summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--bootstrap_arch.yml15
-rw-r--r--group_vars/all3
-rw-r--r--group_vars/fastd (renamed from group_vars/uplink)4
-rw-r--r--host_vars/fastd-aw268
-rw-r--r--host_vars/fastd-ko268
-rw-r--r--host_vars/fastd-my268
-rw-r--r--host_vars/ff-icvpn17
-rw-r--r--host_vars/ff-loppermann1104
-rw-r--r--host_vars/ff-niyawe1241
-rw-r--r--host_vars/ff-niyawe2203
-rw-r--r--host_vars/ff-niyawe3104
-rw-r--r--host_vars/ff-niyawe4104
-rw-r--r--host_vars/ff-uplink155
-rw-r--r--host_vars/ff-uplink255
-rw-r--r--inventory.ini25
-rw-r--r--roles/configure_iptables/templates/ip6tables.rules45
-rw-r--r--roles/configure_iptables/templates/iptables.rules26
-rw-r--r--roles/configure_static_routes/tasks/fastd_tasks.yml14
-rw-r--r--roles/configure_static_routes/tasks/main.yml15
-rw-r--r--roles/configure_sysctl/files/ff.conf12
-rw-r--r--roles/install_babeld/templates/babeld.conf.j227
-rw-r--r--roles/install_bind/templates/named.conf.j22
-rw-r--r--roles/install_monitoring/tasks/install_munin.yml55
-rw-r--r--roles/install_monitoring/tasks/main.yml1
-rw-r--r--roles/install_monitoring/templates/ffmyk-influx/traffic.php.j23
-rw-r--r--roles/install_monitoring/templates/munin-node.conf.j22
-rw-r--r--roles/install_wg_add/tasks/main.yml30
-rw-r--r--roles/install_wg_add/templates/wg_add.service.j210
-rw-r--r--roles/install_wireguard_backbone/tasks/fastd_tasks.yml33
-rw-r--r--roles/install_wireguard_backbone/tasks/main.yml60
-rw-r--r--roles/install_wireguard_backbone/tasks/uplink_tasks.yml87
-rw-r--r--setup_fastd.yml31
32 files changed, 565 insertions, 1022 deletions
diff --git a/bootstrap_arch.yml b/bootstrap_arch.yml
deleted file mode 100644
index 5b8f7c1..0000000
--- a/bootstrap_arch.yml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-- name: reboot vserver into rescue image
- hosts: new_fastds
- connection: local
- gather_facts: no
- vars:
- ansible_python_interpreter: /usr/bin/python
- roles:
- - role: boot-rescue
-
-- name: install archlinux
- hosts: new_fastds
- user: root
- roles:
- - role: install_arch
diff --git a/group_vars/all b/group_vars/all
index 39bb8d0..a80c4fd 100644
--- a/group_vars/all
+++ b/group_vars/all
@@ -1,7 +1,4 @@
---
-hetzner_webservice_username: '<hetzner_webservice_username>'
-hetzner_webservice_password: '<hetzner_webservice_password>'
-rescue_authorized_key: '<fingerprint of ssh key to use in rescue mode>'
authorized_keys:
- sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJipjvUGQNrDqXjIulGP/y52+y44BkkZDSguN/1NGI6AAAAABHNzaDo= niyawe@yubikey-uni
- sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAILUmx9SpIHap0rpGqR54VBkO6v+JxJn0e6p01eJ8ZMQkAAAABHNzaDo= niyawe@yubikey
diff --git a/group_vars/uplink b/group_vars/fastd
index 94e1ede..21708ae 100644
--- a/group_vars/uplink
+++ b/group_vars/fastd
@@ -7,7 +7,3 @@ wireguard_bb_peers:
pub_key: 'LobyJ67+/rGkTcFSchnJMz76MGVBAz5FrFypYq9GnzQ='
ipv4: '10.222.0.212'
port: 10151
- - name: 'wwlabs'
- pub_key: 'M1w/4tX99dcw6IuKHZW48tPFSXYH4drLTmjVg1ToTSI='
- ipv4: '10.222.0.200'
- port: 10152
diff --git a/host_vars/fastd-aw2 b/host_vars/fastd-aw2
deleted file mode 100644
index 351a5c9..0000000
--- a/host_vars/fastd-aw2
+++ /dev/null
@@ -1,68 +0,0 @@
----
-# patrik
-ansible_host: 2a01:4f8:1c0c:51f8::1
-#ansible_host: 195.201.25.206
-sites:
- - name: 'aw'
- net4: '10.222.88.0/21'
- net6: '2a03:2260:1016:0202::/64'
- site_net6: 'fd62:44e1:da:0200::/64'
- fastd_secret: !vault |
- $ANSIBLE_VAULT;1.1;AES256
- 64316166303564616561623661653739386434373564646630396361366262303737346632656136
- 3164613138393838616235343936633162333032323563320a666235383763383766373761623533
- 36313135643830623363353966653138346364646639386339393664366565323265366630333362
- 6264633837626133300a373133353532656331623038346637643834613563383435366534393865
- 31343432663535653364643564306533383333303939656232336232306136663839376662656332
- 63396465303038396531653239323264346233313563636261613231343763306130316530386262
- 31316432383834323237386138336434663365643732643732323439313564303337636466393334
- 63613666333161366366
- fastd_mesh_mac: '02:ff:41:57:00:20'
- fastd_port1: 10014
- bat_ipv6: '2a03:2260:1016:0202::1'
- bat_ipv4: '10.222.88.1'
- bat_ipv4_cidr: 21
- dhcp_subnet: '10.222.88.0'
- dhcp_netmask: '255.255.248.0'
- dhcp_start: '10.222.88.50'
- dhcp_end: '10.222.95.250'
- vxlan_id: 11443185
- wireguard_mesh_number: 2
- wireguard_mesh_priv_key: !vault |
- $ANSIBLE_VAULT;1.1;AES256
- 63616334663237313761666462326564376439633631633839373434393636366363666139653239
- 3361623733653863613637616439616266393039316332380a373031626239383537316536353862
- 66616563356131333439303665303039393965383939383038646236643063613231616330363938
- 6536333561353564620a353634613666383430656639313231363431313662386138396236313364
- 61653766653462343937396636643132323137636331346132313763313135633263613230366336
- 6461376335353964343564383335346366633438383566653066
- wireguard_mesh_pub_key: 'm3JXl4RCr9xNeWo9L2GXiGVCpPvRX3maaLUw6qPse1I='
- wireguard_mesh_port: 10015
- wireguard_mesh_address: 'fe80::00ff:41ff:fe57:2'
- wireguard_mesh_endpoint: '{{ ansible_host }}'
- wireguard_mesh_mac: '02:ff:41:57:00:02'
-wireguard_bb_name: 'fastd-aw2'
-wireguard_bb_endpoint: '{{ ansible_host }}'
-wireguard_bb_priv_key: !vault |
- $ANSIBLE_VAULT;1.1;AES256
- 36623563623837633836333132656663613264633233666563343464333234643761643534373939
- 3130356363653765363231623363663136326237343235390a376265333366656631333139313765
- 32633264393838366331376439323165313161356434353863376463643063373335623038376136
- 3834336631623764370a303635333565633964343338633133373637383961353633373732653963
- 66383933376532626564623234323533643364343962343261663937656666346639383761393333
- 3430666665633636663133353639353666393530616364663733
-wireguard_bb_pub_key: 'auh+jqp39w0GUdYimKvTP0YXZrK7rQw8DhD5NkvQPFw='
-wireguard_bb_ipv4: '10.222.0.22'
-wireguard_bb_ipv6: 'fe80::ffbb:ffbb:22'
-wireguard_bb_port: 10122
-preferred_uplink: 'uplink2'
-wgkex_host: 'vpn.freifunk-myk.de'
-wgkex_port: 18883
-wgkex_username: fastd-aw2
-wgkex_password: !vault |
- $ANSIBLE_VAULT;1.1;AES256
- 64666261663332636331613262383063353234646633393261653239333137373339656235306531
- 3865643538633738666330326664663866633138353938370a616134363036353233353365363935
- 39656435303966353230396230613164653838633335623365396537303164633965356539633765
- 3633346564303162630a373962336437356638346265346137643736316135343636633431323665
- 38396434663337366233343831393163653061623532346431323265643537626532
diff --git a/host_vars/fastd-ko2 b/host_vars/fastd-ko2
deleted file mode 100644
index 735f184..0000000
--- a/host_vars/fastd-ko2
+++ /dev/null
@@ -1,68 +0,0 @@
----
-# sebastian
-ansible_host: 2a01:4f8:1c0c:5a31::1
-#ansible_host: 195.201.34.44
-sites:
- - name: 'ko'
- net4: '10.222.24.0/21'
- net6: '2a03:2260:1016:0002::/64'
- site_net6: 'fd62:44e1:da::/64'
- fastd_secret: !vault |
- $ANSIBLE_VAULT;1.1;AES256
- 32616565386335373931326566326366306138386431303537386639373339306264613665613936
- 3630343838353631633832393265653666656164623434330a636537666266663835303561393437
- 61666665666162353665386434646439323730393839643464303237383034303066623731386638
- 6461303434383162300a303332333031396233383637653737393933636164653833303333633466
- 39336465616562613838646139303462306131326364356265366564356131343866313164356365
- 61623137653661633062613334633231633438626234303064363063396437666431353839313764
- 37313535646131393963353562353862363933373765316531656531353835653231643031383236
- 39633866633130373430
- fastd_mesh_mac: '02:ff:4b:4f:00:20'
- fastd_port1: 10010
- bat_ipv6: '2a03:2260:1016:0002::1'
- bat_ipv4: '10.222.24.1'
- bat_ipv4_cidr: 21
- dhcp_subnet: '10.222.24.0'
- dhcp_netmask: '255.255.248.0'
- dhcp_start: '10.222.24.50'
- dhcp_end: '10.222.31.250'
- vxlan_id: 10891866
- wireguard_mesh_number: 2
- wireguard_mesh_priv_key: !vault |
- $ANSIBLE_VAULT;1.1;AES256
- 63313939383639656138636261363033336636303837303565623733663038646637363261386666
- 3562656362636434653131623133396134646666633338320a303435636432363333376130626265
- 66306336363565303433353731646336353764353333383339303865346334636334343231343266
- 3732316335656636630a623364343866633765653232336363653335613065663639626439656533
- 65313464663534626566613238666237623562383763316331306463643339636138623166623964
- 3438626431373233666532623433313337356530346563323838
- wireguard_mesh_pub_key: 'Nv+aZ3cD6a9qvsrXipMbVG7kGiXV3e7tb92MTbyXDl4='
- wireguard_mesh_port: 10011
- wireguard_mesh_address: 'fe80::00ff:4bff:fe4f:2'
- wireguard_mesh_endpoint: '{{ ansible_host }}'
- wireguard_mesh_mac: '02:ff:4b:4f:00:02'
-wireguard_bb_name: 'fastd-ko2'
-wireguard_bb_endpoint: '{{ ansible_host }}'
-wireguard_bb_priv_key: !vault |
- $ANSIBLE_VAULT;1.1;AES256
- 31626338356431653462646438666437656665303438626335323664353134643332393566393064
- 3636616531666332643838343366386266306562376330620a376364396565613630626263633566
- 63646264653535633731313634343164313164666565643063643936383035333534336562353166
- 6463353237363833660a383662373330393631356166633631343333643838396632333562333236
- 35363466663630626431393131363933393237366232336664346266333236646662336664646130
- 3564653830613265346431316634383031613237386430333434
-wireguard_bb_pub_key: 'XuiByKNbIQgLQGx/t+3ezco7pIAIi81+VAuFrVcWSUc='
-wireguard_bb_ipv4: '10.222.0.24'
-wireguard_bb_ipv6: 'fe80::ffbb:ffbb:24'
-wireguard_bb_port: 10124
-preferred_uplink: 'uplink2'
-wgkex_host: 'vpn.freifunk-myk.de'
-wgkex_port: 18883
-wgkex_username: fastd-ko2
-wgkex_password: !vault |
- $ANSIBLE_VAULT;1.1;AES256
- 34643130343634366435323131373837303930313232636536386464363831326530623561393031
- 3431653039363730643661333131343066363261623461370a376136616131666138626133666439
- 34633765336366386532373436353763663337306633363532363332356163363938376335346135
- 6266366561383638360a636261383661363039323162336639303338373133613437326165666335
- 35633734383037343934383032313336376437656138333832393234616439316338
diff --git a/host_vars/fastd-my2 b/host_vars/fastd-my2
deleted file mode 100644
index dd7b457..0000000
--- a/host_vars/fastd-my2
+++ /dev/null
@@ -1,68 +0,0 @@
----
-# norbert
-ansible_host: 2a01:4f8:1c17:4584::1
-#ansible_host: 88.99.33.198
-sites:
- - name: 'my'
