;1.1;AES256
+ 62363231646533343134353534343233626435633966303235666436613634396663633137616566
+ 6339333737616234633435373634613235303464346131370a353564623762306133363534393864
+ 30323935373061386137316435313931616662336539396136613935623562303662613237376538
+ 3865643262306433380a656339303865376530353862336532313466393132396239626531303665
+ 30646361336632316334396432303330633837373237353836393166373965613762
diff --git a/host_vars/ff-niyawe4 b/host_vars/ff-niyawe4
index 641243b..427cb93 100644
--- a/host_vars/ff-niyawe4
+++ b/host_vars/ff-niyawe4
@@ -17,7 +17,6 @@ sites:
63613861373562663734
fastd_mesh_mac: '02:ff:57:57:00:10'
fastd_port1: 10022
- fastd_port2: 10023
bat_ipv6: '2a03:2260:1016:0701::1'
bat_ipv4: '10.30.16.1'
bat_ipv4_cidr: 21
@@ -25,6 +24,7 @@ sites:
dhcp_netmask: '255.255.248.0'
dhcp_start: '10.30.16.50'
dhcp_end: '10.30.23.250'
+ vxlan_id: 1234
wireguard_mesh_number: 1
wireguard_mesh_priv_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
@@ -35,10 +35,10 @@ sites:
32663837656534656163353539363539333266633239636662663061626337393232326235313731
6636626434626435646462663762613138366336316465656532
wireguard_mesh_pub_key: 'Uv5i4M/lo/abi9b7gsNbc+PE+bEhpz3jQR8jFfQY7mU='
- wireguard_mesh_port: 10057
+ wireguard_mesh_port: 10023
wireguard_mesh_address: 'fdff:5757:bb::1'
- wireguard_mesh_endpoint: '2a01:4f8:a0:9395:2::4'
- wireguard_mesh_mac_prefix: '02:ff:57:57:00:1'
+ wireguard_mesh_endpoint: '{{ ansible_host }}'
+ wireguard_mesh_mac: '02:ff:57:57:00:01'
- name: 'sim'
net4: '10.222.176.0/21'
net6: '2a03:2260:1016:0401::/64'
@@ -55,7 +55,6 @@ sites:
34343163616561343163
fastd_mesh_mac: '02:ff:53:49:4d:10'
fastd_port1: 10018
- fastd_port2: 10019
bat_ipv6: '2a03:2260:1016:0401::1'
bat_ipv4: '10.222.176.1'
bat_ipv4_cidr: 21
@@ -63,20 +62,21 @@ sites:
dhcp_netmask: '255.255.240.0'
dhcp_start: '10.222.176.50'
dhcp_end: '10.222.183.250'
+ vxlan_id: 10908477
wireguard_mesh_number: 1
wireguard_mesh_priv_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
- 30613965636361353637353963636263363931616566643364326162323765616266633033336538
- 3038653965303234356665646166623766616163353764300a303033323935376261303161366133
- 66306431323365626366383265303438643964343232383939616134303239633333363638333137
- 3936663331336261620a346263663935643962326663356639613531323735636164396461393936
- 66386466333833393635666431326664383830343765323438613364656631383338373163376537
- 6630303832313539383664366338383333633163633139366338
- wireguard_mesh_pub_key: 'leFz1AeyMu884CRWkET9epW3jGksyopaANNiskvAkmc='
- wireguard_mesh_port: 10054
- wireguard_mesh_address: 'fdff:5349:4dbb::1'
- wireguard_mesh_endpoint: '2a01:4f8:a0:9395:2::4'
- wireguard_mesh_mac_prefix: '02:ff:53:49:4d:1'
+ 61663530636333343161656664313464306533343934306335653137303463663663386663366463
+ 6538396238616663336633326564386663343531653831650a633230653464636337653431663238
+ 61363635616139643237626462306530313636383962653533626637666162643263323566373439
+ 6632366462303033370a396638303765323939343335383165643739313738366363396566376337
+ 65333237343631613636303639636231363331393262353566623564306330353038343562663464
+ 6335616665613065393164383332633162306137396133343030
+ wireguard_mesh_pub_key: '3587KYreUmBTyARprP+gRKlM7Uo6HH1JJYR5v9JcMkE='
+ wireguard_mesh_port: 10019
+ wireguard_mesh_address: 'fe80::00ff:53ff:fe49:4d01'
+ wireguard_mesh_endpoint: '{{ ansible_host }}'
+ wireguard_mesh_mac: '02:ff:53:49:4d:01'
- name: 'coc'
net4: '10.222.56.0/21'
net6: '2a03:2260:1016:0102::/64'
