diff options
author | Niklas Yann Wettengel <niyawe@niyawe.de> | 2017-07-12 00:55:58 +0200 |
---|---|---|
committer | Niklas Yann Wettengel <niyawe@niyawe.de> | 2017-07-12 00:55:58 +0200 |
commit | 8bad801b15ab010f63cebf80691f658319873317 (patch) | |
tree | c7f3ef3e39de2f41e3cc8aa9b083b010a6299e23 /roles | |
parent | 6ef6aa8d628b0c7eeeec37d0c5b43df6d87f8b33 (diff) |
added routing between servers
Diffstat (limited to 'roles')
-rwxr-xr-x | roles/configure_static_routes/files/ffmyk-iproute.sh | 6 | ||||
-rw-r--r-- | roles/install_babeld/handlers/main.yml | 5 | ||||
-rw-r--r-- | roles/install_babeld/tasks/main.yml | 20 | ||||
-rw-r--r-- | roles/install_babeld/templates/babeld.conf.j2 | 59 | ||||
-rw-r--r-- | roles/install_wireguard_backbone/tasks/main.yml | 24 | ||||
-rw-r--r-- | roles/install_wireguard_backbone/templates/down.sh.j2 | 5 | ||||
-rw-r--r-- | roles/install_wireguard_backbone/templates/up.sh.j2 | 7 | ||||
-rw-r--r-- | roles/install_wireguard_backbone/templates/wg.conf.j2 | 15 |
8 files changed, 138 insertions, 3 deletions
diff --git a/roles/configure_static_routes/files/ffmyk-iproute.sh b/roles/configure_static_routes/files/ffmyk-iproute.sh index ee7f6a0..2a653e9 100755 --- a/roles/configure_static_routes/files/ffmyk-iproute.sh +++ b/roles/configure_static_routes/files/ffmyk-iproute.sh @@ -7,6 +7,6 @@ ip -6 route add unreachable default table ffmyk ip -4 rule add from all fwmark 0x1 table ffmyk ip -6 rule add from all fwmark 0x1 table ffmyk -#Alles mit Freifunk-IP - woher auch immer - gehlrt zu Tabelle ffmyk -ip -4 rule add from 10.222.0.0/16 table ffmyk -ip -6 rule add from 2001:470:cd45:FF00::/56 table ffmyk +#Alles mit Freifunk-IP - woher auch immer - gehört zu Tabelle ffmyk +#ip -4 rule add from 10.222.0.0/16 table ffmyk +#ip -6 rule add from 2001:470:cd45:FF00::/56 table ffmyk diff --git a/roles/install_babeld/handlers/main.yml b/roles/install_babeld/handlers/main.yml new file mode 100644 index 0000000..87ce21f --- /dev/null +++ b/roles/install_babeld/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: restart babeld + systemd: + name: babeld.service + state: restarted diff --git a/roles/install_babeld/tasks/main.yml b/roles/install_babeld/tasks/main.yml new file mode 100644 index 0000000..f3cd693 --- /dev/null +++ b/roles/install_babeld/tasks/main.yml @@ -0,0 +1,20 @@ +--- +- name: install fastd + become: yes + become_user: '{{ aur_user }}' + aur: + name: babeld + tool: yaourt + +- name: babeld.conf + template: + src: babeld.conf.j2 + dest: /etc/babeld.conf + mode: 0640 + notify: restart babeld + +- name: start and enable babeld service + systemd: + name: babeld.service + enabled: yes + state: started diff --git a/roles/install_babeld/templates/babeld.conf.j2 b/roles/install_babeld/templates/babeld.conf.j2 new file mode 100644 index 0000000..d654df8 --- /dev/null +++ b/roles/install_babeld/templates/babeld.conf.j2 @@ -0,0 +1,59 @@ +# Configuration for babeld. See the man page babeld(8) for +# details on the configuration format. + +# Works on Linux > 3.11 +ipv6-subtrees true + +# You must provide at least one interface for babeld to operate on. +{% for peer in wireguard_bb_peers %} +interface bb{{ peer.name }} +{% endfor %} +#interface wlan0 + +# Global options you might want to set. There are many more, see the man page. +#debug 1 +local-port 33123 +#diversity true +#random-id true + +# Per-interface configuration. Note that each interface referenced here +# will be used by babeld. +#interface eth1 rxcost 10 +#interface tun0 faraway true +#interface wlan0 hello-interval 1 + +# Since 1.4.2, you can also specify