- net4: '10.222.72.0/21'
- net6: '2a03:2260:1016:0302::/64'
- site_net6: 'fd62:44e1:da:300::/64'
- fastd_secret: !vault |
- $ANSIBLE_VAULT;1.1;AES256
- 36356665356465363064623732316337393137633133383133666330353238636432643232383534
- 3136386561663630633461653132626531666336663962650a363164343264623664316465663264
- 39336561346634623530636464646261313362383533363336383138663435346265626563646461
- 3231313735313266610a373663363966303961363039346137353132353864326639343732613032
- 33626665646364643036633662316234366666303364373434656137666233613030386562643662
- 37663232306135643461376435653263333834366163663634646164326236643730356135386464
- 31303439643035643732306162666261393735333334323433306633313635373363636364306663
- 36396363306537636164
- fastd_mesh_mac: '02:ff:4d:59:00:20'
- fastd_port1: 10016
- bat_ipv6: '2a03:2260:1016:0302::1'
- bat_ipv4: '10.222.72.1'
- bat_ipv4_cidr: 21
- dhcp_subnet: '10.222.72.0'
- dhcp_netmask: '255.255.248.0'
- dhcp_start: '10.222.72.50'
- dhcp_end: '10.222.79.250'
- vxlan_id: 6118532
- wireguard_mesh_number: 2
- wireguard_mesh_priv_key: !vault |
- $ANSIBLE_VAULT;1.1;AES256
- 30353832633365613063633862383665666263393331323435393138643030393231643438353366
- 3039393736333564666530346630346130653138316436370a613763333334663731326363653863
- 39653139326462636531376136306666313537336265636334393831633035613337383464383838
- 3564356534323262370a393434353238383535363135393734636261633533323462623932366436
- 64613834363539303233356262373630373264623337356131623939646365653061663831343262
- 6464393331633661356232323338653137333635396137373636
- wireguard_mesh_pub_key: 'pwwP7VxQsVyi/GUSLvyenhHgf71SNKaGwItThTWGHDg='
- wireguard_mesh_port: 10017
- wireguard_mesh_address: 'fe80::00ff:4dff:fe59:2'
- wireguard_mesh_endpoint: '{{ ansible_host }}'
- wireguard_mesh_mac: '02:ff:4d:59:00:02'
-wireguard_bb_name: 'fastd-my2'
-wireguard_bb_endpoint: '{{ ansible_host }}'
-wireguard_bb_priv_key: !vault |
- $ANSIBLE_VAULT;1.1;AES256
- 31323234396564386130646230326533323530633565643963346464366536363735346336363239
- 6261336638633538323639386130613234643264623666650a393134653365333432366466353539
- 31373361363865396232386338613732303362313664613163386135626165303439653937663836
- 6166636133613536660a303939666363323834643061623331613764323364636233323233373730
- 37626635663362666661636233393964316265346234663163326233303534633331393265383563
- 6638646166656631356139343363393535656662386632366262
-wireguard_bb_pub_key: 'xu+2mCB1HcDllIkVao40CWgvkSxTFzKKEL4qmVD/Nxo='
-wireguard_bb_ipv4: '10.222.0.32'
-wireguard_bb_ipv6: 'fe80::ffbb:ffbb:32'
-wireguard_bb_port: 10132
-preferred_uplink: 'uplink1'
-wgkex_host: 'vpn.freifunk-myk.de'
-wgkex_port: 18883
-wgkex_username: fastd-my2
-wgkex_password: !vault |
- $ANSIBLE_VAULT;1.1;AES256
- 39393164393433366239363561663166663734643333656562633536623538313334366331393132
- 3964333964613465343433306431656662663863393935380a313835396238333239373938633739
- 35616265643332333434323962323935346137313138623964643464383838653532613732313037
- 3962376161346262350a316332333734373338666333666564373537383633313364346263306361
- 32303065396339623566373134306665316430663332656364643633656132633031
diff --git a/host_vars/ff-icvpn b/host_vars/ff-icvpn
deleted file mode 100644
index 29dbd21..0000000
--- a/host_vars/ff-icvpn
+++ /dev/null
@@ -1,17 +0,0 @@
----
-ansible_host: 2a01:4f8:a0:9395:2::2
-#ansible_host: 10.0.2.2
-wireguard_bb_name: 'icvpn'
-wireguard_bb_endpoint: '2a01:4f8:a0:9395:2::2'
-wireguard_bb_priv_key: !vault |
- $ANSIBLE_VAULT;1.1;AES256
- 61646262616232306664383039393736396631346566336433653535373537383934653562336431
- 3134333836366261366536326333613563623262393832320a393865396533643430393230336538
- 31326536666265646465383130623864383764393633366631613864333433396664373361326563
- 3634666165323136620a653434386561623137343662336563306461373930623036376561626534
- 37306337326630373366353665616164386266616439333238653734353963383137376135663132
- 6630393136373536653361336635366161396537363830633731
-wireguard_bb_pub_key: 'BYV6zwYofS7R3tThEPV//G+OJUaWM3q0L73mfBZHnBs='
-wireguard_bb_ipv4: '10.222.0.5'
-wireguard_bb_ipv6: 'fe80::ffbb:ffbb:5'
-wireguard_bb_port: 10105
diff --git a/host_vars/ff-loppermann1 b/host_vars/ff-loppermann1
deleted file mode 100644
index ebb00a8..0000000
--- a/host_vars/ff-loppermann1
+++ /dev/null
@@ -1,104 +0,0 @@
----
-ansible_host: 2a01:4f8:140:1242:ff::2
-sites:
- - name: 'aw'
- net4: '10.222.80.0/21'
- net6: '2a03:2260:1016:0201::/64'
- site_net6: 'fd62:44e1:da:0200::/64'
- fastd_secret: !vault |
- $ANSIBLE_VAULT;1.1;AES256
- 66613864623830333561306634656664623831613235336463353433393835623633313531636164
- 3132343936323530316438366530343336393366343735390a643862663163366661383963366461
- 63356536333162306635653863386430306463323963633066626336663837633762356632393163
- 3661353338313935330a303338343231393965333534633438396261633431613734646265373830
- 30623665633364343639646539616262666663333830396363336436343938613266333963363432
- 65303930366339626331356230316236396138653735666431633437313436303862363437313738
- 38626439626562386264623534646238666436656362633432666137666334643366303733396132
- 35396461636664396633
- fastd_mesh_mac: '02:ff:41:57:00:10'
- fastd_port1: 10014
- bat_ipv6: '2a03:2260:1016:0201::1'
- bat_ipv4: '10.222.80.1'
- bat_ipv4_cidr: 21
- dhcp_subnet: '10.222.80.0'
- dhcp_netmask: '255.255.248.0'
- dhcp_start: '10.222.80.50'
- dhcp_end: '10.222.87.250'
- vxlan_id: 11443185
- wireguard_mesh_number: 1
- wireguard_mesh_priv_key: !vault |
- $ANSIBLE_VAULT;1.1;AES256
- 35303461376637356232386239353362353333383966613030646361313338663839646666306237
- 3433636237396630623830303938663735376337666337640a346635616337306235376434643265
- 66396465393962326635313966653533313638646361383638373836313063346361343364306636
- 3033393631306137630a333763386666623835623635633839616165616362633836626135323530
- 35393363646161333062396139626563383334383262333066636663663634353635626334383935
- 3437616563363566613736623361633934643962643662366338
- wireguard_mesh_pub_key: 'tf/eNi+WOlsoXTmtAvQEwRv64YME0SIE+rlQysLd/Dc='
- wireguard_mesh_port: 10015
- wireguard_mesh_address: 'fe80::00ff:41ff:fe57:1'
- wireguard_mesh_endpoint: '{{ ansible_host }}'
- wireguard_mesh_mac: '02:ff:41:57:00:01'
- - name: 'sim'
- net4: '10.222.184.0/21'
- net6: '2a03:2260:1016:0402::/64'
- site_net6: 'fd62:44e1:da:0400::/64'
- fastd_secret: !vault |
- $ANSIBLE_VAULT;1.1;AES256
- 39303135363836313137613238633137646235366637393463346132366361363465303531653565
- 3439336633396532303563613536333264373863663933650a653566626462346133363433333337
- 64333138353862613937653065613136323238666336363635643062643538363265323335643766
- 6465393863393630640a643531376464336334346530393764376139623033336139616138653534
- 64616531313665336365323331616263613336313938316663383437353532316631636138663661
- 37666538656533346365393435316630323065316336303138373962393038653831623339656634
- 37343837373965393866653965366335636563303931333465656539316563646162626261633535
- 34303934616666633764
- fastd_mesh_mac: '02:ff:53:49:4d:20'
- fastd_port1: 10018
- bat_ipv6: '2a03:2260:1016:0402::1'
- bat_ipv4: '10.222.184.1'
- bat_ipv4_cidr: 21
- dhcp_subnet: '10.222.184.0'
- dhcp_netmask: '255.255.248.0'
- dhcp_start: '10.222.184.50'
- dhcp_end: '10.222.191.250'
- vxlan_id: 10908477
- wireguard_mesh_number: 2
- wireguard_mesh_priv_key: !vault |
- $ANSIBLE_VAULT;1.1;AES256
- 31343338643330396338336365636336363537633939396265336639666464643563353362613863
- 3234616436313331303433613837663033653437323839340a663838646136323265653861636539
- 63373462646430376265356533363932393861626133356536306237373730303132313366306538
- 3034653565386462640a666361653236373562653464643562636232303965663437376535646363
- 63333662333630383162326166323239333966323537303238353164373939343735366230313031
- 3731663830326363323062363637663730313736383139353732
- wireguard_mesh_pub_key: 'hDx+zhY9WgabV3Sgp7fsfRRqNIzOP5z0Tl2t7wZjzBw='
- wireguard_mesh_port: 10019
- wireguard_mesh_address: 'fe80::00ff:53ff:fe49:4d02'
- wireguard_mesh_endpoint: '{{ ansible_host }}'
- wireguard_mesh_mac: '02:ff:53:49:4d:02'
-wireguard_bb_name: 'loppermann1'
-wireguard_bb_endpoint: '{{ ansible_host }}'
-wireguard_bb_priv_key: !vault |
- $ANSIBLE_VAULT;1.1;AES256
- 34613832343432386134316533323739613464396461396463303535393937353233363534346362
- 6431363963643730616432636330336133363530383265310a306437333232316139623062616665
- 36666430633238333465646335326465376633366332666463653832356138306365643831383435
- 3361653037313064380a653836363633326165316238373336666566323032646566396632353038
- 32303638633662623336323635636263643037653066346264313933363364386636663735343133
- 3939356136366262313239353438303536353038646233373665
-wireguard_bb_pub_key: 'tTjxt1sr5pI6i9jgYKHwMnwF55TE8pQot30okV8Ewi0='
-wireguard_bb_ipv4: '10.222.0.16'
-wireguard_bb_ipv6: 'fe80::ffbb:ffbb:16'
-wireguard_bb_port: 10116
-preferred_uplink: 'uplink1'
-wgkex_host: 'vpn.freifunk-myk.de'
-wgkex_port: 18883
-wgkex_username: ff-loppermann1
-wgkex_password: !vault |
- $ANSIBLE_VAULT;1.1;AES256
- 34346166646261616633633164303864613233366165653866636437386164316335376639623066
- 3935323336386461373463353964633562636631643134340a643463373766383864376636663438
- 62336333386162663236613165393162316262333362633438623239633933643830663964373161
- 3365666263623435350a363661656362643738653662316539316535373064393933633637386638
- 63336462333631343838343634343162336436313262336432313233393235393765
diff --git a/host_vars/ff-niyawe1 b/host_vars/ff-niyawe1
index 30ea966..c3d4942 100644
--- a/host_vars/ff-niyawe1
+++ b/host_vars/ff-niyawe1
@@ -1,7 +1,121 @@
---
-ansible_host: 2a01:4f8:151:13cd:2::3
+ansible_host: 2a01:4f8:272:3d5f:2::2
#ansible_host: 10.0.1.6
sites:
+ - name: 'aw'
+ net4: '10.222.80.0/21'
+ net6: '2a03:2260:1016:0201::/64'
+ site_net6: 'fd62:44e1:da:0200::/64'
+ fastd_secret: !vault |
+ $ANSIBLE_VAULT;1.1;AES256
+ 66613864623830333561306634656664623831613235336463353433393835623633313531636164
+ 3132343936323530316438366530343336393366343735390a643862663163366661383963366461
+ 63356536333162306635653863386430306463323963633066626336663837633762356632393163
