diff options
| author | Niklas Yann Wettengel <niyawe@niyawe.de> | 2021-07-28 01:12:10 +0200 |
|---|---|---|
| committer | Niklas Yann Wettengel <niyawe@niyawe.de> | 2021-07-28 01:12:10 +0200 |
| commit | 9ec1670a262597356c24bff27d473eccceb45b61 (patch) | |
| tree | 8d94c1ab62fef270ea45a103be179609272b3f82 /roles | |
| parent | f394fd81667a44e267e83d3c453101598a21c58c (diff) | |
wg
Diffstat (limited to 'roles')
19 files changed, 138 insertions, 127 deletions
diff --git a/roles/configure_iptables/templates/ip6tables.rules b/roles/configure_iptables/templates/ip6tables.rules index 2a4f9d1..79d9f86 100644 --- a/roles/configure_iptables/templates/ip6tables.rules +++ b/roles/configure_iptables/templates/ip6tables.rules @@ -4,13 +4,13 @@ :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -{% if 'fastd' in group_names or 'wg' in group_names %} +{% if 'fastd' in group_names %} {% for site in sites %} -A PREROUTING -i bat{{ site.name }} -j MARK --set-xmark 0x1/0xffffffff {% endfor %} {% endif %} -{% if 'fastd' in group_names or 'wg' in group_names %} +{% if 'fastd' in group_names %} {% for peer in groups['uplink'] %} -A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff {% endfor %} @@ -19,9 +19,6 @@ {% for peer in groups['fastd'] %} -A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff {% endfor %} -{% for peer in groups['wg'] %} --A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff -{% endfor %} {% for peer in groups['uplink'] | difference([inventory_hostname]) %} -A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff {% endfor %} @@ -45,34 +42,25 @@ COMMIT # iperf3 -A INPUT -p tcp -m tcp -s 2a03:2260:1016::/48 --dport 5201 -j ACCEPT -{% if 'fastd' in group_names or 'wg' in group_names %} +{% if 'fastd' in group_names %} # dns -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT -A INPUT -p udp -m udp --dport 53 -j ACCEPT # ntp -A INPUT -p udp -m udp --dport 123 -j ACCEPT -{% endif %} -{% if 'fastd' in group_names %} -# fastd +# fastd / wg -A INPUT -s 2a03:2260:1016::/48 -p udp -m udp --dport 10010:10023 -j DROP -A INPUT -p udp -m udp --dport 10010:10023 -j ACCEPT -{% endif %} -{% if 'wg' in group_names %} -# wg --A INPUT -s 2a03:2260:1016::/48 -p udp -m udp --dport 10000 -j DROP --A INPUT -p udp -m udp --dport 10000 -j ACCEPT -{% endif %} -{% if 'fastd' in group_names or 'wg' in group_names %} # respondd -A INPUT -i bat+ -p udp -m udp --dport 1001 -j ACCEPT # wireguard_mesh {% for site in sites %} -A INPUT -p udp -m udp --dport {{ site.wireguard_mesh_port }} -j ACCEPT --A INPUT -s {{ site.wireguard_mesh_address }}/48 -p gre -j ACCEPT +-A INPUT -i wg{{ site.name }} -p udp --dport 8472 -j ACCEPT {% endfor %} {% endif %} # wireguard_backbone -{% if 'fastd' in group_names or 'wg' in group_names %} +{% if 'fastd' in group_names %} {% for peer in groups['uplink'] %} -A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT -A INPUT -p udp --dport {{ hostvars[peer]['wireguard_bb_port'] }} -j ACCEPT @@ -83,10 +71,6 @@ COMMIT -A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT -A INPUT -p udp --dport {{ hostvars[peer]['wireguard_bb_port'] }} -j ACCEPT {% endfor %} -{% for peer in groups['wg'] %} --A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT --A INPUT -p udp --dport {{ hostvars[peer]['wireguard_bb_port'] }} -j ACCEPT -{% endfor %} {% for peer in groups['uplink'] | difference([inventory_hostname]) %} -A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT -A INPUT -p udp --dport {{ hostvars[peer]['wireguard_bb_port'] }} -j