@@ -93,7 +93,6 @@ sites:
35346363653832386138
fastd_mesh_mac: '02:ff:43:4f:43:20'
fastd_port1: 10012
- fastd_port2: 10013
bat_ipv6: '2a03:2260:1016:0102::1'
bat_ipv4: '10.222.56.1'
bat_ipv4_cidr: 21
@@ -101,22 +100,23 @@ sites:
dhcp_netmask: '255.255.248.0'
dhcp_start: '10.222.56.50'
dhcp_end: '10.222.63.250'
+ vxlan_id: 10540244
wireguard_mesh_number: 2
wireguard_mesh_priv_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
- 30616336326166366137353934323334356336353933643561333432303134303766313664666265
- 3834626539666264366566343161636234313036613337340a663937353336333938656362373631
- 36633136386165636362643764306432353632626330386464316639646435323032313262313363
- 3861353234373533310a323166666232613861616637386262356266316336323263656336663366
- 35616566656538373633326531323766303532613861623765653839353933383732613761333230
- 6461633533373466346138656462346532303430653465306334
- wireguard_mesh_pub_key: 'gQH/0cJAwFzmUyoqQ/zkQt5Ez3r+UL+ZSbWcovJMCCw='
- wireguard_mesh_port: 10051
- wireguard_mesh_address: 'fdff:434f:43bb::2'
- wireguard_mesh_endpoint: '2a01:4f8:a0:9395:2::4'
- wireguard_mesh_mac_prefix: '02:ff:43:4f:43:2'
+ 36326163616362316539366532373738393861343162346362346165323431306133663066616632
+ 3333633636643530393030353930396165343134313531620a346361656539383935653061643633
+ 36613038613336313137656264663661646233396333396563643664346339356530666231633130
+ 6662326532323239300a653662653264636462353961383437623637636161363430643935326439
+ 37366265376637653531613537346663343364626332343931613462666366643231356335626631
+ 6238633631656139383733333739373733356430343132353330
+ wireguard_mesh_pub_key: 'qshyUBm3WTO0u+InjrJ5+oTv9xVzRGoOIuZOlC5/e2A='
+ wireguard_mesh_port: 10013
+ wireguard_mesh_address: 'fe80::00ff:43ff:fe4f:4302'
+ wireguard_mesh_endpoint: '{{ ansible_host }}'
+ wireguard_mesh_mac: '02:ff:43:4f:43:02'
wireguard_bb_name: 'niyawe4'
-wireguard_bb_endpoint: '2a01:4f8:a0:9395:2::4'
+wireguard_bb_endpoint: '{{ ansible_host }}'
wireguard_bb_priv_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
38383133393039323737656234336237336566363034316339373835336665356332363635353261
@@ -130,3 +130,13 @@ wireguard_bb_ipv4: '10.222.0.17'
wireguard_bb_ipv6: 'fe80::ffbb:ffbb:17'
wireguard_bb_port: 10117
preferred_uplink: 'uplink2'
+wgkex_host: 'vpn.freifunk-myk.de'
+wgkex_port: 18883
+wgkex_username: ff-niyawe4
+wgkex_password: !vault |
+ $ANSIBLE_VAULT;1.1;AES256
+ 62323766636136336331366539613065353562633734343362313330663637666636643132323564
+ 3039663063666264343665363030666230336230663637380a303432356537326436383665333533
+ 65363333323330373031363065666432303338303736373061383361396638663165383531643537
+ 6461373638343637640a646164353261326265663733633636313161346638313134616234633361
+ 65663365376233643562616132636565376334366336393836623335633530623037
diff --git a/inventory.ini b/inventory.ini
index ae445cb..98fbaa1 100644
--- a/inventory.ini
+++ b/inventory.ini
@@ -15,9 +15,6 @@ fastd-aw2
fastd-ko2
fastd-my2
-[wg]
-ff-wg-niyawe1
-
[icvpn]
ff-icvpn
diff --git a/roles/configure_iptables/templates/ip6tables.rules b/roles/configure_iptables/templates/ip6tables.rules
index 2a4f9d1..79d9f86 100644
--- a/roles/configure_iptables/templates/ip6tables.rules
+++ b/roles/configure_iptables/templates/ip6tables.rules
@@ -4,13 +4,13 @@
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-{% if 'fastd' in group_names or 'wg' in group_names %}
+{% if 'fastd' in group_names %}
{% for site in sites %}