+ 3661353338313935330a303338343231393965333534633438396261633431613734646265373830
+ 30623665633364343639646539616262666663333830396363336436343938613266333963363432
+ 65303930366339626331356230316236396138653735666431633437313436303862363437313738
+ 38626439626562386264623534646238666436656362633432666137666334643366303733396132
+ 35396461636664396633
+ fastd_mesh_mac: '02:ff:41:57:00:10'
+ fastd_port1: 10014
+ bat_ipv6: '2a03:2260:1016:0201::1'
+ bat_ipv4: '10.222.80.1'
+ bat_ipv4_cidr: 21
+ dhcp_subnet: '10.222.80.0'
+ dhcp_netmask: '255.255.248.0'
+ dhcp_start: '10.222.80.50'
+ dhcp_end: '10.222.87.250'
+ vxlan_id: 11443185
+ wireguard_mesh_number: 1
+ wireguard_mesh_priv_key: !vault |
+ $ANSIBLE_VAULT;1.1;AES256
+ 35303461376637356232386239353362353333383966613030646361313338663839646666306237
+ 3433636237396630623830303938663735376337666337640a346635616337306235376434643265
+ 66396465393962326635313966653533313638646361383638373836313063346361343364306636
+ 3033393631306137630a333763386666623835623635633839616165616362633836626135323530
+ 35393363646161333062396139626563383334383262333066636663663634353635626334383935
+ 3437616563363566613736623361633934643962643662366338
+ wireguard_mesh_pub_key: 'tf/eNi+WOlsoXTmtAvQEwRv64YME0SIE+rlQysLd/Dc='
+ wireguard_mesh_port: 10015
+ wireguard_mesh_address: 'fe80::00ff:41ff:fe57:1'
+ wireguard_mesh_endpoint: '{{ ansible_host }}'
+ wireguard_mesh_mac: '02:ff:41:57:00:01'
+ - name: 'coc'
+ net4: '10.222.48.0/21'
+ net6: '2a03:2260:1016:0101::/64'
+ site_net6: 'fd62:44e1:da:0100::/64'
+ fastd_secret: !vault |
+ $ANSIBLE_VAULT;1.1;AES256
+ 36343336633735316533356365663562633136316164346335613665343736643538613033323837
+ 3163666137323238323535623663393466343061393432640a363838366533663135366665343137
+ 64393938336636336230306333376365646631393432333934326631366666363266633631366636
+ 3232396339613063360a356636623235333161633630363361653064626232386132393065363961
+ 64653535613861636633303164353964393461376432646539656332373461626139333166343163
+ 65376133646361616539303338373164623933633061663635353338643036396332656332643738
+ 61626236323463623362613335653436643631356362343866333035623662336262323166616163
+ 61303232626638303231
+ fastd_mesh_mac: '02:ff:43:4f:43:10'
+ fastd_port1: 10012
+ bat_ipv6: '2a03:2260:1016:0101::1'
+ bat_ipv4: '10.222.48.1'
+ bat_ipv4_cidr: 21
+ dhcp_subnet: '10.222.48.0'
+ dhcp_netmask: '255.255.248.0'
+ dhcp_start: '10.222.48.50'
+ dhcp_end: '10.222.55.250'
+ vxlan_id: 10540244
+ wireguard_mesh_number: 1
+ wireguard_mesh_priv_key: !vault |
+ $ANSIBLE_VAULT;1.1;AES256
+ 37346162323035633263653630353265333838376165636664363434666263636230383339336535
+ 3666316438633539313137666461353133376532386434650a306262643965636431303138326436
+ 62306233303134653232663233343134393833643866396466663664656638663864656266386336
+ 3630343163393334390a303632663962316365626330613464353263616364366533316566633730
+ 32366232336331653366656237323561323939356235323864393463616133373035323763363261
+ 3937633731373231316433373866643365316637323134363931
+ wireguard_mesh_pub_key: 'dqyoKKWYSfaov1zc1SpKbtVJPsoCDui5NsFzTCoqkBs='
+ wireguard_mesh_port: 10013
+ wireguard_mesh_address: 'fe80::00ff:43ff:fe4f:4301'
+ wireguard_mesh_endpoint: '{{ ansible_host }}'
+ wireguard_mesh_mac: '02:ff:43:4f:43:01'
+ - name: 'ems'
+ net4: '10.222.200.0/21'
+ net6: '2a03:2260:1016:0502::/64'
+ site_net6: 'fd62:44e1:da:0500::/64'
+ fastd_secret: !vault |
+ $ANSIBLE_VAULT;1.1;AES256
+ 39643432623937346662666565393066356635346236313562376339373665653837376365326531
+ 3366643661613065303837353830666566356266613036650a383531336266363036366664323439
+ 64636330346166306464353564363266303836666134373739646566306337333666356231616364
+ 3635616561323332340a323665353031653566646562393430666261363834353036663938636634
+ 62363261663531383464646262306237353233346535623235643561633435623939646262313561
+ 30656531313664326663666661636465303239353331356633353238363433336561316264613037
+ 33636239303465623333316561653732653638633632343165383934313738303365633937373038
+ 33396464306363333965
+ fastd_mesh_mac: '02:ff:45:4d:53:20'
+ fastd_port1: 10020
+ bat_ipv6: '2a03:2260:1016:0502::1'
+ bat_ipv4: '10.222.200.1'
+ bat_ipv4_cidr: 21
+ dhcp_subnet: '10.222.200.0'
+ dhcp_netmask: '255.255.248.0'
+ dhcp_start: '10.222.200.50'
+ dhcp_end: '10.222.207.250'
+ vxlan_id: 337565
+ wireguard_mesh_number: 2
+ wireguard_mesh_priv_key: !vault |
+ $ANSIBLE_VAULT;1.1;AES256
+ 64643165393762323161656536383934313365353664373636663937353531383333326164623434
+ 3063356664313437353465346430303233303233343965320a373733326437616163616464356436
+ 36323839353437656539383937333032353233316639363130666238303238623565363664613735
+ 3037313661383930640a346235346661353435633362373861633134396466376631336637663534
+ 34623365386161333230616339326665623535366333373436616633623634636139653766643165
+ 3334653163353965383235356266623566666136663832396461
+ wireguard_mesh_pub_key: 'bOg54QrGq1DjyVQ13DKNkRYXKSy2bwhy3UM+HfCJPE8='
+ wireguard_mesh_port: 10021
+ wireguard_mesh_address: 'fe80::00ff:45ff:fe4d:5302'
+ wireguard_mesh_endpoint: '{{ ansible_host }}'
+ wireguard_mesh_mac: '02:ff:45:4d:53:02'
- name: 'ko'
net4: '10.222.16.0/21'
net6: '2a03:2260:1016:0001::/64'
@@ -40,6 +154,82 @@ sites:
wireguard_mesh_address: 'fe80::00ff:4bff:fe4f:1'
wireguard_mesh_endpoint: '{{ ansible_host }}'
wireguard_mesh_mac: '02:ff:4b:4f:00:01'
+ - name: 'my'
+ net4: '10.222.72.0/21'
+ net6: '2a03:2260:1016:0302::/64'
+ site_net6: 'fd62:44e1:da:300::/64'
+ fastd_secret: !vault |
+ $ANSIBLE_VAULT;1.1;AES256
+ 36356665356465363064623732316337393137633133383133666330353238636432643232383534
+ 3136386561663630633461653132626531666336663962650a363164343264623664316465663264
+ 39336561346634623530636464646261313362383533363336383138663435346265626563646461
+ 3231313735313266610a373663363966303961363039346137353132353864326639343732613032
+ 33626665646364643036633662316234366666303364373434656137666233613030386562643662
+ 37663232306135643461376435653263333834366163663634646164326236643730356135386464
+ 31303439643035643732306162666261393735333334323433306633313635373363636364306663
+ 36396363306537636164
+ fastd_mesh_mac: '02:ff:4d:59:00:20'
+ fastd_port1: 10016
+ bat_ipv6: '2a03:2260:1016:0302::1'
+ bat_ipv4: '10.222.72.1'
+ bat_ipv4_cidr: 21
+ dhcp_subnet: '10.222.72.0'
+ dhcp_netmask: '255.255.248.0'
+ dhcp_start: '10.222.72.50'
+ dhcp_end: '10.222.79.250'
+ vxlan_id: 6118532
+ wireguard_mesh_number: 2
+ wireguard_mesh_priv_key: !vault |
+ $ANSIBLE_VAULT;1.1;AES256
+ 30353832633365613063633862383665666263393331323435393138643030393231643438353366
+ 3039393736333564666530346630346130653138316436370a613763333334663731326363653863
+ 39653139326462636531376136306666313537336265636334393831633035613337383464383838
+ 3564356534323262370a393434353238383535363135393734636261633533323462623932366436
+ 64613834363539303233356262373630373264623337356131623939646365653061663831343262
+ 6464393331633661356232323338653137333635396137373636
+ wireguard_mesh_pub_key: 'pwwP7VxQsVyi/GUSLvyenhHgf71SNKaGwItThTWGHDg='
+ wireguard_mesh_port: 10017
+ wireguard_mesh_address: 'fe80::00ff:4dff:fe59:2'
+ wireguard_mesh_endpoint: '{{ ansible_host }}'
+ wireguard_mesh_mac: '02:ff:4d:59:00:02'
+ - name: 'sim'
+ net4: '10.222.184.0/21'
+ net6: '2a03:2260:1016:0402::/64'
+ site_net6: 'fd62:44e1:da:0400::/64'
+ fastd_secret: !vault |
+ $ANSIBLE_VAULT;1.1;AES256
+ 39303135363836313137613238633137646235366637393463346132366361363465303531653565
+ 3439336633396532303563613536333264373863663933650a653566626462346133363433333337
+ 64333138353862613937653065613136323238666336363635643062643538363265323335643766
+ 6465393863393630640a643531376464336334346530393764376139623033336139616138653534
+ 64616531313665336365323331616263613336313938316663383437353532316631636138663661
+ 37666538656533346365393435316630323065316336303138373962393038653831623339656634
+ 37343837373965393866653965366335636563303931333465656539316563646162626261633535
+ 34303934616666633764
+ fastd_mesh_mac: '02:ff:53:49:4d:20'
+ fastd_port1: 10018
+ bat_ipv6: '2a03:2260:1016:0402::1'
+ bat_ipv4: '10.222.184.1'
+ bat_ipv4_cidr: 21
+ dhcp_subnet: '10.222.184.0'
+ dhcp_netmask: '255.255.248.0'
+ dhcp_start: '10.222.184.50'
+ dhcp_end: '10.222.191.250'
+ vxlan_id: 10908477
+ wireguard_mesh_number: 2
+ wireguard_mesh_priv_key: !vault |
+ $ANSIBLE_VAULT;1.1;AES256
+ 31343338643330396338336365636336363537633939396265336639666464643563353362613863
+ 3234616436313331303433613837663033653437323839340a663838646136323265653861636539
+ 63373462646430376265356533363932393861626133356536306237373730303132313366306538
+ 3034653565386462640a666361653236373562653464643562636232303965663437376535646363
+ 63333662333630383162326166323239333966323537303238353164373939343735366230313031
+ 3731663830326363323062363637663730313736383139353732
+ wireguard_mesh_pub_key: 'hDx+zhY9WgabV3Sgp7fsfRRqNIzOP5z0Tl2t7wZjzBw='
+ wireguard_mesh_port: 10019
+ wireguard_mesh_address: 'fe80::00ff:53ff:fe49:4d02'
+ wireguard_mesh_endpoint: '{{ ansible_host }}'
+ wireguard_mesh_mac: '02:ff:53:49:4d:02'
wireguard_bb_name: 'niyawe1'
wireguard_bb_endpoint: '{{ ansible_host }}'
wireguard_bb_priv_key: !vault |
@@ -54,14 +244,41 @@ wireguard_bb_pub_key: 'zGubrJd9Wfa1Yo9I5xyJArdvX1bj7OS2VFth289PdlU='
wireguard_bb_ipv4: '10.222.0.11'
wireguard_bb_ipv6: 'fe80::ffbb:ffbb:11'
wireguard_bb_port: 10111
-preferred_uplink: 'uplink1'
-wgkex_host: 'vpn.freifunk-myk.de'
-wgkex_port: 18883
-wgkex_username: niyawe1
-wgkex_password: !vault |
- $ANSIBLE_VAULT;1.1;AES256
- 36663866376238393738383262353531363531653134383962346166643661626361626431373334
- 3062653736326232646239653733303165666433653864370a363031396136313335366239633665
- 64656434323338346666393334656535616237313639316536303431343036653335626231633933
- 3730643362666330630a616333613961636534306235313365353064383337343366353735663639
- 34336138333864373262396434356265373162356161666235666436366562666264
+ffrl_ip4: '185.66.194.56'
+ffrl_peers:
+ - name: 'bbaakber'
+ remote: '185.66.195.0'
+ ip4: '100.64.9.99'
+ peer_ip4: '100.64.9.98'
+ ip6: '2a03:2260:0:4c6::2'
+ peer_ip6: '2a03:2260:0:4c6::1'
+ - name: 'bbafra2fra'
+ remote: '185.66.194.0'