defaults for interface parameters, which +# will be used for all interfaces except specified otherwise (see above). +#default rxcost 42 +#default hello-interval 5 + +# Since 1.5.0, you can use the RTT-based metric, most useful for a network +# with tunnels (overlay network). +#default enable-timestamps true +#interface tun0 max-rtt-penalty 150 +#interface tun0 rtt-max 100 +default type wired max-rtt-penalty 128 +export-table 42 +import-table 42 + + +# Filtering rules. + +# Only accept routes included in a specific prefix. +#in ip 192.168.42.0/24 allow +#in ip 2001:db8:cafe:cafe::/64 allow +#in deny + +redistribute metric 128 +# Only redistribute addresses from a given prefix, to avoid redistributing +# all local addresses +redistribute ip 10.222.0.0/16 local allow +redistribute ip 2001:470:cd45:FF00::/56 local allow +redistribute local deny + +# Redistribute a default route obtained otherwise (here, through DHCP or +# configured statically). +# Note that babeld ignores kernel routes with proto 3 (boot) by default. +#redistribute proto 3 ip 0.0.0.0/0 eq 0 metric 50 +#redistribute proto 3 ip ::/0 eq 0 metric 50 + diff --git a/roles/install_wireguard_backbone/tasks/main.yml b/roles/install_wireguard_backbone/tasks/main.yml new file mode 100644 index 0000000..d0b725d --- /dev/null +++ b/roles/install_wireguard_backbone/tasks/main.yml @@ -0,0 +1,24 @@ +--- +- name: create wireguard config for sites + template: + src: wg.conf.j2 + dest: /etc/wireguard/wgbackbone.conf + mode: 0400 + +- name: create wireguard up scripts for sites + template: + src: up.sh.j2 + dest: /etc/wireguard/upbackbone.sh + mode: 0744 + +- name: create wireguard down scripts for sites + template: + src: down.sh.j2 + dest: /etc/wireguard/downbackbone.sh + mode: 0744 + +- name: start and enable wireguard mesh + systemd: + name: wg-quick@wgbackbone.service + enabled: yes + state: started diff --git a/roles/install_wireguard_backbone/templates/down.sh.j2 b/roles/install_wireguard_backbone/templates/down.sh.j2 new file mode 100644 index 0000000..07325bf --- /dev/null +++ b/roles/install_wireguard_backbone/templates/down.sh.j2 @@ -0,0 +1,5 @@ +#!/bin/bash +{% for peer in wireguard_bb_peers %} +ip link set down dev bb{{ peer.name }} +ip link del bb{{ peer.name }} type ip6gretap +{% endfor %} diff --git a/roles/install_wireguard_backbone/templates/up.sh.j2 b/roles/install_wireguard_backbone/templates/up.sh.j2 new file mode 100644 index 0000000..97985f9 --- /dev/null +++ b/roles/install_wireguard_backbone/templates/up.sh.j2 @@ -0,0 +1,7 @@ +#!/bin/bash +{% for peer in wireguard_bb_peers %} +ip link add bb{{ peer.name }} type ip6gretap remote {{ peer.address }} local {{ wireguard_bb_address }} ttl 255 dev wgbackbone +ip link set mtu 1280 dev bb{{ peer.name }} +ip link set up dev bb{{ peer.name }} +ip address add {{ wireguard_bb_gre_ipv4 }} peer {{ peer.gre_ipv4 }} dev bb{{ peer.name }} +{% endfor %} diff --git a/roles/install_wireguard_backbone/templates/wg.conf.j2 b/roles/install_wireguard_backbone/templates/wg.conf.j2 new file mode 100644 index 0000000..8e8841a --- /dev/null +++ b/roles/install_wireguard_backbone/templates/wg.conf.j2 @@ -0,0 +1,15 @@ +[Interface] +ListenPort = {{ wireguard_bb_port }} +PrivateKey = {{ wireguard_bb_key }} +Address = {{ wireguard_bb_address }}/48 +MTU = 1423 +PostUp = /etc/wireguard/upbackbone.sh +PreDown = /etc/wireguard/downbackbone.sh + +{% for peer in wireguard_bb_peers %} +[Peer] +PublicKey = {{ peer.key }} +AllowedIPs = {{ peer.address }}/128 +Endpoint = [{{ peer.endpoint }}]:{{ wireguard_bb_port }} +PersistentKeepalive = 30 +{% endfor %} |