-A PREROUTING -i bat{{ site.name }} -j MARK --set-xmark 0x1/0xffffffff
{% endfor %}
{% endif %}
-{% if 'fastd' in group_names or 'wg' in group_names %}
+{% if 'fastd' in group_names %}
{% for peer in groups['uplink'] %}
-A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff
{% endfor %}
@@ -19,9 +19,6 @@
{% for peer in groups['fastd'] %}
-A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff
{% endfor %}
-{% for peer in groups['wg'] %}
--A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff
-{% endfor %}
{% for peer in groups['uplink'] | difference([inventory_hostname]) %}
-A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff
{% endfor %}
@@ -45,34 +42,25 @@ COMMIT
# iperf3
-A INPUT -p tcp -m tcp -s 2a03:2260:1016::/48 --dport 5201 -j ACCEPT
-{% if 'fastd' in group_names or 'wg' in group_names %}
+{% if 'fastd' in group_names %}
# dns
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
# ntp
-A INPUT -p udp -m udp --dport 123 -j ACCEPT
-{% endif %}
-{% if 'fastd' in group_names %}
-# fastd
+# fastd / wg
-A INPUT -s 2a03:2260:1016::/48 -p udp -m udp --dport 10010:10023 -j DROP
-A INPUT -p udp -m udp --dport 10010:10023 -j ACCEPT
-{% endif %}
-{% if 'wg' in group_names %}
-# wg
--A INPUT -s 2a03:2260:1016::/48 -p udp -m udp --dport 10000 -j DROP
--A INPUT -p udp -m udp --dport 10000 -j ACCEPT
-{% endif %}
-{% if 'fastd' in group_names or 'wg' in group_names %}
# respondd
-A INPUT -i bat+ -p udp -m udp --dport 1001 -j ACCEPT
# wireguard_mesh
{% for site in sites %}
-A INPUT -p udp -m udp --dport {{ site.wireguard_mesh_port }} -j ACCEPT
--A INPUT -s {{ site.wireguard_mesh_address }}/48 -p gre -j ACCEPT
+-A INPUT -i wg{{ site.name }} -p udp --dport 8472 -j ACCEPT
{% endfor %}
{% endif %}
# wireguard_backbone
-{% if 'fastd' in group_names or 'wg' in group_names %}
+{% if 'fastd' in group_names %}
{% for peer in groups['uplink'] %}
-A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT
-A INPUT -p udp --dport {{ hostvars[peer]['wireguard_bb_port'] }} -j ACCEPT
@@ -83,10 +71,6 @@ COMMIT
-A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT
-A INPUT -p udp --dport {{ hostvars[peer]['wireguard_bb_port'] }} -j ACCEPT
{% endfor %}
-{% for peer in groups['wg'] %}
--A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT
--A INPUT -p udp --dport {{ hostvars[peer]['wireguard_bb_port'] }} -j ACCEPT
-{% endfor %}
{% for peer in groups['uplink'] | difference([inventory_hostname]) %}
-A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT
-A INPUT -p udp --dport {{ hostvars[peer]['wireguard_bb_port'] }} -j ACCEPT
@@ -108,9 +92,8 @@ COMMIT
# LOG
-A INPUT -m limit --limit 2/min -j LOG --log-prefix "IP6Tables-Dropped input: " --log-level 4
-{% if 'fastd' in group_names or 'wg' in group_names %}
+{% if 'fastd' in group_names %}
{% for site in sites %}
--A FORWARD -i bat{{ site.name }} -p udp --dport 10000 -j REJECT
-A FORWARD -i bat{{ site.name }} -p udp --dport 10010:10021 -j REJECT
{% endfor %}
{% endif %}
diff --git a/roles/configure_iptables/templates/iptables.rules b/roles/configure_iptables/templates/iptables.rules
index 704d519..2508445 100644
--- a/roles/configure_iptables/templates/iptables.rules
+++ b/roles/configure_iptables/templates/iptables.rules
@@ -10,7 +10,7 @@
{% endfor %}
{% endif %}
-{% if 'fastd' in group_names or 'wg' in group_names %}
+{% if 'fastd' in group_names %}
{% for peer in groups['uplink'] %}
-A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -j MARK --set-xmark 0x1/0xffffffff
{% endfor %}
@@ -19,9 +19,6 @@