ACCEPT @@ -108,9 +92,8 @@ COMMIT # LOG -A INPUT -m limit --limit 2/min -j LOG --log-prefix "IP6Tables-Dropped input: " --log-level 4 -{% if 'fastd' in group_names or 'wg' in group_names %} +{% if 'fastd' in group_names %} {% for site in sites %} --A FORWARD -i bat{{ site.name }} -p udp --dport 10000 -j REJECT -A FORWARD -i bat{{ site.name }} -p udp --dport 10010:10021 -j REJECT {% endfor %} {% endif %} diff --git a/roles/configure_iptables/templates/iptables.rules b/roles/configure_iptables/templates/iptables.rules index 704d519..2508445 100644 --- a/roles/configure_iptables/templates/iptables.rules +++ b/roles/configure_iptables/templates/iptables.rules @@ -10,7 +10,7 @@ {% endfor %} {% endif %} -{% if 'fastd' in group_names or 'wg' in group_names %} +{% if 'fastd' in group_names %} {% for peer in groups['uplink'] %} -A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -j MARK --set-xmark 0x1/0xffffffff {% endfor %} @@ -19,9 +19,6 @@ {% for peer in groups['fastd'] %} -A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -j MARK --set-xmark 0x1/0xffffffff {% endfor %} -{% for peer in groups['wg'] %} --A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -j MARK --set-xmark 0x1/0xffffffff -{% endfor %} {% for peer in groups['uplink'] | difference([inventory_hostname]) %} -A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -j MARK --set-xmark 0x1/0xffffffff {% endfor %} @@ -44,7 +41,7 @@ COMMIT -A INPUT -p tcp -m tcp -s 10.30.0.0/18 --dport 5201 -j ACCEPT -A INPUT -p tcp -m tcp -s 10.222.0.0/16 --dport 5201 -j ACCEPT -{% if 'fastd' in group_names or 'wg' in group_names %} +{% if 'fastd' in group_names %} # dns -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT -A INPUT -p udp -m udp --dport 53 -j ACCEPT @@ -54,18 +51,14 @@ COMMIT {% endfor %} # ntp -A INPUT -p udp -m udp --dport 123 -j ACCEPT -{% endif %} -{% if 'fastd' in group_names %} -# fastd +# fastd / wg -A INPUT -s 10.30.0.0/18 -p udp -m udp --dport 10010:10023 -j DROP -A INPUT -s 10.222.0.0/16 -p udp -m udp --dport 10010:10023 -j DROP -A INPUT -p udp -m udp --dport 10010:10023 -j ACCEPT -{% endif %} -{% if 'wg' in group_names %} -# wg --A INPUT -s 10.30.0.0/18 -p udp -m udp --dport 10000 -j DROP --A INPUT -s 10.222.0.0/16 -p udp -m udp --dport 10000 -j DROP --A INPUT -p udp -m udp --dport 10000 -j ACCEPT +# wireguard_mesh +{% for site in sites %} +-A INPUT -p udp -m udp --dport {{ site.wireguard_mesh_port }} -j ACCEPT +{% endfor %} {% endif %} # MOSH -A INPUT -p udp -m udp --dport 60000:61000 -j ACCEPT @@ -83,9 +76,9 @@ COMMIT -A INPUT -m limit --limit 2/min -j LOG --log-prefix "IPTables-Dropped input: " --log-level 4 -{% if 'fastd' in group_names or 'wg' in group_names %} +{% if 'fastd' in group_names %} {% for site in sites %} --A FORWARD -i bat{{ site.name }} -p udp --dport 10010:10021 -j REJECT +-A FORWARD -i bat{{ site.name }} -p udp --dport 10010:10023 -j REJECT {% endfor %} {% endif %} -A FORWARD -o {{ ansible_default_ipv4.interface }} -j REJECT diff --git a/roles/configure_static_routes/tasks/main.yml b/roles/configure_static_routes/tasks/main.yml index b1d90b7..c98825f 100644 --- a/roles/configure_static_routes/tasks/main.yml +++ b/roles/configure_static_routes/tasks/main.yml @@ -13,9 +13,6 @@ - include_tasks: fastd_tasks.yml when: "'fastd' in group_names" -- include_tasks: wg_tasks.yml - when: "'wg' in group_names" - - name: copy ffmyk iproute systemd service copy: src: ffmyk-iproute.service diff --git a/roles/configure_static_routes/tasks/wg_tasks.yml b/roles/configure_static_routes/tasks/wg_tasks.yml deleted file mode 100644 index 4cd1583..0000000 --- a/roles/configure_static_routes/tasks/wg_tasks.