+ ip4: '100.64.9.101'
+ peer_ip4: '100.64.9.100'
+ ip6: '2a03:2260:0:4c7::2'
+ peer_ip6: '2a03:2260:0:4c7::1'
+ - name: 'bbaixdus'
+ remote: '185.66.193.0'
+ ip4: '100.64.9.103'
+ peer_ip4: '100.64.9.102'
+ ip6: '2a03:2260:0:4c8::2'
+ peer_ip6: '2a03:2260:0:4c8::1'
+ - name: 'bbbakber'
+ remote: '185.66.195.1'
+ ip4: '100.64.9.105'
+ peer_ip4: '100.64.9.104'
+ ip6: '2a03:2260:0:4c9::2'
+ peer_ip6: '2a03:2260:0:4c9::1'
+ - name: 'bbbfra2fra'
+ remote: '185.66.194.1'
+ ip4: '100.64.9.107'
+ peer_ip4: '100.64.9.106'
+ ip6: '2a03:2260:0:4ca::2'
+ peer_ip6: '2a03:2260:0:4ca::1'
+ - name: 'bbbixdus'
+ remote: '185.66.193.1'
+ ip4: '100.64.9.109'
+ peer_ip4: '100.64.9.108'
+ ip6: '2a03:2260:0:4cb::2'
+ peer_ip6: '2a03:2260:0:4cb::1'
diff --git a/host_vars/ff-niyawe2 b/host_vars/ff-niyawe2
index c57d17d..99f2c8f 100644
--- a/host_vars/ff-niyawe2
+++ b/host_vars/ff-niyawe2
@@ -1,7 +1,83 @@
---
-ansible_host: 2a01:4f8:a0:826b:2::4
+ansible_host: 2a01:4f8:a0:826b:2::2
#ansible_host: 10.0.2.6
sites:
+ - name: 'aw'
+ net4: '10.222.88.0/21'
+ net6: '2a03:2260:1016:0202::/64'
+ site_net6: 'fd62:44e1:da:0200::/64'
+ fastd_secret: !vault |
+ $ANSIBLE_VAULT;1.1;AES256
+ 64316166303564616561623661653739386434373564646630396361366262303737346632656136
+ 3164613138393838616235343936633162333032323563320a666235383763383766373761623533
+ 36313135643830623363353966653138346364646639386339393664366565323265366630333362
+ 6264633837626133300a373133353532656331623038346637643834613563383435366534393865
+ 31343432663535653364643564306533383333303939656232336232306136663839376662656332
+ 63396465303038396531653239323264346233313563636261613231343763306130316530386262
+ 31316432383834323237386138336434663365643732643732323439313564303337636466393334
+ 63613666333161366366
+ fastd_mesh_mac: '02:ff:41:57:00:20'
+ fastd_port1: 10014
+ bat_ipv6: '2a03:2260:1016:0202::1'
+ bat_ipv4: '10.222.88.1'
+ bat_ipv4_cidr: 21
+ dhcp_subnet: '10.222.88.0'
+ dhcp_netmask: '255.255.248.0'
+ dhcp_start: '10.222.88.50'
+ dhcp_end: '10.222.95.250'
+ vxlan_id: 11443185
+ wireguard_mesh_number: 2
+ wireguard_mesh_priv_key: !vault |
+ $ANSIBLE_VAULT;1.1;AES256
+ 63616334663237313761666462326564376439633631633839373434393636366363666139653239
+ 3361623733653863613637616439616266393039316332380a373031626239383537316536353862
+ 66616563356131333439303665303039393965383939383038646236643063613231616330363938
+ 6536333561353564620a353634613666383430656639313231363431313662386138396236313364
+ 61653766653462343937396636643132323137636331346132313763313135633263613230366336
+ 6461376335353964343564383335346366633438383566653066
+ wireguard_mesh_pub_key: 'm3JXl4RCr9xNeWo9L2GXiGVCpPvRX3maaLUw6qPse1I='
+ wireguard_mesh_port: 10015
+ wireguard_mesh_address: 'fe80::00ff:41ff:fe57:2'
+ wireguard_mesh_endpoint: '{{ ansible_host }}'
+ wireguard_mesh_mac: '02:ff:41:57:00:02'
+ - name: 'coc'
+ net4: '10.222.56.0/21'
+ net6: '2a03:2260:1016:0102::/64'
+ site_net6: 'fd62:44e1:da:0100::/64'
+ fastd_secret: !vault |
+ $ANSIBLE_VAULT;1.1;AES256
+ 64346365626531663039636230633430613338336164623065393964313538633839346537356533
+ 3363313832333561373134363136333663313864383466360a333533643462336533336433353030
+ 64306535326562343964373931306366613365356335386163303062363663383264353566656438
+ 3838323261303331380a613366306566623531323162373266663863393563323232626565346163
+ 64333835356662643561373062393831303366656138356464326232363235373734663038316336
+ 37313164306565643032373938353434393333653531623635663030613861306663373761336233
+ 65373565653939663832353565656262306633306461316461343735336431393033316433313164
+ 35346363653832386138
+ fastd_mesh_mac: '02:ff:43:4f:43:20'
+ fastd_port1: 10012
+ bat_ipv6: '2a03:2260:1016:0102::1'
+ bat_ipv4: '10.222.56.1'
+ bat_ipv4_cidr: 21
+ dhcp_subnet: '10.222.56.0'
+ dhcp_netmask: '255.255.248.0'
+ dhcp_start: '10.222.56.50'
+ dhcp_end: '10.222.63.250'
+ vxlan_id: 10540244
+ wireguard_mesh_number: 2
+ wireguard_mesh_priv_key: !vault |
+ $ANSIBLE_VAULT;1.1;AES256
+ 36326163616362316539366532373738393861343162346362346165323431306133663066616632
+ 3333633636643530393030353930396165343134313531620a346361656539383935653061643633
+ 36613038613336313137656264663661646233396333396563643664346339356530666231633130
+ 6662326532323239300a653662653264636462353961383437623637636161363430643935326439
+ 37366265376637653531613537346663343364626332343931613462666366643231356335626631
+ 6238633631656139383733333739373733356430343132353330
+ wireguard_mesh_pub_key: 'qshyUBm3WTO0u+InjrJ5+oTv9xVzRGoOIuZOlC5/e2A='
+ wireguard_mesh_port: 10013
+ wireguard_mesh_address: 'fe80::00ff:43ff:fe4f:4302'
+ wireguard_mesh_endpoint: '{{ ansible_host }}'
+ wireguard_mesh_mac: '02:ff:43:4f:43:02'
- name: 'ems'
net4: '10.222.192.0/21'
net6: '2a03:2260:1016:0501::/64'
@@ -40,6 +116,44 @@ sites:
wireguard_mesh_address: 'fe80::00ff:45ff:fe4d:5301'
wireguard_mesh_endpoint: '{{ ansible_host }}'
wireguard_mesh_mac: '02:ff:45:4d:53:01'
+ - name: 'ko'
+ net4: '10.222.24.0/21'
+ net6: '2a03:2260:1016:0002::/64'
+ site_net6: 'fd62:44e1:da::/64'
+ fastd_secret: !vault |
+ $ANSIBLE_VAULT;1.1;AES256
+ 32616565386335373931326566326366306138386431303537386639373339306264613665613936
+ 3630343838353631633832393265653666656164623434330a636537666266663835303561393437
+ 61666665666162353665386434646439323730393839643464303237383034303066623731386638
+ 6461303434383162300a303332333031396233383637653737393933636164653833303333633466
+ 39336465616562613838646139303462306131326364356265366564356131343866313164356365
+ 61623137653661633062613334633231633438626234303064363063396437666431353839313764
+ 37313535646131393963353562353862363933373765316531656531353835653231643031383236
+ 39633866633130373430
+ fastd_mesh_mac: '02:ff:4b:4f:00:20'
+ fastd_port1: 10010
+ bat_ipv6: '2a03:2260:1016:0002::1'
+ bat_ipv4: '10.222.24.1'
+ bat_ipv4_cidr: 21
+ dhcp_subnet: '10.222.24.0'
+ dhcp_netmask: '255.255.248.0'
+ dhcp_start: '10.222.24.50'
+ dhcp_end: '10.222.31.250'
+ vxlan_id: 10891866
+ wireguard_mesh_number: 2
+ wireguard_mesh_priv_key: !vault |
+ $ANSIBLE_VAULT;1.1;AES256
+ 63313939383639656138636261363033336636303837303565623733663038646637363261386666
+ 3562656362636434653131623133396134646666633338320a303435636432363333376130626265
+ 66306336363565303433353731646336353764353333383339303865346334636334343231343266
+ 3732316335656636630a623364343866633765653232336363653335613065663639626439656533
+ 65313464663534626566613238666237623562383763316331306463643339636138623166623964
+ 3438626431373233666532623433313337356530346563323838
+ wireguard_mesh_pub_key: 'Nv+aZ3cD6a9qvsrXipMbVG7kGiXV3e7tb92MTbyXDl4='
+ wireguard_mesh_port: 10011
+ wireguard_mesh_address: 'fe80::00ff:4bff:fe4f:2'
+ wireguard_mesh_endpoint: '{{ ansible_host }}'
+ wireguard_mesh_mac: '02:ff:4b:4f:00:02'
- name: 'my'
net4: '10.222.64.0/21'
net6: '2a03:2260:1016:0301::/64'
@@ -78,6 +192,44 @@ sites:
wireguard_mesh_address: 'fe80::00ff:4dff:fe59:1'
wireguard_mesh_endpoint: '{{ ansible_host }}'
wireguard_mesh_mac: '02:ff:4d:59:00:01'
+ - name: 'sim'
+ net4: '10.222.176.0/21'
+ net6: '2a03:2260:1016:0401::/64'
+ site_net6: 'fd62:44e1:da:0400::/64'
+ fastd_secret: !vault |
+ $ANSIBLE_VAULT;1.1;AES256
+ 36623461376163303538353865656462643537646265393461656337383936363634653063363938
+ 3735616161636231633238323935313861346163636565620a353132303235636662366231393236
+ 30323734313065356132623736633231326537626462366264653138666533633461393830336634
+ 6530666637613164340a663133386134393235636362633833373531323132636138623163656638
+ 34363637623331666335353464366539623936306437356538393034376232346566323431636231
+ 32653236386632656633636438303130323065386635616462666631386361396233303965393332
+ 63333233656336313633303166333638663335363035653230316633303233376131396135373462
+ 34343163616561343163
+ fastd_mesh_mac: '02:ff:53:49:4d:10'
+ fastd_port1: 10018
+ bat_ipv6: '2a03:2260:1016:0401::1'
+ bat_ipv4: '10.222.176.1'
+ bat_ipv4_cidr: 21
+ dhcp_subnet: '10.222.176.0'
+ dhcp_netmask: '255.255.240.0'
+ dhcp_start: '10.222.176.50'
+ dhcp_end: '10.222.183.250'
+ vxlan_id: 10908477
+ wireguard_mesh_number: 1
+ wireguard_mesh_priv_key: !vault |
+ $ANSIBLE_VAULT;1.1;AES256
+ 61663530636333343161656664313464306533343934306335653137303463663663386663366463
+ 6538396238616663336633326564386663343531653831650a633230653464636337653431663238
+ 61363635616139643237626462306530313636383962653533626637666162643263323566373439
+ 6632366462303033370a396638303765323939343335383165643739313738366363396566376337
+ 65333237343631613636303639636231363331393262353566623564306330353038343562663464
+ 6335616665613065393164383332633162306137396133343030
+ wireguard_mesh_pub_key: '3587KYreUmBTyARprP+gRKlM7Uo6HH1JJYR5v9JcMkE='
+ wireguard_mesh_port: 10019
+ wireguard_mesh_address: 'fe80::00ff:53ff:fe49:4d01'
+ wireguard_mesh_endpoint: '{{ ansible_host }}'
+ wireguard_mesh_mac: '02:ff:53:49:4d:01'
wireguard_bb_name: 'niyawe2'
wireguard_bb_endpoint: '{{ ansible_host }}'
wireguard_bb_priv_key: !vault |
@@ -92,14 +244,41 @@ wireguard_bb_pub_key: 'ctSz9JjaPWM4Se39rSsbr39wXWfA1LJDF1OwwBui0VY='
wireguard_bb_ipv4: '10.222.0.12'
wireguard_bb_ipv6: 'fe80::ffbb:ffbb:12'
wireguard_bb_port: 10112
-preferred_uplink: 'uplink2'
-wgkex_host: 'vpn.freifunk-myk.de'
-wgkex_port: 18883
-wgkex_username: ff-niyawe2
-wgkex_password: !vault |
- $ANSIBLE_VAULT;1.1;AES256
- 65656636353639633062316439333865636537373337646162613265333537653037643264363366
- 3565336561613065303661666335383465346364356365320a353037353034666338646138646631
- 61356138343238323464393238646261363965363034373138333832323762633433376139376265
- 3930346161666561380a333433333064386364363735666535386165353466303964393362656431
- 31373135666239633437363030666533646262353565636638616632303735313666
+ffrl_ip4: '185.66.194.57'
+ffrl_peers:
+ - name: 'bbafra2fra'
+ remote: '185.66.194.0'
+ ip4: '100.64.9.155'
+ peer_ip4: '100.64.9.154'
+ ip6: '2a03:2260:0:4e2::2'
+ peer_ip6: '2a03:2260:0:4e2::1'
+ - name: 'bbbfra2fra'
+ remote: '185.66.194.1'
+ ip4: '100.64.9.157'
+ peer_ip4: '100.64.9.156'
+ ip6: '2a03:2260:0:4e3::2'
+ peer_ip6: '2a03:2260:0:4e3::1'
+ - name: 'bbaixdus'
+ remote: '185.66.193.0'
+ ip4: '100.64.9.159'
+ peer_ip4: '100.64.9.158'