{% for peer in groups['fastd'] %}
-A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -j MARK --set-xmark 0x1/0xffffffff
{% endfor %}
-{% for peer in groups['wg'] %}
--A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -j MARK --set-xmark 0x1/0xffffffff
-{% endfor %}
{% for peer in groups['uplink'] | difference([inventory_hostname]) %}
-A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -j MARK --set-xmark 0x1/0xffffffff
{% endfor %}
@@ -44,7 +41,7 @@ COMMIT
-A INPUT -p tcp -m tcp -s 10.30.0.0/18 --dport 5201 -j ACCEPT
-A INPUT -p tcp -m tcp -s 10.222.0.0/16 --dport 5201 -j ACCEPT
-{% if 'fastd' in group_names or 'wg' in group_names %}
+{% if 'fastd' in group_names %}
# dns
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
@@ -54,18 +51,14 @@ COMMIT
{% endfor %}
# ntp
-A INPUT -p udp -m udp --dport 123 -j ACCEPT
-{% endif %}
-{% if 'fastd' in group_names %}
-# fastd
+# fastd / wg
-A INPUT -s 10.30.0.0/18 -p udp -m udp --dport 10010:10023 -j DROP
-A INPUT -s 10.222.0.0/16 -p udp -m udp --dport 10010:10023 -j DROP
-A INPUT -p udp -m udp --dport 10010:10023 -j ACCEPT
-{% endif %}
-{% if 'wg' in group_names %}
-# wg
--A INPUT -s 10.30.0.0/18 -p udp -m udp --dport 10000 -j DROP
--A INPUT -s 10.222.0.0/16 -p udp -m udp --dport 10000 -j DROP
--A INPUT -p udp -m udp --dport 10000 -j ACCEPT
+# wireguard_mesh
+{% for site in sites %}
+-A INPUT -p udp -m udp --dport {{ site.wireguard_mesh_port }} -j ACCEPT
+{% endfor %}
{% endif %}
# MOSH
-A INPUT -p udp -m udp --dport 60000:61000 -j ACCEPT
@@ -83,9 +76,9 @@ COMMIT
-A INPUT -m limit --limit 2/min -j LOG --log-prefix "IPTables-Dropped input: " --log-level 4
-{% if 'fastd' in group_names or 'wg' in group_names %}
+{% if 'fastd' in group_names %}
{% for site in sites %}
--A FORWARD -i bat{{ site.name }} -p udp --dport 10010:10021 -j REJECT
+-A FORWARD -i bat{{ site.name }} -p udp --dport 10010:10023 -j REJECT
{% endfor %}
{% endif %}
-A FORWARD -o {{ ansible_default_ipv4.interface }} -j REJECT
diff --git a/roles/configure_static_routes/tasks/main.yml b/roles/configure_static_routes/tasks/main.yml
index b1d90b7..c98825f 100644
--- a/roles/configure_static_routes/tasks/main.yml
+++ b/roles/configure_static_routes/tasks/main.yml
@@ -13,9 +13,6 @@
- include_tasks: fastd_tasks.yml
when: "'fastd' in group_names"
-- include_tasks: wg_tasks.yml
- when: "'wg' in group_names"
-
- name: copy ffmyk iproute systemd service
copy:
src: ffmyk-iproute.service
diff --git a/roles/configure_static_routes/tasks/wg_tasks.yml b/roles/configure_static_routes/tasks/wg_tasks.yml
deleted file mode 100644
index 4cd1583..0000000
--- a/roles/configure_static_routes/tasks/wg_tasks.yml
+++ /dev/null
@@ -1,14 +0,0 @@
----
-- name: copy site specific iproute up config script
- template:
- src: ffmyk-iproute-up.j2
- dest: /usr/local/bin/ffmyk-iproute{{ item.name }}-up.sh
- mode: 0744
- with_items: "{{ sites }}"
-
-- name: copy site specific iproute down config script
- template:
- src: ffmyk-iproute-down.j2
- dest: /usr/local/bin/ffmyk-iproute{{ item.name }}-down.sh
- mode: 0744
- with_items: "{{ sites }}"
diff --git a/roles/configure_static_routes/templates/ffmyk-iproute-down.j2 b/roles/configure_static_routes/templates/ffmyk-iproute-down.j2
index d551203..fe4334d 100644
--- a/roles/configure_static_routes/templates/ffmyk-iproute-down.j2
+++ b/roles/configure_static_routes/templates/ffmyk-iproute-down.j2
@@ -1,10 +1,20 @@
#!/bin/bash
+{% if item.net4 is defined %}
ip -4 route del {{item.net4 }} dev bat{{ item.name }} proto static table ffmyk