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -- name: copy site specific iproute up config script - template: - src: ffmyk-iproute-up.j2 - dest: /usr/local/bin/ffmyk-iproute{{ item.name }}-up.sh - mode: 0744 - with_items: "{{ sites }}" - -- name: copy site specific iproute down config script - template: - src: ffmyk-iproute-down.j2 - dest: /usr/local/bin/ffmyk-iproute{{ item.name }}-down.sh - mode: 0744 - with_items: "{{ sites }}" diff --git a/roles/configure_static_routes/templates/ffmyk-iproute-down.j2 b/roles/configure_static_routes/templates/ffmyk-iproute-down.j2 index d551203..fe4334d 100644 --- a/roles/configure_static_routes/templates/ffmyk-iproute-down.j2 +++ b/roles/configure_static_routes/templates/ffmyk-iproute-down.j2 @@ -1,10 +1,20 @@ #!/bin/bash +{% if item.net4 is defined %} ip -4 route del {{item.net4 }} dev bat{{ item.name }} proto static table ffmyk +{% endif %} +{% if item.net6 is defined %} ip -6 route del {{item.net6 }} dev bat{{ item.name }} proto static table ffmyk +{% endif %} +{% if item.site_net6 is defined %} ip -6 route del {{item.site_net6 }} dev bat{{ item.name }} proto static table ffmyk +{% endif %} ip -4 rule del iif bat{{ item.name }} table ffmyk ip -6 rule del iif bat{{ item.name }} table ffmyk +{% if item.net4 is defined %} ip -4 rule del from {{ item.net4 }} table ffmyk +{% endif %} +{% if item.net6 is defined %} ip -6 rule del from {{ item.net6 }} table ffmyk +{% endif %} diff --git a/roles/configure_static_routes/templates/ffmyk-iproute-up.j2 b/roles/configure_static_routes/templates/ffmyk-iproute-up.j2 index 29afdb9..87e63a5 100644 --- a/roles/configure_static_routes/templates/ffmyk-iproute-up.j2 +++ b/roles/configure_static_routes/templates/ffmyk-iproute-up.j2 @@ -2,12 +2,22 @@ ip -4 rule add iif bat{{ item.name }} table ffmyk priority 10 ip -6 rule add iif bat{{ item.name }} table ffmyk priority 10 +{% if item.net4 is defined %} ip -4 rule add from {{ item.net4 }} table ffmyk priority 10 +{% endif %} +{% if item.net6 is defined %} ip -6 rule add from {{ item.net6 }} table ffmyk priority 10 +{% endif %} ip -4 rule add from all iif bat{{ item.name }} type unreachable priority 200 ip -6 rule add from all iif bat{{ item.name }} type unreachable priority 200 +{% if item.net4 is defined %} ip -4 route replace {{item.net4 }} dev bat{{ item.name }} proto static table ffmyk +{% endif %} +{% if item.net6 is defined %} ip -6 route replace {{item.net6 }} dev bat{{ item.name }} proto static table ffmyk +{% endif %} +{% if item.site_net6 is defined %} ip -6 route replace {{item.site_net6 }} dev bat{{ item.name }} proto static table ffmyk +{% endif %} diff --git a/roles/install_babeld/templates/babeld.conf.j2 b/roles/install_babeld/templates/babeld.conf.j2 index 9dcaa87..d714158 100644 --- a/roles/install_babeld/templates/babeld.conf.j2 +++ b/roles/install_babeld/templates/babeld.conf.j2 @@ -5,7 +5,7 @@ ipv6-subtrees true # You must provide at least one interface for babeld to operate on. -{% if ('fastd' in group_names or 'wg' in group_names) %} +{% if ('fastd' in group_names) %} {% for peer in groups['uplink'] %} interface bb{{ hostvars[peer]['wireguard_bb_name'] }} {% endfor %} @@ -14,9 +14,6 @@ interface bb{{ hostvars[peer]['wireguard_bb_name'] }} {% for peer in groups['fastd'] %} interface bb{{ hostvars[peer]['wireguard_bb_name'] }} {% endfor %} -{% for peer in groups['wg'] %} -interface