+ ip6: '2a03:2260:0:4e4::2'
+ peer_ip6: '2a03:2260:0:4e4::1'
+ - name: 'bbbixdus'
+ remote: '185.66.193.1'
+ ip4: '100.64.9.161'
+ peer_ip4: '100.64.9.160'
+ ip6: '2a03:2260:0:4e5::2'
+ peer_ip6: '2a03:2260:0:4e5::1'
+ - name: 'bbaakber'
+ remote: '185.66.195.0'
+ ip4: '100.64.9.163'
+ peer_ip4: '100.64.9.162'
+ ip6: '2a03:2260:0:4e6::2'
+ peer_ip6: '2a03:2260:0:4e6::1'
+ - name: 'bbbakber'
+ remote: '185.66.195.1'
+ ip4: '100.64.9.165'
+ peer_ip4: '100.64.9.164'
+ ip6: '2a03:2260:0:4e7::2'
+ peer_ip6: '2a03:2260:0:4e7::1'
diff --git a/host_vars/ff-niyawe3 b/host_vars/ff-niyawe3
deleted file mode 100644
index 6fa9d4a..0000000
--- a/host_vars/ff-niyawe3
+++ /dev/null
@@ -1,104 +0,0 @@
----
-ansible_host: 2a01:4f8:160:33c1:2::3
-sites:
- - name: 'coc'
- net4: '10.222.48.0/21'
- net6: '2a03:2260:1016:0101::/64'
- site_net6: 'fd62:44e1:da:0100::/64'
- fastd_secret: !vault |
- $ANSIBLE_VAULT;1.1;AES256
- 36343336633735316533356365663562633136316164346335613665343736643538613033323837
- 3163666137323238323535623663393466343061393432640a363838366533663135366665343137
- 64393938336636336230306333376365646631393432333934326631366666363266633631366636
- 3232396339613063360a356636623235333161633630363361653064626232386132393065363961
- 64653535613861636633303164353964393461376432646539656332373461626139333166343163
- 65376133646361616539303338373164623933633061663635353338643036396332656332643738
- 61626236323463623362613335653436643631356362343866333035623662336262323166616163
- 61303232626638303231
- fastd_mesh_mac: '02:ff:43:4f:43:10'
- fastd_port1: 10012
- bat_ipv6: '2a03:2260:1016:0101::1'
- bat_ipv4: '10.222.48.1'
- bat_ipv4_cidr: 21
- dhcp_subnet: '10.222.48.0'
- dhcp_netmask: '255.255.248.0'
- dhcp_start: '10.222.48.50'
- dhcp_end: '10.222.55.250'
- vxlan_id: 10540244
- wireguard_mesh_number: 1
- wireguard_mesh_priv_key: !vault |
- $ANSIBLE_VAULT;1.1;AES256
- 37346162323035633263653630353265333838376165636664363434666263636230383339336535
- 3666316438633539313137666461353133376532386434650a306262643965636431303138326436
- 62306233303134653232663233343134393833643866396466663664656638663864656266386336
- 3630343163393334390a303632663962316365626330613464353263616364366533316566633730
- 32366232336331653366656237323561323939356235323864393463616133373035323763363261
- 3937633731373231316433373866643365316637323134363931
- wireguard_mesh_pub_key: 'dqyoKKWYSfaov1zc1SpKbtVJPsoCDui5NsFzTCoqkBs='
- wireguard_mesh_port: 10013
- wireguard_mesh_address: 'fe80::00ff:43ff:fe4f:4301'
- wireguard_mesh_endpoint: '{{ ansible_host }}'
- wireguard_mesh_mac: '02:ff:43:4f:43:01'
- - name: 'ems'
- net4: '10.222.200.0/21'
- net6: '2a03:2260:1016:0502::/64'
- site_net6: 'fd62:44e1:da:0500::/64'
- fastd_secret: !vault |
- $ANSIBLE_VAULT;1.1;AES256
- 39643432623937346662666565393066356635346236313562376339373665653837376365326531
- 3366643661613065303837353830666566356266613036650a383531336266363036366664323439
- 64636330346166306464353564363266303836666134373739646566306337333666356231616364
- 3635616561323332340a323665353031653566646562393430666261363834353036663938636634
- 62363261663531383464646262306237353233346535623235643561633435623939646262313561
- 30656531313664326663666661636465303239353331356633353238363433336561316264613037
- 33636239303465623333316561653732653638633632343165383934313738303365633937373038
- 33396464306363333965
- fastd_mesh_mac: '02:ff:45:4d:53:20'
- fastd_port1: 10020
- bat_ipv6: '2a03:2260:1016:0502::1'
- bat_ipv4: '10.222.200.1'
- bat_ipv4_cidr: 21
- dhcp_subnet: '10.222.200.0'
- dhcp_netmask: '255.255.248.0'
- dhcp_start: '10.222.200.50'
- dhcp_end: '10.222.207.250'
- vxlan_id: 337565
- wireguard_mesh_number: 2
- wireguard_mesh_priv_key: !vault |
- $ANSIBLE_VAULT;1.1;AES256
- 64643165393762323161656536383934313365353664373636663937353531383333326164623434
- 3063356664313437353465346430303233303233343965320a373733326437616163616464356436
- 36323839353437656539383937333032353233316639363130666238303238623565363664613735
- 3037313661383930640a346235346661353435633362373861633134396466376631336637663534
- 34623365386161333230616339326665623535366333373436616633623634636139653766643165
- 3334653163353965383235356266623566666136663832396461
- wireguard_mesh_pub_key: 'bOg54QrGq1DjyVQ13DKNkRYXKSy2bwhy3UM+HfCJPE8='
- wireguard_mesh_port: 10021
- wireguard_mesh_address: 'fe80::00ff:45ff:fe4d:5302'
- wireguard_mesh_endpoint: '{{ ansible_host }}'
- wireguard_mesh_mac: '02:ff:45:4d:53:02'
-wireguard_bb_name: 'niyawe3'
-wireguard_bb_endpoint: '{{ ansible_host }}'
-wireguard_bb_priv_key: !vault |
- $ANSIBLE_VAULT;1.1;AES256
- 36646461356165306461613362613937343861353538646234656230313937386263663435366432
- 6161643965383237626234326564303863666139353362640a376134336134373932633763346338
- 39646132373537343637333830613565633332316664326639386435616431636535653637373036
- 6366396531353034380a303234656437643233636434326139396334626263336434303339353863
- 33666631343330633339373162626132666561373438303361363661396333396538616537653864
- 6331613366393562336130316231643465393336346639333330
-wireguard_bb_pub_key: 'UlJ1k0GUWlhueWlDpbkOmy+0UgaUgq+Gb2l/Vaw+Azs='
-wireguard_bb_ipv4: '10.222.0.13'
-wireguard_bb_ipv6: 'fe80::ffbb:ffbb:13'
-wireguard_bb_port: 10113
-preferred_uplink: 'uplink1'
-wgkex_host: 'vpn.freifunk-myk.de'
-wgkex_port: 18883
-wgkex_username: ff-niyawe3
-wgkex_password: !vault |
- $ANSIBLE_VAULT;1.1;AES256
- 62363231646533343134353534343233626435633966303235666436613634396663633137616566
- 6339333737616234633435373634613235303464346131370a353564623762306133363534393864
- 30323935373061386137316435313931616662336539396136613935623562303662613237376538
- 3865643262306433380a656339303865376530353862336532313466393132396239626531303665
- 30646361336632316334396432303330633837373237353836393166373965613762
diff --git a/host_vars/ff-niyawe4 b/host_vars/ff-niyawe4
deleted file mode 100644
index 5bed032..0000000
--- a/host_vars/ff-niyawe4
+++ /dev/null
@@ -1,104 +0,0 @@
----
-ansible_host: 2a01:4f8:a0:9395:2::4
-sites:
- - name: 'sim'
- net4: '10.222.176.0/21'
- net6: '2a03:2260:1016:0401::/64'
- site_net6: 'fd62:44e1:da:0400::/64'
- fastd_secret: !vault |
- $ANSIBLE_VAULT;1.1;AES256
- 36623461376163303538353865656462643537646265393461656337383936363634653063363938
- 3735616161636231633238323935313861346163636565620a353132303235636662366231393236
- 30323734313065356132623736633231326537626462366264653138666533633461393830336634
- 6530666637613164340a663133386134393235636362633833373531323132636138623163656638
- 34363637623331666335353464366539623936306437356538393034376232346566323431636231
- 32653236386632656633636438303130323065386635616462666631386361396233303965393332
- 63333233656336313633303166333638663335363035653230316633303233376131396135373462
- 34343163616561343163
- fastd_mesh_mac: '02:ff:53:49:4d:10'
- fastd_port1: 10018
- bat_ipv6: '2a03:2260:1016:0401::1'
- bat_ipv4: '10.222.176.1'
- bat_ipv4_cidr: 21
- dhcp_subnet: '10.222.176.0'
- dhcp_netmask: '255.255.240.0'
- dhcp_start: '10.222.176.50'
- dhcp_end: '10.222.183.250'
- vxlan_id: 10908477
- wireguard_mesh_number: 1
- wireguard_mesh_priv_key: !vault |
- $ANSIBLE_VAULT;1.1;AES256
- 61663530636333343161656664313464306533343934306335653137303463663663386663366463
- 6538396238616663336633326564386663343531653831650a633230653464636337653431663238
- 61363635616139643237626462306530313636383962653533626637666162643263323566373439
- 6632366462303033370a396638303765323939343335383165643739313738366363396566376337
- 65333237343631613636303639636231363331393262353566623564306330353038343562663464
- 6335616665613065393164383332633162306137396133343030
- wireguard_mesh_pub_key: '3587KYreUmBTyARprP+gRKlM7Uo6HH1JJYR5v9JcMkE='
- wireguard_mesh_port: 10019
- wireguard_mesh_address: 'fe80::00ff:53ff:fe49:4d01'
- wireguard_mesh_endpoint: '{{ ansible_host }}'
- wireguard_mesh_mac: '02:ff:53:49:4d:01'
- - name: 'coc'
- net4: '10.222.56.0/21'
- net6: '2a03:2260:1016:0102::/64'
- site_net6: 'fd62:44e1:da:0100::/64'
- fastd_secret: !vault |
- $ANSIBLE_VAULT;1.1;AES256
- 64346365626531663039636230633430613338336164623065393964313538633839346537356533
- 3363313832333561373134363136333663313864383466360a333533643462336533336433353030
- 64306535326562343964373931306366613365356335386163303062363663383264353566656438
- 3838323261303331380a613366306566623531323162373266663863393563323232626565346163
- 64333835356662643561373062393831303366656138356464326232363235373734663038316336
- 37313164306565643032373938353434393333653531623635663030613861306663373761336233
- 65373565653939663832353565656262306633306461316461343735336431393033316433313164
- 35346363653832386138
- fastd_mesh_mac: '02:ff:43:4f:43:20'
- fastd_port1: 10012
- bat_ipv6: '2a03:2260:1016:0102::1'
- bat_ipv4: '10.222.56.1'
- bat_ipv4_cidr: 21
- dhcp_subnet: '10.222.56.0'
- dhcp_netmask: '255.255.248.0'
- dhcp_start: '10.222.56.50'
- dhcp_end: '10.222.63.250'
- vxlan_id: 10540244
- wireguard_mesh_number: 2
- wireguard_mesh_priv_key: !vault |
- $ANSIBLE_VAULT;1.1;AES256
- 36326163616362316539366532373738393861343162346362346165323431306133663066616632
- 3333633636643530393030353930396165343134313531620a346361656539383935653061643633
- 36613038613336313137656264663661646233396333396563643664346339356530666231633130
- 6662326532323239300a653662653264636462353961383437623637636161363430643935326439
- 37366265376637653531613537346663343364626332343931613462666366643231356335626631
- 6238633631656139383733333739373733356430343132353330
- wireguard_mesh_pub_key: 'qshyUBm3WTO0u+InjrJ5+oTv9xVzRGoOIuZOlC5/e2A='
- wireguard_mesh_port: 10013
- wireguard_mesh_address: 'fe80::00ff:43ff:fe4f:4302'
- wireguard_mesh_endpoint: '{{ ansible_host }}'
- wireguard_mesh_mac: '02:ff:43:4f:43:02'
-wireguard_bb_name: 'niyawe4'
-wireguard_bb_endpoint: '{{ ansible_host }}'
-wireguard_bb_priv_key: !vault |
- $ANSIBLE_VAULT;1.1;AES256
- 38383133393039323737656234336237336566363034316339373835336665356332363635353261
- 3733343635356563313337393566336534366264363039320a653034386632306634643764346464
- 36396433383235323430613633333464386537306433353735306139663037343163393362636533
- 3733633630303935610a386631616435633263666666323230373863653561373365366533613232