+{% endif %}
+{% if item.net6 is defined %}
ip -6 route del {{item.net6 }} dev bat{{ item.name }} proto static table ffmyk
+{% endif %}
+{% if item.site_net6 is defined %}
ip -6 route del {{item.site_net6 }} dev bat{{ item.name }} proto static table ffmyk
+{% endif %}
ip -4 rule del iif bat{{ item.name }} table ffmyk
ip -6 rule del iif bat{{ item.name }} table ffmyk
+{% if item.net4 is defined %}
ip -4 rule del from {{ item.net4 }} table ffmyk
+{% endif %}
+{% if item.net6 is defined %}
ip -6 rule del from {{ item.net6 }} table ffmyk
+{% endif %}
diff --git a/roles/configure_static_routes/templates/ffmyk-iproute-up.j2 b/roles/configure_static_routes/templates/ffmyk-iproute-up.j2
index 29afdb9..87e63a5 100644
--- a/roles/configure_static_routes/templates/ffmyk-iproute-up.j2
+++ b/roles/configure_static_routes/templates/ffmyk-iproute-up.j2
@@ -2,12 +2,22 @@
ip -4 rule add iif bat{{ item.name }} table ffmyk priority 10
ip -6 rule add iif bat{{ item.name }} table ffmyk priority 10
+{% if item.net4 is defined %}
ip -4 rule add from {{ item.net4 }} table ffmyk priority 10
+{% endif %}
+{% if item.net6 is defined %}
ip -6 rule add from {{ item.net6 }} table ffmyk priority 10
+{% endif %}
ip -4 rule add from all iif bat{{ item.name }} type unreachable priority 200
ip -6 rule add from all iif bat{{ item.name }} type unreachable priority 200
+{% if item.net4 is defined %}
ip -4 route replace {{item.net4 }} dev bat{{ item.name }} proto static table ffmyk
+{% endif %}
+{% if item.net6 is defined %}
ip -6 route replace {{item.net6 }} dev bat{{ item.name }} proto static table ffmyk
+{% endif %}
+{% if item.site_net6 is defined %}
ip -6 route replace {{item.site_net6 }} dev bat{{ item.name }} proto static table ffmyk
+{% endif %}
diff --git a/roles/install_babeld/templates/babeld.conf.j2 b/roles/install_babeld/templates/babeld.conf.j2
index 9dcaa87..d714158 100644
--- a/roles/install_babeld/templates/babeld.conf.j2
+++ b/roles/install_babeld/templates/babeld.conf.j2
@@ -5,7 +5,7 @@
ipv6-subtrees true
# You must provide at least one interface for babeld to operate on.
-{% if ('fastd' in group_names or 'wg' in group_names) %}
+{% if ('fastd' in group_names) %}
{% for peer in groups['uplink'] %}
interface bb{{ hostvars[peer]['wireguard_bb_name'] }}
{% endfor %}
@@ -14,9 +14,6 @@ interface bb{{ hostvars[peer]['wireguard_bb_name'] }}
{% for peer in groups['fastd'] %}
interface bb{{ hostvars[peer]['wireguard_bb_name'] }}
{% endfor %}
-{% for peer in groups['wg'] %}
-interface bb{{ hostvars[peer]['wireguard_bb_name'] }}
-{% endfor %}
{% for peer in groups['uplink'] | difference([inventory_hostname]) %}
interface bb{{ hostvars[peer]['wireguard_bb_name'] }}
{% endfor %}
@@ -66,7 +63,7 @@ redistribute ip 64:ff9b::/96 allow
redistribute ip fd62:44e1:da::/48 allow
redistribute local deny
-{% if ('fastd' in group_names or 'wg' in group_names) and preferred_uplink is defined %}
+{% if ('fastd' in group_names) and preferred_uplink is defined %}
{% for peer in groups['uplink'] %}
{% if not hostvars[peer]['wireguard_bb_name'] == preferred_uplink %}
in if bb{{ hostvars[peer]['wireguard_bb_name'] }} metric 64
diff --git a/roles/install_monitoring/tasks/install_munin.yml b/roles/install_monitoring/tasks/install_munin.yml
index 8d01c9d..1a35928 100644
--- a/roles/install_monitoring/tasks/install_munin.yml
+++ b/roles/install_monitoring/tasks/install_munin.yml
@@ -143,9 +143,7 @@
src: /usr/lib/munin/plugins/if_
state: link
notify: restart munin-node