bb{{ hostvars[peer]['wireguard_bb_name'] }} -{% endfor %} {% for peer in groups['uplink'] | difference([inventory_hostname]) %} interface bb{{ hostvars[peer]['wireguard_bb_name'] }} {% endfor %} @@ -66,7 +63,7 @@ redistribute ip 64:ff9b::/96 allow redistribute ip fd62:44e1:da::/48 allow redistribute local deny -{% if ('fastd' in group_names or 'wg' in group_names) and preferred_uplink is defined %} +{% if ('fastd' in group_names) and preferred_uplink is defined %} {% for peer in groups['uplink'] %} {% if not hostvars[peer]['wireguard_bb_name'] == preferred_uplink %} in if bb{{ hostvars[peer]['wireguard_bb_name'] }} metric 64 diff --git a/roles/install_monitoring/tasks/install_munin.yml b/roles/install_monitoring/tasks/install_munin.yml index 8d01c9d..1a35928 100644 --- a/roles/install_monitoring/tasks/install_munin.yml +++ b/roles/install_monitoring/tasks/install_munin.yml @@ -143,9 +143,7 @@ src: /usr/lib/munin/plugins/if_ state: link notify: restart munin-node - with_items: - - "{{ groups['fastd'] }}" - - "{{ groups['wg'] }}" + with_items: "{{ groups['fastd'] }}" when: "'uplink' in group_names" - name: enable munin plugins for network monitoring (6/9) diff --git a/roles/install_wgkex/files/wgkex.service b/roles/install_wgkex/files/wgkex.service new file mode 100644 index 0000000..c549cf3 --- /dev/null +++ b/roles/install_wgkex/files/wgkex.service @@ -0,0 +1,12 @@ +[Unit] +Description=wgkex +After=network.target + +[Service] +ExecStart=/opt/wgkex/.venv/bin/python /opt/wgkex/wgkex/worker/app.py +Restart=always +WorkingDirectory=/opt/wgkex +Environment=PYTHONPATH=/opt/wgkex + +[Install] +WantedBy=multi-user.target diff --git a/roles/install_wgkex/handlers/main.yml b/roles/install_wgkex/handlers/main.yml new file mode 100644 index 0000000..4b2e853 --- /dev/null +++ b/roles/install_wgkex/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: restart wgkex + systemd: + name: wgkex.service + state: restarted diff --git a/roles/install_wgkex/tasks/main.yml b/roles/install_wgkex/tasks/main.yml new file mode 100644 index 0000000..c8b3264 --- /dev/null +++ b/roles/install_wgkex/tasks/main.yml @@ -0,0 +1,42 @@ +--- +- name: install wgkex dependencies + pacman: + name: + - git + - python-virtualenv + - python-setuptools + state: present + +- name: clone wgkex repo + git: + repo: https://github.com/FreifunkMYK/wgkex.git + dest: /opt/wgkex + +- name: create venv + command: + cmd: "python -m venv /opt/wgkex/.venv" + creates: /opt/wgkex/.venv + +- name: install requirements + pip: + requirements: /opt/wgkex/requirements.txt + virtualenv: /opt/wgkex/.venv + +- name: install wgkex config + template: + src: wgkex.yaml.j2 + dest: /etc/wgkex.yaml + mode: 0644 + notify: restart wgkex + +- name: create wgkex service + copy: + src: wgkex.service + dest: /etc/systemd/system/wgkex.service + mode: 0644 + +- name: start and enable wgkex service + systemd: + name: wgkex + state: started + enabled: yes diff --git a/roles/install_wgkex/templates/wgkex.yaml.j2 b/roles/install_wgkex/templates/wgkex.yaml.j2 new file mode 100644 index 0000000..a8aec9c --- /dev/null +++ b/roles/install_wgkex/templates/wgkex.yaml.j2 @@ -0,0 +1,12 @@ +--- +domains: +{% for site in sites %} + - ff{{ site.name }} +{% endfor %} +mqtt: + broker_url: "{{ wgkex_host }}" + broker_port: {{ wgkex_port }} + username: "{{ wgkex_username }}" + password: "{{ wgkex_password }}" + keepalive: 5 + tls: True diff --git a/roles/install_wireguard_backbone/tasks/main.yml b/roles/install_wireguard_backbone/tasks/main.yml