- 37616664633161323130636630666534393562313831636165613830646439663164336135323836
- 3634613463643736653665383964643438643434386261326665
-wireguard_bb_pub_key: 'jM92qp09R2y+BJ+zwGtGx/7we0ioYWWxWoz/0JLNnDw='
-wireguard_bb_ipv4: '10.222.0.17'
-wireguard_bb_ipv6: 'fe80::ffbb:ffbb:17'
-wireguard_bb_port: 10117
-preferred_uplink: 'uplink2'
-wgkex_host: 'vpn.freifunk-myk.de'
-wgkex_port: 18883
-wgkex_username: ff-niyawe4
-wgkex_password: !vault |
- $ANSIBLE_VAULT;1.1;AES256
- 62323766636136336331366539613065353562633734343362313330663637666636643132323564
- 3039663063666264343665363030666230336230663637380a303432356537326436383665333533
- 65363333323330373031363065666432303338303736373061383361396638663165383531643537
- 6461373638343637640a646164353261326265663733633636313161346638313134616234633361
- 65663365376233643562616132636565376334366336393836623335633530623037
diff --git a/host_vars/ff-uplink1 b/host_vars/ff-uplink1
deleted file mode 100644
index d92b82f..0000000
--- a/host_vars/ff-uplink1
+++ /dev/null
@@ -1,55 +0,0 @@
----
-ansible_host: 2a01:4f8:151:13cd:2::4
-#ansible_host: 10.0.1.2
-wireguard_bb_name: 'uplink1'
-wireguard_bb_endpoint: '2a01:4f8:151:13cd:2::4'
-wireguard_bb_priv_key: !vault |
- $ANSIBLE_VAULT;1.1;AES256
- 65376336343935386131366362653637646663383238663730643835663339656635636235653739
- 3539663435303564373063666361363633643730356533300a313737383432363733303061663531
- 32363838313437646534626437393361386265376539393063376336373232353432363662323066
- 3932363264356263620a663762653530336139326230663432666130303462626539343264666339
- 63613537333461313961333333303164613535303432633535643961636663316434623931363530
- 6562663733636439636366633136376163326238633966383664
-wireguard_bb_pub_key: '1kBuCqepaXZ35LhSYLZJlIBSTYD8Rt+CpvkRrSSQNXM='
-wireguard_bb_ipv4: '10.222.0.1'
-wireguard_bb_ipv6: 'fe80::ffbb:ffbb:1'
-wireguard_bb_port: 10101
-ffrl_ip4: '185.66.194.56'
-ffrl_peers:
- - name: 'bbaakber'
- remote: '185.66.195.0'
- ip4: '100.64.9.99'
- peer_ip4: '100.64.9.98'
- ip6: '2a03:2260:0:4c6::2'
- peer_ip6: '2a03:2260:0:4c6::1'
- - name: 'bbafra2fra'
- remote: '185.66.194.0'
- ip4: '100.64.9.101'
- peer_ip4: '100.64.9.100'
- ip6: '2a03:2260:0:4c7::2'
- peer_ip6: '2a03:2260:0:4c7::1'
- - name: 'bbaixdus'
- remote: '185.66.193.0'
- ip4: '100.64.9.103'
- peer_ip4: '100.64.9.102'
- ip6: '2a03:2260:0:4c8::2'
- peer_ip6: '2a03:2260:0:4c8::1'
- - name: 'bbbakber'
- remote: '185.66.195.1'
- ip4: '100.64.9.105'
- peer_ip4: '100.64.9.104'
- ip6: '2a03:2260:0:4c9::2'
- peer_ip6: '2a03:2260:0:4c9::1'
- - name: 'bbbfra2fra'
- remote: '185.66.194.1'
- ip4: '100.64.9.107'
- peer_ip4: '100.64.9.106'
- ip6: '2a03:2260:0:4ca::2'
- peer_ip6: '2a03:2260:0:4ca::1'
- - name: 'bbbixdus'
- remote: '185.66.193.1'
- ip4: '100.64.9.109'
- peer_ip4: '100.64.9.108'
- ip6: '2a03:2260:0:4cb::2'
- peer_ip6: '2a03:2260:0:4cb::1'
diff --git a/host_vars/ff-uplink2 b/host_vars/ff-uplink2
deleted file mode 100644
index 9c921bf..0000000
--- a/host_vars/ff-uplink2
+++ /dev/null
@@ -1,55 +0,0 @@
----
-ansible_host: 2a01:4f8:a0:826b:2::3
-#ansible_host: 10.0.2.5
-wireguard_bb_name: 'uplink2'
-wireguard_bb_endpoint: '2a01:4f8:a0:826b:2::3'
-wireguard_bb_priv_key: !vault |
- $ANSIBLE_VAULT;1.1;AES256
- 61613932353562343262303834353132656162353962323863633863663830353766356462326137
- 3539373363353838306536363835663839653136653130320a346532356336336438363336396364
- 34393865343430386431613638346161366232343865643765363264303931663132343337613962
- 6437366465303139620a343133663032353463653632393866393836306337313734393736336535
- 36636630346539376362666562303164313838333236663135396161336162356435616639636235
- 6165393239323737363965326266653536326562366432383434
-wireguard_bb_pub_key: 'Z+gA0Mr6PgkPVhO2oe5c5c3SK4yeZ17d62Zy1zJXKiI='
-wireguard_bb_ipv4: '10.222.0.2'
-wireguard_bb_ipv6: 'fe80::ffbb:ffbb:2'
-wireguard_bb_port: 10102
-ffrl_ip4: '185.66.194.57'
-ffrl_peers:
- - name: 'bbafra2fra'
- remote: '185.66.194.0'
- ip4: '100.64.9.155'
- peer_ip4: '100.64.9.154'
- ip6: '2a03:2260:0:4e2::2'
- peer_ip6: '2a03:2260:0:4e2::1'
- - name: 'bbbfra2fra'
- remote: '185.66.194.1'
- ip4: '100.64.9.157'
- peer_ip4: '100.64.9.156'
- ip6: '2a03:2260:0:4e3::2'
- peer_ip6: '2a03:2260:0:4e3::1'
- - name: 'bbaixdus'
- remote: '185.66.193.0'
- ip4: '100.64.9.159'
- peer_ip4: '100.64.9.158'
- ip6: '2a03:2260:0:4e4::2'
- peer_ip6: '2a03:2260:0:4e4::1'
- - name: 'bbbixdus'
- remote: '185.66.193.1'
- ip4: '100.64.9.161'
- peer_ip4: '100.64.9.160'
- ip6: '2a03:2260:0:4e5::2'
- peer_ip6: '2a03:2260:0:4e5::1'
- - name: 'bbaakber'
- remote: '185.66.195.0'
- ip4: '100.64.9.163'
- peer_ip4: '100.64.9.162'
- ip6: '2a03:2260:0:4e6::2'
- peer_ip6: '2a03:2260:0:4e6::1'
- - name: 'bbbakber'
- remote: '185.66.195.1'
- ip4: '100.64.9.165'
- peer_ip4: '100.64.9.164'
- ip6: '2a03:2260:0:4e7::2'
- peer_ip6: '2a03:2260:0:4e7::1'
diff --git a/inventory.ini b/inventory.ini
index 853adad..9938d43 100644
--- a/inventory.ini
+++ b/inventory.ini
@@ -1,28 +1,3 @@
-[new_fastds]
-#88.99.187.42 arch_hostname=fastd7.ffmyk.niyawe.de
-#88.99.34.197 arch_hostname=fastd8.ffmyk.niyawe.de
-#138.201.152.21 arch_hostname=fastd9.ffmyk.niyawe.de
-
[fastd]
ff-niyawe1
ff-niyawe2
-ff-niyawe3
-ff-niyawe4
-ff-loppermann1
-fastd-aw2
-fastd-ko2
-fastd-my2
-
-[icvpn]
-ff-icvpn
-
-[mullvad_uplink]
-#ff-uplink3
-
-[ffrl_uplink]
-ff-uplink1
-ff-uplink2
-
-[uplink:children]
-mullvad_uplink
-ffrl_uplink
diff --git a/roles/configure_iptables/templates/ip6tables.rules b/roles/configure_iptables/templates/ip6tables.rules
index 636541d..80e8b30 100644
--- a/roles/configure_iptables/templates/ip6tables.rules
+++ b/roles/configure_iptables/templates/ip6tables.rules
@@ -1,31 +1,29 @@
+*raw
+:PREROUTING ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+{% for site in sites %}
+-A PREROUTING -i wg{{ site.name }} -p udp -m udp --dport 8472 -j NOTRACK
+{% endfor %}
+{% for site in sites %}
+-A OUTPUT -o wg{{ site.name }} -p udp -m udp --dport 8472 -j NOTRACK
+{% endfor %}
+COMMIT
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-{% if 'fastd' in group_names %}
{% for site in sites %}
-A PREROUTING -i bat{{ site.name }} -j MARK --set-xmark 0x1/0xffffffff
{% endfor %}
-{% endif %}
-{% if 'fastd' in group_names %}
-{% for peer in groups['uplink'] %}
--A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff
-{% endfor %}
-{% endif %}
-{% if 'uplink' in group_names %}
-{% for peer in groups['fastd'] %}
--A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff
-{% endfor %}
-{% for peer in groups['uplink'] | difference([inventory_hostname]) %}
+{% for peer in groups['fastd'] | difference([inventory_hostname]) %}
-A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff
{% endfor %}
{% for peer in wireguard_bb_peers %}
-A PREROUTING -i bb{{ peer.name }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff
{% endfor %}
-{% endif %}
COMMIT
*filter
:INPUT DROP [0:0]
@@ -42,7 +40,6 @@ COMMIT
# iperf3
-A INPUT -p tcp -m tcp -s 2a03:2260:1016::/48 --dport 5201 -j ACCEPT
-{% if 'fastd' in group_names %}
# dns
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
@@ -57,23 +54,12 @@ COMMIT
-A INPUT -i bat+ -p udp -m udp --dport 1001 -j ACCEPT
# wireguard_mesh
{% for site in sites %}
+-A INPUT -s 2a03:2260:1016::/48 -p udp -m udp --dport {{ site.wireguard_mesh_port }} -j DROP
-A INPUT -p udp -m udp --dport {{ site.wireguard_mesh_port }} -j ACCEPT
-A INPUT -i wg{{ site.name }} -p udp --dport 8472 -j ACCEPT
{% endfor %}
-{% endif %}
# wireguard_backbone
-{% if 'fastd' in group_names %}
-{% for peer in groups['uplink'] %}
--A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT
--A INPUT -p udp --dport {{ hostvars[peer]['wireguard_bb_port'] }} -j ACCEPT
-{% endfor %}
-{% endif %}
-{% if 'uplink' in group_names %}
-{% for peer in groups['fastd'] %}
--A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT
--A INPUT -p udp --dport {{ hostvars[peer]['wireguard_bb_port'] }} -j ACCEPT
-{% endfor %}
-{% for peer in groups['uplink'] | difference([inventory_hostname]) %}
+{% for peer in groups['fastd'] | difference([inventory_hostname]) %}
-A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT
-A INPUT -p udp --dport {{ hostvars[peer]['wireguard_bb_port'] }} -j ACCEPT
{% endfor %}
@@ -81,24 +67,19 @@ COMMIT
-A INPUT -i bb{{ peer.name }} -p udp --dport 6696 -j ACCEPT
-A INPUT -p udp --dport {{ peer.port }} -j ACCEPT
{% endfor %}
-{% endif %}
# MOSH
-A INPUT -p udp -m udp --dport 60000:61000 -j ACCEPT
# ffrl bgp
-{% if 'ffrl_uplink' in group_names %}
{% for peer in ffrl_peers %}
-A INPUT -i {{ peer.name }} -p tcp -m tcp --dport 179 -j ACCEPT
{% endfor %}
-{% endif %}
# LOG
-A INPUT -m limit --limit 2/min -j LOG --log-prefix "IP6Tables-Dropped input: " --log-level 4
-{% if 'fastd' in group_names %}
{% for site in sites %}
-A FORWARD -i bat{{ site.name }} -p udp --dport 10010:10021 -j REJECT
{% endfor %}
-{% endif %}
-A FORWARD -o {{ ansible_default_ipv6.interface }} -j REJECT
-A FORWARD -d 2a03:2260:1016::/48 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -s 2a03:2260:1016::/48 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
diff --git a/roles/configure_iptables/templates/iptables.rules b/roles/configure_iptables/templates/iptables.rules
index 924320d..c3d84dc 100644
--- a/roles/configure_iptables/templates/iptables.rules
+++ b/roles/configure_iptables/templates/iptables.rules
@@ -4,28 +4,16 @@
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-{% if 'fastd' in group_names %}
{% for site in sites %}
-A PREROUTING -i bat{{ site.name }} -j MARK --set-xmark 0x1/0xffffffff
{% endfor %}
-{% endif %}
-{% if 'fastd' in group_names %}
-{% for peer in groups['uplink'] %}
--A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -j MARK --set-xmark 0x1/0xffffffff
-{% endfor %}
-{% endif %}
-{% if 'uplink' in group_names %}
-{% for peer in groups['fastd'] %}
--A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -j MARK --set-xmark 0x1/0xffffffff
-{% endfor %}
-{% for peer in groups['uplink'] | difference([inventory_hostname]) %}
+{% for peer in groups['fastd'] | difference([inventory_hostname]) %}
-A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -j MARK --set-xmark 0x1/0xffffffff