- with_items:
- - "{{ groups['fastd'] }}"
- - "{{ groups['wg'] }}"
+ with_items: "{{ groups['fastd'] }}"
when: "'uplink' in group_names"
- name: enable munin plugins for network monitoring (6/9)
diff --git a/roles/install_wgkex/files/wgkex.service b/roles/install_wgkex/files/wgkex.service
new file mode 100644
index 0000000..c549cf3
--- /dev/null
+++ b/roles/install_wgkex/files/wgkex.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=wgkex
+After=network.target
+
+[Service]
+ExecStart=/opt/wgkex/.venv/bin/python /opt/wgkex/wgkex/worker/app.py
+Restart=always
+WorkingDirectory=/opt/wgkex
+Environment=PYTHONPATH=/opt/wgkex
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/install_wgkex/handlers/main.yml b/roles/install_wgkex/handlers/main.yml
new file mode 100644
index 0000000..4b2e853
--- /dev/null
+++ b/roles/install_wgkex/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: restart wgkex
+ systemd:
+ name: wgkex.service
+ state: restarted
diff --git a/roles/install_wgkex/tasks/main.yml b/roles/install_wgkex/tasks/main.yml
new file mode 100644
index 0000000..c8b3264
--- /dev/null
+++ b/roles/install_wgkex/tasks/main.yml
@@ -0,0 +1,42 @@
+---
+- name: install wgkex dependencies
+ pacman:
+ name:
+ - git
+ - python-virtualenv
+ - python-setuptools
+ state: present
+
+- name: clone wgkex repo
+ git:
+ repo: https://github.com/FreifunkMYK/wgkex.git
+ dest: /opt/wgkex
+
+- name: create venv
+ command:
+ cmd: "python -m venv /opt/wgkex/.venv"
+ creates: /opt/wgkex/.venv
+
+- name: install requirements
+ pip:
+ requirements: /opt/wgkex/requirements.txt
+ virtualenv: /opt/wgkex/.venv
+
+- name: install wgkex config
+ template:
+ src: wgkex.yaml.j2
+ dest: /etc/wgkex.yaml
+ mode: 0644
+ notify: restart wgkex
+
+- name: create wgkex service
+ copy:
+ src: wgkex.service
+ dest: /etc/systemd/system/wgkex.service
+ mode: 0644
+
+- name: start and enable wgkex service
+ systemd:
+ name: wgkex
+ state: started
+ enabled: yes
diff --git a/roles/install_wgkex/templates/wgkex.yaml.j2 b/roles/install_wgkex/templates/wgkex.yaml.j2
new file mode 100644
index 0000000..a8aec9c
--- /dev/null
+++ b/roles/install_wgkex/templates/wgkex.yaml.j2
@@ -0,0 +1,12 @@
+---
+domains:
+{% for site in sites %}
+ - ff{{ site.name }}
+{% endfor %}
+mqtt:
+ broker_url: "{{ wgkex_host }}"
+ broker_port: {{ wgkex_port }}
+ username: "{{ wgkex_username }}"
+ password: "{{ wgkex_password }}"
+ keepalive: 5
+ tls: True
diff --git a/roles/install_wireguard_backbone/tasks/main.yml b/roles/install_wireguard_backbone/tasks/main.yml
index 82c024d..9ccfe05 100644
--- a/roles/install_wireguard_backbone/tasks/main.yml
+++ b/roles/install_wireguard_backbone/tasks/main.yml
@@ -5,10 +5,7 @@
dest: /etc/systemd/system/wgbackbone@.service
- include_tasks: fastd_tasks.yml
- when: "('fastd' in group_names)"
-
-- include_tasks: wg_tasks.yml
- when: "('wg' in group_names)"
+ when: "'fastd' in group_names"
- include_tasks: uplink_tasks.yml
when: "'uplink' in group_names"
diff --git a/roles/install_wireguard_backbone/tasks/uplink_tasks.yml b/roles/install_wireguard_backbone/tasks/uplink_tasks.yml
index dd68c76..ea906e5 100644
--- a/roles/install_wireguard_backbone/tasks/uplink_tasks.yml
+++ b/roles/install_wireguard_backbone/tasks/uplink_tasks.yml
@@ -4,9 +4,7 @@
src: wg.conf.j2
dest: /etc/wireguard/wgbb{{ hostvars[item]['wireguard_bb_name'] }}.conf
mode: 0400
- with_items:
- - "{{ groups['fastd'] }}"
- - "{{ groups['wg'] }}"
+ with_items: "{{ groups['fastd'] }}"
- name: create wireguard config for uplinks