index 82c024d..9ccfe05 100644 --- a/roles/install_wireguard_backbone/tasks/main.yml +++ b/roles/install_wireguard_backbone/tasks/main.yml @@ -5,10 +5,7 @@ dest: /etc/systemd/system/wgbackbone@.service - include_tasks: fastd_tasks.yml - when: "('fastd' in group_names)" - -- include_tasks: wg_tasks.yml - when: "('wg' in group_names)" + when: "'fastd' in group_names" - include_tasks: uplink_tasks.yml when: "'uplink' in group_names" diff --git a/roles/install_wireguard_backbone/tasks/uplink_tasks.yml b/roles/install_wireguard_backbone/tasks/uplink_tasks.yml index dd68c76..ea906e5 100644 --- a/roles/install_wireguard_backbone/tasks/uplink_tasks.yml +++ b/roles/install_wireguard_backbone/tasks/uplink_tasks.yml @@ -4,9 +4,7 @@ src: wg.conf.j2 dest: /etc/wireguard/wgbb{{ hostvars[item]['wireguard_bb_name'] }}.conf mode: 0400 - with_items: - - "{{ groups['fastd'] }}" - - "{{ groups['wg'] }}" + with_items: "{{ groups['fastd'] }}" - name: create wireguard config for uplinks template: @@ -27,9 +25,7 @@ src: up.sh.j2 dest: /etc/wireguard/upbb{{ hostvars[item]['wireguard_bb_name'] }}.sh mode: 0744 - with_items: - - "{{ groups['fastd'] }}" - - "{{ groups['wg'] }}" + with_items: "{{ groups['fastd'] }}" - name: create wireguard up scripts for uplinks template: @@ -50,9 +46,7 @@ src: down.sh.j2 dest: /etc/wireguard/downbb{{ hostvars[item]['wireguard_bb_name'] }}.sh mode: 0744 - with_items: - - "{{ groups['fastd'] }}" - - "{{ groups['wg'] }}" + with_items: "{{ groups['fastd'] }}" - name: create wireguard down scripts for uplinks template: @@ -74,9 +68,7 @@ enabled: yes state: started daemon_reload: yes - with_items: - - "{{ groups['fastd'] }}" - - "{{ groups['wg'] }}" + with_items: "{{ groups['fastd'] }}" - name: start and enable wireguard mesh for uplinks systemd: diff --git a/roles/install_wireguard_backbone/tasks/wg_tasks.yml b/roles/install_wireguard_backbone/tasks/wg_tasks.yml deleted file mode 100644 index d1d9974..0000000 --- a/roles/install_wireguard_backbone/tasks/wg_tasks.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -- name: create wireguard config for peers - template: - src: wg.conf.j2 - dest: /etc/wireguard/wgbb{{ hostvars[item]['wireguard_bb_name'] }}.conf - mode: 0400 - with_items: - - "{{ groups['uplink'] }}" - -- name: create wireguard up scripts for peers - template: - src: up.sh.j2 - dest: /etc/wireguard/upbb{{ hostvars[item]['wireguard_bb_name'] }}.sh - mode: 0744 - with_items: - - "{{ groups['uplink'] }}" - -- name: create wireguard down scripts for peers - template: - src: down.sh.j2 - dest: /etc/wireguard/downbb{{ hostvars[item]['wireguard_bb_name'] }}.sh - mode: 0744 - with_items: - - "{{ groups['uplink'] }}" - -- name: start and enable wireguard mesh - systemd: - name: wgbackbone@{{ hostvars[item]['wireguard_bb_name'] }}.service - enabled: yes - state: started - daemon_reload: yes - with_items: - - "{{ groups['uplink'] }}" diff --git a/roles/install_wireguard_mesh/templates/down.sh.j2 b/roles/install_wireguard_mesh/templates/down.sh.j2 index 85489b5..67d95bd 100644 --- a/roles/install_wireguard_mesh/templates/down.sh.j2 +++ b/roles/install_wireguard_mesh/templates/down.sh.j2 @@ -1,8 +1,4 @@ #!