{% endfor %}
{% for peer in wireguard_bb_peers %}
-A PREROUTING -i bb{{ peer.name }} -j MARK --set-xmark 0x1/0xffffffff
{% endfor %}
-{% endif %}
COMMIT
*filter
:INPUT DROP [0:0]
@@ -40,7 +28,6 @@ COMMIT
# iperf3
-A INPUT -p tcp -m tcp -s 10.222.0.0/16 --dport 5201 -j ACCEPT
-{% if 'fastd' in group_names %}
# dns
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
@@ -57,13 +44,12 @@ COMMIT
-A INPUT -p udp -m udp --dport 10010:10023 -j ACCEPT
# wireguard_mesh
{% for site in sites %}
+-A INPUT -s 10.222.0.0/16 -p udp -m udp --dport {{ site.wireguard_mesh_port }} -j DROP
-A INPUT -p udp -m udp --dport {{ site.wireguard_mesh_port }} -j ACCEPT
{% endfor %}
-{% endif %}
# MOSH
-A INPUT -p udp -m udp --dport 60000:61000 -j ACCEPT
-{% if 'ffrl_uplink' in group_names %}
# ffrl-gre
{% for peer in ffrl_peers %}
-A INPUT -p gre -s {{ peer.remote }} -j ACCEPT
@@ -72,15 +58,12 @@ COMMIT
{% for peer in ffrl_peers %}
-A INPUT -i {{ peer.name }} -p tcp -m tcp --dport 179 -j ACCEPT
{% endfor %}
-{% endif %}
-A INPUT -m limit --limit 2/min -j LOG --log-prefix "IPTables-Dropped input: " --log-level 4
-{% if 'fastd' in group_names %}
{% for site in sites %}
-A FORWARD -i bat{{ site.name }} -p udp --dport 10010:10023 -j REJECT
{% endfor %}
-{% endif %}
-A FORWARD -o {{ ansible_default_ipv4.interface }} -j REJECT
-A FORWARD -d 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -s 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
@@ -91,12 +74,7 @@ COMMIT
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-{% if 'ffrl_uplink' in group_names %}
{% for peer in ffrl_peers %}
-A POSTROUTING ! -s {{ ffrl_ip4 }} -o {{ peer.name }} -j SNAT --to-source {{ ffrl_ip4 }}
{% endfor %}
-{% endif %}
-{% if 'mullvad_uplink' in group_names %}
--A POSTROUTING -o mullvad -j MASQUERADE
-{% endif %}
COMMIT
diff --git a/roles/configure_static_routes/tasks/fastd_tasks.yml b/roles/configure_static_routes/tasks/fastd_tasks.yml
deleted file mode 100644
index 4cd1583..0000000
--- a/roles/configure_static_routes/tasks/fastd_tasks.yml
+++ /dev/null
@@ -1,14 +0,0 @@
----
-- name: copy site specific iproute up config script
- template:
- src: ffmyk-iproute-up.j2
- dest: /usr/local/bin/ffmyk-iproute{{ item.name }}-up.sh
- mode: 0744
- with_items: "{{ sites }}"
-
-- name: copy site specific iproute down config script
- template:
- src: ffmyk-iproute-down.j2
- dest: /usr/local/bin/ffmyk-iproute{{ item.name }}-down.sh
- mode: 0744
- with_items: "{{ sites }}"
diff --git a/roles/configure_static_routes/tasks/main.yml b/roles/configure_static_routes/tasks/main.yml
index c98825f..e89d845 100644
--- a/roles/configure_static_routes/tasks/main.yml
+++ b/roles/configure_static_routes/tasks/main.yml
@@ -10,8 +10,19 @@
dest: /usr/local/bin/ffmyk-iproute.sh
mode: 0744
-- include_tasks: fastd_tasks.yml
- when: "'fastd' in group_names"
+- name: copy site specific iproute up config script
+ template:
+ src: ffmyk-iproute-up.j2
+ dest: /usr/local/bin/ffmyk-iproute{{ item.name }}-up.sh
+ mode: 0744
+ with_items: "{{ sites }}"
+
+- name: copy site specific iproute down config script
+ template:
+ src: ffmyk-iproute-down.j2
+ dest: /usr/local/bin/ffmyk-iproute{{ item.name }}-down.sh
+ mode: 0744
+ with_items: "{{ sites }}"
- name: copy ffmyk iproute systemd service
copy:
diff --git a/roles/configure_sysctl/files/ff.conf b/roles/configure_sysctl/files/ff.conf
index d07763d..85a9b3a 100644
--- a/roles/configure_sysctl/files/ff.conf
+++ b/roles/configure_sysctl/files/ff.conf
@@ -11,9 +11,15 @@ net.ipv6.conf.default.autoconf = 0
net.ipv6.conf.all.accept_ra = 0
net.ipv6.conf.default.accept_ra = 0
-net.ipv6.neigh.default.gc_thresh3=4096
-net.ipv6.neigh.default.gc_thresh2=2048
-net.ipv6.neigh.default.gc_thresh1=1024
+net.ipv4.neigh.default.gc_thresh3=8192
+net.ipv4.neigh.default.gc_thresh2=4096
+net.ipv4.neigh.default.gc_thresh1=2048
+net.ipv4.neigh.default.gc_interval=3600
+net.ipv4.neigh.default.gc_stale_time=3600
+
+net.ipv6.neigh.default.gc_thresh3=8192
+net.ipv6.neigh.default.gc_thresh2=4096
+net.ipv6.neigh.default.gc_thresh1=2048
net.ipv6.neigh.default.gc_interval=3600
net.ipv6.neigh.default.gc_stale_time=3600
diff --git a/roles/install_babeld/templates/babeld.conf.j2 b/roles/install_babeld/templates/babeld.conf.j2
index 1fac52e..c5cdda0 100644
--- a/roles/install_babeld/templates/babeld.conf.j2
+++ b/roles/install_babeld/templates/babeld.conf.j2
@@ -5,22 +5,12 @@
ipv6-subtrees true
# You must provide at least one interface for babeld to operate on.
-{% if ('fastd' in group_names) %}
-{% for peer in groups['uplink'] %}
-interface bb{{ hostvars[peer]['wireguard_bb_name'] }}
-{% endfor %}
-{% endif %}
-{% if 'uplink' in group_names %}
-{% for peer in groups['fastd'] %}
-interface bb{{ hostvars[peer]['wireguard_bb_name'] }}
-{% endfor %}
-{% for peer in groups['uplink'] | difference([inventory_hostname]) %}
+{% for peer in groups['fastd'] | difference([inventory_hostname]) %}
interface bb{{ hostvars[peer]['wireguard_bb_name'] }}
{% endfor %}
{% for peer in wireguard_bb_peers|default([]) %}
interface bb{{ peer.name }}
{% endfor %}
-{% endif %}
# Global options you might want to set. There are many more, see the man page.
#debug 1
@@ -37,22 +27,15 @@ import-table 42
reflect-kernel-metric true
# Filtering rules.
-{% if 'uplink' in group_names %}
in ip 10.222.0.0/16 allow
in ip 2a03:2260:1016::/48 allow
in ip 2003:46:e028::/48 allow # finzelberg
in ip fd62:44e1:da::/48 allow
in deny # ignore default routes on uplinks
-{% endif %}
-{% if 'mullvad_uplink' in group_names %}
-redistribute if mullvad metric 256
-{% endif %}
-{% if 'ffrl_uplink' in group_names %}
{% for peer in ffrl_peers %}
redistribute if {{ peer.name }} metric 128
{% endfor %}
-{% endif %}
# Only redistribute addresses from a given prefix, to avoid redistributing
# all local addresses
redistribute ip 10.222.0.0/16 allow
@@ -60,11 +43,3 @@ redistribute ip 2a03:2260:1016::/48 allow
redistribute ip 64:ff9b::/96 allow
redistribute ip fd62:44e1:da::/48 allow
redistribute local deny
-
-{% if ('fastd' in group_names) and preferred_uplink is defined %}
-{% for peer in groups['uplink'] %}
-{% if not hostvars[peer]['wireguard_bb_name'] == preferred_uplink %}
-in if bb{{ hostvars[peer]['wireguard_bb_name'] }} metric 64
-{% endif %}
-{% endfor %}
-{% endif %}
diff --git a/roles/install_bind/templates/named.conf.j2 b/roles/install_bind/templates/named.conf.j2
index da7043e..25d3470 100644
--- a/roles/install_bind/templates/named.conf.j2
+++ b/roles/install_bind/templates/named.conf.j2
@@ -27,6 +27,8 @@ options {
version none;
hostname none;
server-id none;
+
+ max-cache-size 1024M;
};
statistics-channels {
diff --git a/roles/install_monitoring/tasks/install_munin.yml b/roles/install_monitoring/tasks/install_munin.yml
index ee81639..c843bfe 100644
--- a/roles/install_monitoring/tasks/install_munin.yml
+++ b/roles/install_monitoring/tasks/install_munin.yml
@@ -14,7 +14,6 @@
pacman:
name: perl-json
state: present
- when: "'fastd' in group_names"
- name: copy fastd peers plugin
copy:
@@ -22,7 +21,6 @@
dest: /usr/lib/munin/plugins/fastd_peers_
mode: 0755
notify: restart munin-node
- when: "'fastd' in group_names"
- name: copy fastd traffic plugin
copy:
@@ -30,7 +28,6 @@
dest: /usr/lib/munin/plugins/fastd_traffic_
mode: 0755
notify: restart munin-node
- when: "'fastd' in group_names"
- name: enable munin plugins for fastd peers
file:
@@ -39,7 +36,6 @@
state: link
with_items: "{{ sites }}"
notify: restart munin-node
- when: "'fastd' in group_names"
- name: enable munin plugins for fastd traffic
file:
@@ -48,14 +44,12 @@
state: link
with_items: "{{ sites }}"
notify: restart munin-node
- when: "'fastd' in group_names"
- name: copy fastd plugin config
template:
src: munin_fastd_conf.j2
dest: /etc/munin/plugin-conf.d/fastd
notify: restart munin-node
- when: "'fastd' in group_names"
- name: copy wg peers plugin
copy:
@@ -63,7 +57,6 @@
dest: /usr/lib/munin/plugins/wg_peers_
mode: 0755
notify: restart munin-node
- when: "'fastd' in group_names"
- name: copy wg peers plugin config
copy:
@@ -71,7 +64,6 @@
dest: /etc/munin/plugin-conf.d/wg
mode: 0644
notify: restart munin-node
- when: "'fastd' in group_names"
- name: enable munin plugins for wg peers
file:
@@ -80,7 +72,6 @@
state: link
with_items: "{{ sites }}"
notify: restart munin-node
- when: "'fastd' in group_names"
- name: copy dhcp-pool plugin
copy:
@@ -88,7 +79,6 @@
dest: /usr/lib/munin/plugins/dhcp-pool
mode: 0755
notify: restart munin-node
- when: "'fastd' in group_names"
- name: enable munin plugins for dhcp
file:
@@ -96,7 +86,6 @@
src: /usr/lib/munin/plugins/dhcp-pool
state: link
notify: restart munin-node
- when: "'fastd' in group_names"
- name: copy fw_conntrack plugin
copy:
@@ -128,21 +117,21 @@
name: perl-lwp-protocol-https
state: present
-- name: enable munin plugins for network monitoring (1/9)
+- name: enable munin plugins for network monitoring (1/6)
file:
path: /etc/munin/plugins/if_{{ ansible_default_ipv4.interface }}
src: /usr/lib/munin/plugins/if_
state: link
notify: restart munin-node
-- name: enable munin plugins for network monitoring (2/9)
+- name: enable munin plugins for network monitoring (2/6)
file:
path: /etc/munin/plugins/if_{{ ansible_default_ipv6.interface }}
src: /usr/lib/munin/plugins/if_
state: link
notify: restart munin-node
-- name: enable munin plugins for network monitoring (3/9)
+- name: enable munin plugins for network monitoring (3/6)
file:
path: /etc/munin/plugins/if_{{ item[0] }}{{ item[1].name }}
src: /usr/lib/munin/plugins/if_
@@ -151,60 +140,30 @@
with_nested:
- [ 'bat', 'vpn', 'wg', 'vx' ]
- "{{ sites }}"
- when: "'fastd' in group_names"
-- name: enable munin plugins for network monitoring (4/9)
- file:
- path: /etc/munin/plugins/if_bb{{ hostvars[item]['wireguard_bb_name'] }}
- src: /usr/lib/munin/plugins/if_
- state: link
- notify: restart munin-node
- with_items: "{{ groups['uplink'] }}"
- when: "'fastd' in group_names"
-
-- name: enable munin plugins for network monitoring (5/9)
- file:
- path: /etc/munin/plugins/if_bb{{ hostvars[item]['wireguard_bb_name'] }}
- src: /usr/lib/munin/plugins/if_
- state: link
- notify: restart munin-node
- with_items: "{{ groups['fastd'] }}"
- when: "'uplink' in group_names"
-
-- name: enable munin plugins for network monitoring (6/9)