template:
@@ -27,9 +25,7 @@
src: up.sh.j2
dest: /etc/wireguard/upbb{{ hostvars[item]['wireguard_bb_name'] }}.sh
mode: 0744
- with_items:
- - "{{ groups['fastd'] }}"
- - "{{ groups['wg'] }}"
+ with_items: "{{ groups['fastd'] }}"
- name: create wireguard up scripts for uplinks
template:
@@ -50,9 +46,7 @@
src: down.sh.j2
dest: /etc/wireguard/downbb{{ hostvars[item]['wireguard_bb_name'] }}.sh
mode: 0744
- with_items:
- - "{{ groups['fastd'] }}"
- - "{{ groups['wg'] }}"
+ with_items: "{{ groups['fastd'] }}"
- name: create wireguard down scripts for uplinks
template:
@@ -74,9 +68,7 @@
enabled: yes
state: started
daemon_reload: yes
- with_items:
- - "{{ groups['fastd'] }}"
- - "{{ groups['wg'] }}"
+ with_items: "{{ groups['fastd'] }}"
- name: start and enable wireguard mesh for uplinks
systemd:
diff --git a/roles/install_wireguard_backbone/tasks/wg_tasks.yml b/roles/install_wireguard_backbone/tasks/wg_tasks.yml
deleted file mode 100644
index d1d9974..0000000
--- a/roles/install_wireguard_backbone/tasks/wg_tasks.yml
+++ /dev/null
@@ -1,33 +0,0 @@
----
-- name: create wireguard config for peers
- template:
- src: wg.conf.j2
- dest: /etc/wireguard/wgbb{{ hostvars[item]['wireguard_bb_name'] }}.conf
- mode: 0400
- with_items:
- - "{{ groups['uplink'] }}"
-
-- name: create wireguard up scripts for peers
- template:
- src: up.sh.j2
- dest: /etc/wireguard/upbb{{ hostvars[item]['wireguard_bb_name'] }}.sh
- mode: 0744
- with_items:
- - "{{ groups['uplink'] }}"
-
-- name: create wireguard down scripts for peers
- template:
- src: down.sh.j2
- dest: /etc/wireguard/downbb{{ hostvars[item]['wireguard_bb_name'] }}.sh
- mode: 0744
- with_items:
- - "{{ groups['uplink'] }}"
-
-- name: start and enable wireguard mesh
- systemd:
- name: wgbackbone@{{ hostvars[item]['wireguard_bb_name'] }}.service
- enabled: yes
- state: started
- daemon_reload: yes
- with_items:
- - "{{ groups['uplink'] }}"
diff --git a/roles/install_wireguard_mesh/templates/down.sh.j2 b/roles/install_wireguard_mesh/templates/down.sh.j2
index 85489b5..67d95bd 100644
--- a/roles/install_wireguard_mesh/templates/down.sh.j2
+++ b/roles/install_wireguard_mesh/templates/down.sh.j2
@@ -1,8 +1,4 @@
#!/bin/bash
-{% for host in groups['fastd'] %}
-{% for site in hostvars[host]['sites'] if site.name == item.name and site.wireguard_mesh_number != item.wireguard_mesh_number %}
-batctl meshif bat{{ item.name }} if del mesh{{ item.name }}{{ site.wireguard_mesh_number }}
-ip link set down dev mesh{{ item.name }}{{ site.wireguard_mesh_number }}
-ip link del mesh{{ item.name }}{{ site.wireguard_mesh_number }} type ip6gretap
-{% endfor %}
-{% endfor %}
+batctl meshif bat{{ item.name }} if del vx{{ item.name }}
+ip link set down dev vx{{ item.name }}
+ip link del vx{{ item.name }} type vxlan
diff --git a/roles/install_wireguard_mesh/templates/up.sh.j2 b/roles/install_wireguard_mesh/templates/up.sh.j2
index 1f0c111..8164f2a 100644
--- a/roles/install_wireguard_mesh/templates/up.sh.j2
+++ b/roles/install_wireguard_mesh/templates/up.sh.j2
@@ -1,13 +1,15 @@
#!/bin/bash
+ip -6 link add vx{{ item.name }} type vxlan id {{ item.vxlan_id }} dstport 8472 local {{ item.wireguard_mesh_address }} dev wg{{ item.name }}
+ip link set mtu 1280 dev vx{{ item.name }}
+ip link set address {{ item.wireguard_mesh_mac }} dev vx{{ item.name }}
+ip link set up dev vx{{ item.name }}
+batctl meshif bat{{ item.name }} if add vx{{ item.name }}
{% for host in groups['fastd'] %}
