added routing between servers

author: Niklas Yann Wettengel <niyawe@niyawe.de> 2017-07-12 00:55:58 +0200
committer: Niklas Yann Wettengel <niyawe@niyawe.de> 2017-07-12 00:55:58 +0200
commit: 8bad801b15ab010f63cebf80691f658319873317 (patch)
tree: c7f3ef3e39de2f41e3cc8aa9b083b010a6299e23 /roles/install_wireguard_backbone
parent: 6ef6aa8d628b0c7eeeec37d0c5b43df6d87f8b33 (diff)
4 files changed, 51 insertions, 0 deletions
diff --git a/roles/install_wireguard_backbone/tasks/main.yml b/roles/install_wireguard_backbone/tasks/main.yml
new file mode 100644
index 0000000..d0b725d
--- /dev/null
+++ b/roles/install_wireguard_backbone/tasks/main.yml
@@ -0,0 +1,24 @@
+---
+- name: create wireguard config for sites
+  template:
+      src: wg.conf.j2
+      dest: /etc/wireguard/wgbackbone.conf
+      mode: 0400
+
+- name: create wireguard up scripts for sites
+  template:
+      src: up.sh.j2
+      dest: /etc/wireguard/upbackbone.sh
+      mode: 0744
+
+- name: create wireguard down scripts for sites
+  template:
+      src: down.sh.j2
+      dest: /etc/wireguard/downbackbone.sh
+      mode: 0744
+
+- name: start and enable wireguard mesh
+  systemd:
+      name: wg-quick@wgbackbone.service
+      enabled: yes
+      state: started
diff --git a/roles/install_wireguard_backbone/templates/down.sh.j2 b/roles/install_wireguard_backbone/templates/down.sh.j2
new file mode 100644
index 0000000..07325bf
--- /dev/null
+++ b/roles/install_wireguard_backbone/templates/down.sh.j2
@@ -0,0 +1,5 @@
+#!/bin/bash
+{% for peer in wireguard_bb_peers %}
+ip link set down dev bb{{ peer.name }}
+ip link del bb{{ peer.name }} type ip6gretap
+{% endfor %}
diff --git a/roles/install_wireguard_backbone/templates/up.sh.j2 b/roles/install_wireguard_backbone/templates/up.sh.j2
new file mode 100644
index 0000000..97985f9
--- /dev/null
+++ b/roles/install_wireguard_backbone/templates/up.sh.j2
@@ -0,0 +1,7 @@
+#!/bin/bash
+{% for peer in wireguard_bb_peers %}
+ip link add bb{{ peer.name }} type ip6gretap remote {{ peer.address }} local {{ wireguard_bb_address }} ttl 255 dev wgbackbone
+ip link set mtu 1280 dev bb{{ peer.name }}
+ip link set up dev bb{{ peer.name }}
+ip address add {{ wireguard_bb_gre_ipv4 }} peer {{ peer.gre_ipv4 }} dev bb{{ peer.name }}
+{% endfor %}
diff --git a/roles/install_wireguard_backbone/templates/wg.conf.j2 b/roles/install_wireguard_backbone/templates/wg.conf.j2
new file mode 100644
index 0000000..8e8841a
--- /dev/null
+++ b/roles/install_wireguard_backbone/templates/wg.conf.j2
@@ -0,0 +1,15 @@
+[Interface]
+ListenPort = {{ wireguard_bb_port }}
+PrivateKey = {{ wireguard_bb_key }}
+Address = {{ wireguard_bb_address }}/48
+MTU = 1423
+PostUp = /etc/wireguard/upbackbone.sh
+PreDown = /etc/wireguard/downbackbone.sh
+
+{% for peer in wireguard_bb_peers %}
+[Peer]
+PublicKey = {{ peer.key }}
+AllowedIPs = {{ peer.address }}/128
+Endpoint = [{{ peer.endpoint }}]:{{ wireguard_bb_port }}
+PersistentKeepalive = 30
+{% endfor %}
author	Niklas Yann Wettengel <niyawe@niyawe.de>	2017-07-12 00:55:58 +0200
committer	Niklas Yann Wettengel <niyawe@niyawe.de>	2017-07-12 00:55:58 +0200
commit	8bad801b15ab010f63cebf80691f658319873317 (patch)
tree	c7f3ef3e39de2f41e3cc8aa9b083b010a6299e23 /roles/install_wireguard_backbone
parent	6ef6aa8d628b0c7eeeec37d0c5b43df6d87f8b33 (diff)