/bin/bash -{% for host in groups['fastd'] %} -{% for site in hostvars[host]['sites'] if site.name == item.name and site.wireguard_mesh_number != item.wireguard_mesh_number %} -batctl meshif bat{{ item.name }} if del mesh{{ item.name }}{{ site.wireguard_mesh_number }} -ip link set down dev mesh{{ item.name }}{{ site.wireguard_mesh_number }} -ip link del mesh{{ item.name }}{{ site.wireguard_mesh_number }} type ip6gretap -{% endfor %} -{% endfor %} +batctl meshif bat{{ item.name }} if del vx{{ item.name }} +ip link set down dev vx{{ item.name }} +ip link del vx{{ item.name }} type vxlan diff --git a/roles/install_wireguard_mesh/templates/up.sh.j2 b/roles/install_wireguard_mesh/templates/up.sh.j2 index 1f0c111..8164f2a 100644 --- a/roles/install_wireguard_mesh/templates/up.sh.j2 +++ b/roles/install_wireguard_mesh/templates/up.sh.j2 @@ -1,13 +1,15 @@ #!/bin/bash +ip -6 link add vx{{ item.name }} type vxlan id {{ item.vxlan_id }} dstport 8472 local {{ item.wireguard_mesh_address }} dev wg{{ item.name }} +ip link set mtu 1280 dev vx{{ item.name }} +ip link set address {{ item.wireguard_mesh_mac }} dev vx{{ item.name }} +ip link set up dev vx{{ item.name }} +batctl meshif bat{{ item.name }} if add vx{{ item.name }} {% for host in groups['fastd'] %} {% for site in hostvars[host]['sites'] if site.name == item.name and site.wireguard_mesh_number != item.wireguard_mesh_number %} -ip link add mesh{{ item.name }}{{ site.wireguard_mesh_number }} type ip6gretap remote {{ site.wireguard_mesh_address }} local {{ item.wireguard_mesh_address }} ttl 255 dev wg{{ item.name }} -ip link set mtu 1280 dev mesh{{ item.name }}{{ site.wireguard_mesh_number }} -ip link set address {{ item.wireguard_mesh_mac_prefix }}{{ site.wireguard_mesh_number }} dev mesh{{ item.name }}{{ site.wireguard_mesh_number }} -ip link set up dev mesh{{ item.name }}{{ site.wireguard_mesh_number }} -batctl meshif bat{{ item.name }} if add mesh{{ item.name }}{{ site.wireguard_mesh_number }} +bridge fdb append 00:00:00:00:00:00 dev vx{{ item.name }} dst {{ site.wireguard_mesh_address }} {% endfor %} {% endfor %} +{% if item.net4 is defined %} batctl meshif bat{{ item.name }} gw server 1000000/1000000 batctl meshif bat{{ item.name }} it 10000 batctl meshif bat{{ item.name }} mm 1 @@ -15,3 +17,10 @@ batctl meshif bat{{ item.name }} hop_penalty 64 netctl start bat{{ item.name }} systemctl restart dhcpd4.service systemctl restart named.service +{% else %} +batctl meshif bat{{ item.name }} gw client +batctl meshif bat{{ item.name }} it 10000 +batctl meshif bat{{ item.name }} mm 1 +batctl meshif bat{{ item.name }} hop_penalty 64 +netctl start bat{{ item.name }} +{% endif %} diff --git a/roles/install_wireguard_mesh/templates/wg.conf.j2 b/roles/install_wireguard_mesh/templates/wg.conf.j2 index 410d591..61bc469 100644 --- a/roles/install_wireguard_mesh/templates/wg.conf.j2 +++ b/roles/install_wireguard_mesh/templates/wg.conf.j2 @@ -1,7 +1,7 @@ [Interface] ListenPort = {{ item.wireguard_mesh_port }} PrivateKey = {{ item.wireguard_mesh_priv_key }} -Address = {{ item.wireguard_mesh_address }}/48 +Address = {{ item.wireguard_mesh_address }}/128 MTU = 1400 PostUp = /etc/wireguard/up{{ item.name }}.sh PreDown = /etc/wireguard/down{{ item.name }}.sh diff --git a/roles/setup_batman/templates/netctl_bat.j2 b/roles/setup_batman/templates/netctl_bat.j2 index 5e11d74..1693775 100644 --- a/roles/setup_batman/templates/netctl_bat.j2 +++ b/roles/setup_batman/templates/netctl_bat.j2 @@ -1,8 +1,13 @@ Connection=ethernet Interface=bat{{ item.name }} +{% if item.net4 is defined %} IP=static IP6=static Address6=({{ item.bat_ipv6 }}/64) Address=({{ item.bat_ipv4 }}/{{ item.bat_ipv4_cidr }}) +{% else %} +IP=no +IP6=no +{% endif %} ExecUpPost=/usr/local/bin/ffmyk-iproute{{ item.name }}-up.sh ExecDownPre=/usr/local/bin/ffmyk-iproute{{ item.name }}-down.sh |