{% for site in hostvars[host]['sites'] if site.name == item.name and site.wireguard_mesh_number != item.wireguard_mesh_number %}
-ip link add mesh{{ item.name }}{{ site.wireguard_mesh_number }} type ip6gretap remote {{ site.wireguard_mesh_address }} local {{ item.wireguard_mesh_address }} ttl 255 dev wg{{ item.name }}
-ip link set mtu 1280 dev mesh{{ item.name }}{{ site.wireguard_mesh_number }}
-ip link set address {{ item.wireguard_mesh_mac_prefix }}{{ site.wireguard_mesh_number }} dev mesh{{ item.name }}{{ site.wireguard_mesh_number }}
-ip link set up dev mesh{{ item.name }}{{ site.wireguard_mesh_number }}
-batctl meshif bat{{ item.name }} if add mesh{{ item.name }}{{ site.wireguard_mesh_number }}
+bridge fdb append 00:00:00:00:00:00 dev vx{{ item.name }} dst {{ site.wireguard_mesh_address }}
{% endfor %}
{% endfor %}
+{% if item.net4 is defined %}
batctl meshif bat{{ item.name }} gw server 1000000/1000000
batctl meshif bat{{ item.name }} it 10000
batctl meshif bat{{ item.name }} mm 1
@@ -15,3 +17,10 @@ batctl meshif bat{{ item.name }} hop_penalty 64
netctl start bat{{ item.name }}
systemctl restart dhcpd4.service
systemctl restart named.service
+{% else %}
+batctl meshif bat{{ item.name }} gw client
+batctl meshif bat{{ item.name }} it 10000
+batctl meshif bat{{ item.name }} mm 1
+batctl meshif bat{{ item.name }} hop_penalty 64
+netctl start bat{{ item.name }}
+{% endif %}
diff --git a/roles/install_wireguard_mesh/templates/wg.conf.j2 b/roles/install_wireguard_mesh/templates/wg.conf.j2
index 410d591..61bc469 100644
--- a/roles/install_wireguard_mesh/templates/wg.conf.j2
+++ b/roles/install_wireguard_mesh/templates/wg.conf.j2
@@ -1,7 +1,7 @@
[Interface]
ListenPort = {{ item.wireguard_mesh_port }}
PrivateKey = {{ item.wireguard_mesh_priv_key }}
-Address = {{ item.wireguard_mesh_address }}/48
+Address = {{ item.wireguard_mesh_address }}/128
MTU = 1400
PostUp = /etc/wireguard/up{{ item.name }}.sh
PreDown = /etc/wireguard/down{{ item.name }}.sh
diff --git a/roles/setup_batman/templates/netctl_bat.j2 b/roles/setup_batman/templates/netctl_bat.j2
index 5e11d74..1693775 100644
--- a/roles/setup_batman/templates/netctl_bat.j2
+++ b/roles/setup_batman/templates/netctl_bat.j2
@@ -1,8 +1,13 @@
Connection=ethernet
Interface=bat{{ item.name }}
+{% if item.net4 is defined %}
IP=static
IP6=static
Address6=({{ item.bat_ipv6 }}/64)
Address=({{ item.bat_ipv4 }}/{{ item.bat_ipv4_cidr }})
+{% else %}
+IP=no
+IP6=no
+{% endif %}
ExecUpPost=/usr/local/bin/ffmyk-iproute{{ item.name }}-up.sh
ExecDownPre=/usr/local/bin/ffmyk-iproute{{ item.name }}-down.sh
diff --git a/setup_fastd.yml b/setup_fastd.yml
index 1c28fc4..0a991cb 100644
--- a/setup_fastd.yml
+++ b/setup_fastd.yml
@@ -21,40 +21,13 @@
- install_wireguard_mesh
- install_wireguard_backbone
- install_babeld
+ - install_wgkex
- install_fastd
- install_mesh-announce
- install_monitoring
- install_iperf3
- update_ssh_keys
- install_admin_packages
-- name: setup wg gw
- hosts: wg
- user: root
- roles:
- - configure_journald
- - configure_sysctl
- - configure_iptables
- - configure_static_routes
- #- install_ssmtp
- - install_cronie
- #- install_php
- #- install_nginx
- - install_ntp
- - install_haveged
- - setup_batman
- #- install_dhcp
- #- install_radvd
- #- install_bind
- - install_wireguard
- #- install_wireguard_mesh
- - install_wireguard_backbone
- - install_babeld
- #- install_fastd
- #- install_mesh-announce
- #- install_monitoring
- - install_iperf3
- - update_ssh_keys
- - install_admin_packages
- name: basic uplink config
hosts: uplink
user: root