+- name: enable munin plugins for network monitoring (4/6)
file:
path: /etc/munin/plugins/if_bb{{ item.name }}
src: /usr/lib/munin/plugins/if_
state: link
notify: restart munin-node
with_items: "{{ wireguard_bb_peers|default([]) }}"
- when: "'uplink' in group_names"
-- name: enable munin plugins for network monitoring (7/9)
+- name: enable munin plugins for network monitoring (5/6)
file:
path: /etc/munin/plugins/if_bb{{ hostvars[item]['wireguard_bb_name'] }}
src: /usr/lib/munin/plugins/if_
state: link
notify: restart munin-node
- with_items: "{{ groups['uplink'] | difference([inventory_hostname]) }}"
- when: "'uplink' in group_names"
+ with_items: "{{ groups['fastd'] | difference([inventory_hostname]) }}"
-- name: enable munin plugins for network monitoring (8/9)
+- name: enable munin plugins for network monitoring (6/6)
file:
path: /etc/munin/plugins/if_{{ item.name }}
src: /usr/lib/munin/plugins/if_
state: link
notify: restart munin-node
with_items: "{{ ffrl_peers }}"
- when: "'ffrl_uplink' in group_names"
-
-- name: enable munin plugins for network monitoring (9/9)
- file:
- path: /etc/munin/plugins/if_mullvad
- src: /usr/lib/munin/plugins/if_
- state: link
- notify: restart munin-node
- when: "'mullvad_uplink' in group_names"
- name: enable munin plugins
file:
diff --git a/roles/install_monitoring/tasks/main.yml b/roles/install_monitoring/tasks/main.yml
index 6600e0c..dc3c445 100644
--- a/roles/install_monitoring/tasks/main.yml
+++ b/roles/install_monitoring/tasks/main.yml
@@ -1,7 +1,6 @@
---
- name: install ffmyk-influx
include: install_ffmyk-influx.yml
- when: "'fastd' in group_names"
- name: install munin
import_tasks: install_munin.yml
diff --git a/roles/install_monitoring/templates/ffmyk-influx/traffic.php.j2 b/roles/install_monitoring/templates/ffmyk-influx/traffic.php.j2
index dde5dba..9a848da 100644
--- a/roles/install_monitoring/templates/ffmyk-influx/traffic.php.j2
+++ b/roles/install_monitoring/templates/ffmyk-influx/traffic.php.j2
@@ -24,8 +24,5 @@ function traffic($iface, $alias=false) {
(traffic('vpn{{ site.name }}'));
(traffic('wg{{ site.name }}'));
{% endfor %}
-{% for uplink in groups['uplink'] %}
-(traffic('bb{{ hostvars[uplink]['wireguard_bb_name'] }}'));
-{% endfor %}
?>
diff --git a/roles/install_monitoring/templates/munin-node.conf.j2 b/roles/install_monitoring/templates/munin-node.conf.j2
index 6dda88c..e7a1610 100644
--- a/roles/install_monitoring/templates/munin-node.conf.j2
+++ b/roles/install_monitoring/templates/munin-node.conf.j2
@@ -38,7 +38,7 @@ host_name {{ ansible_fqdn }}
# may repeat the allow line as many times as you'd like
allow ^127\.0\.0\.1$
-allow ^2a01:4f8:151:13cd:1::35$
+allow ^2a01:4f8:272:3d5f:1::35$
allow ^::1$
# Which address to bind to;
diff --git a/roles/install_wg_add/tasks/main.yml b/roles/install_wg_add/tasks/main.yml
new file mode 100644
index 0000000..da7f0b4
--- /dev/null
+++ b/roles/install_wg_add/tasks/main.yml
@@ -0,0 +1,30 @@
+---
+- name: install wg_add dependencies
+ pacman:
+ name:
+ - git
+ - make
+ - gcc
+ state: present
+
+- name: clone wg_add repo
+ git:
+ repo: https://github.com/FreifunkMYK/wg_add.git
+ dest: /opt/wg_add
+
+- name: build wg_add
+ make:
+ chdir: /opt/wg_add
+
+- name: install wg_add service
+ template:
+ src: wg_add.service.j2
+ dest: /etc/systemd/system/wg_add@.service
+ mode: 0644
+
+- name: start and enable wgkex service
+ systemd:
+ name: wg_add@{{ item.name }}
+ state: started
+ enabled: yes
+ with_items: "{{ sites }}"
diff --git a/roles/install_wg_add/templates/wg_add.service.j2 b/roles/install_wg_add/templates/wg_add.service.j2
new file mode 100644
index 0000000..b348e98
--- /dev/null
+++ b/roles/install_wg_add/templates/wg_add.service.j2
@@ -0,0 +1,10 @@
+[Unit]
+Description=wg_add
+After=network.target
+
+[Service]
+ExecStart=/opt/wg_add/wg_add {{ ansible_default_ipv4.interface }} wg%i vx%i
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/install_wireguard_backbone/tasks/fastd_tasks.yml b/roles/install_wireguard_backbone/tasks/fastd_tasks.yml
deleted file mode 100644
index d1d9974..0000000
--- a/roles/install_wireguard_backbone/tasks/fastd_tasks.yml
+++ /dev/null
@@ -1,33 +0,0 @@
----
-- name: create wireguard config for peers
- template:
- src: wg.conf.j2
- dest: /etc/wireguard/wgbb{{ hostvars[item]['wireguard_bb_name'] }}.conf
- mode: 0400
- with_items:
- - "{{ groups['uplink'] }}"
-
-- name: create wireguard up scripts for peers
- template:
- src: up.sh.j2
- dest: /etc/wireguard/upbb{{ hostvars[item]['wireguard_bb_name'] }}.sh
- mode: 0744
- with_items:
- - "{{ groups['uplink'] }}"
-
-- name: create wireguard down scripts for peers
- template:
- src: down.sh.j2
- dest: /etc/wireguard/downbb{{ hostvars[item]['wireguard_bb_name'] }}.sh
- mode: 0744
- with_items:
- - "{{ groups['uplink'] }}"
-
-- name: start and enable wireguard mesh
- systemd:
- name: wgbackbone@{{ hostvars[item]['wireguard_bb_name'] }}.service
- enabled: yes
- state: started
- daemon_reload: yes
- with_items:
- - "{{ groups['uplink'] }}"
diff --git a/roles/install_wireguard_backbone/tasks/main.yml b/roles/install_wireguard_backbone/tasks/main.yml
index 9ccfe05..b185173 100644
--- a/roles/install_wireguard_backbone/tasks/main.yml
+++ b/roles/install_wireguard_backbone/tasks/main.yml
@@ -4,8 +4,60 @@
src: wgbackbone@.service
dest: /etc/systemd/system/wgbackbone@.service
-- include_tasks: fastd_tasks.yml
- when: "'fastd' in group_names"
+- name: create wireguard config for uplinks
+ template:
+ src: wg.conf.j2
+ dest: /etc/wireguard/wgbb{{ hostvars[item]['wireguard_bb_name'] }}.conf
+ mode: 0400
+ with_items: "{{ groups['fastd'] | difference([inventory_hostname]) }}"
-- include_tasks: uplink_tasks.yml
- when: "'uplink' in group_names"
+- name: create wireguard config for additional peers
+ template:
+ src: wg2.conf.j2
+ dest: /etc/wireguard/wgbb{{ item.name }}.conf
+ mode: 0400
+ with_items: "{{ wireguard_bb_peers|default([]) }}"
+
+- name: create wireguard up scripts for uplinks
+ template:
+ src: up.sh.j2
+ dest: /etc/wireguard/upbb{{ hostvars[item]['wireguard_bb_name'] }}.sh
+ mode: 0744
+ with_items: "{{ groups['fastd'] | difference([inventory_hostname]) }}"
+
+- name: create wireguard up scripts for additional peers
+ template:
+ src: up2.sh.j2
+ dest: /etc/wireguard/upbb{{ item.name }}.sh
+ mode: 0744
+ with_items: "{{ wireguard_bb_peers|default([]) }}"
+
+- name: create wireguard down scripts for uplinks
+ template:
+ src: down.sh.j2
+ dest: /etc/wireguard/downbb{{ hostvars[item]['wireguard_bb_name'] }}.sh
+ mode: 0744
+ with_items: "{{ groups['fastd'] | difference([inventory_hostname]) }}"
+
+- name: create wireguard down scripts for additional peers
+ template:
+ src: down2.sh.j2
+ dest: /etc/wireguard/downbb{{ item.name }}.sh
+ mode: 0744
+ with_items: "{{ wireguard_bb_peers|default([]) }}"
+
+- name: start and enable wireguard mesh for uplinks
+ systemd:
+ name: wgbackbone@{{ hostvars[item]['wireguard_bb_name'] }}.service
+ enabled: yes
+ state: started
+ daemon_reload: yes
+ with_items: "{{ groups['fastd'] | difference([inventory_hostname]) }}"
+
+- name: start and enable wireguard mesh for additional peers
+ systemd:
+ name: wgbackbone@{{ item.name }}.service
+ enabled: yes
+ state: started
+ daemon_reload: yes
+ with_items: "{{ wireguard_bb_peers|default([]) }}"
diff --git a/roles/install_wireguard_backbone/tasks/uplink_tasks.yml b/roles/install_wireguard_backbone/tasks/uplink_tasks.yml
deleted file mode 100644
index ea906e5..0000000
--- a/roles/install_wireguard_backbone/tasks/uplink_tasks.yml
+++ /dev/null
@@ -1,87 +0,0 @@
----
-- name: create wireguard config for fastds
- template:
- src: wg.conf.j2
- dest: /etc/wireguard/wgbb{{ hostvars[item]['wireguard_bb_name'] }}.conf
- mode: 0400
- with_items: "{{ groups['fastd'] }}"
-
-- name: create wireguard config for uplinks
- template:
- src: wg.conf.j2
- dest: /etc/wireguard/wgbb{{ hostvars[item]['wireguard_bb_name'] }}.conf
- mode: 0400
- with_items: "{{ groups['uplink'] | difference([inventory_hostname]) }}"
-
-- name: create wireguard config for additional peers
- template:
- src: wg2.conf.j2
- dest: /etc/wireguard/wgbb{{ item.name }}.conf
- mode: 0400
- with_items: "{{ wireguard_bb_peers|default([]) }}"
-
-- name: create wireguard up scripts for fastds
- template:
- src: up.sh.j2
- dest: /etc/wireguard/upbb{{ hostvars[item]['wireguard_bb_name'] }}.sh
- mode: 0744
- with_items: "{{ groups['fastd'] }}"
-
-- name: create wireguard up scripts for uplinks
- template:
- src: up.sh.j2
- dest: /etc/wireguard/upbb{{ hostvars[item]['wireguard_bb_name'] }}.sh
- mode: 0744
- with_items: "{{ groups['uplink'] | difference([inventory_hostname]) }}"
-
-- name: create wireguard up scripts for additional peers
- template:
- src: up2.sh.j2
- dest: /etc/wireguard/upbb{{ item.name }}.sh
- mode: 0744
- with_items: "{{ wireguard_bb_peers|default([]) }}"
-
-- name: create wireguard down scripts for fastds
- template:
- src: down.sh.j2
- dest: /etc/wireguard/downbb{{ hostvars[item]['wireguard_bb_name'] }}.sh
- mode: 0744
- with_items: "{{ groups['fastd'] }}"
-
-- name: create wireguard down scripts for uplinks
- template:
- src: down.sh.j2
- dest: /etc/wireguard/downbb{{ hostvars[item]['wireguard_bb_name'] }}.sh
- mode: 0744
- with_items: "{{ groups['uplink'] | difference([inventory_hostname]) }}"
-
-- name: create wireguard down scripts for additional peers
- template:
- src: down2.sh.j2
- dest: /etc/wireguard/downbb{{ item.name }}.sh
- mode: 0744
- with_items: "{{ wireguard_bb_peers|default([]) }}"
-
-- name: start and enable wireguard mesh for fastds
- systemd:
- name: wgbackbone@{{ hostvars[item]['wireguard_bb_name'] }}.service
- enabled: yes
- state: started
- daemon_reload: yes
- with_items: "{{ groups['fastd'] }}"
-
-- name: start and enable wireguard mesh for uplinks
- systemd:
- name: wgbackbone@{{ hostvars[item]['wireguard_bb_name'] }}.service
- enabled: yes
- state: started
- daemon_reload: yes
- with_items: "{{ groups['uplink'] | difference([inventory_hostname]) }}"
-
-- name: start and enable wireguard mesh for additional peers
- systemd:
- name: wgbackbone@{{ item.name }}.service
- enabled: yes
- state: started
- daemon_reload: yes
- with_items: "{{ wireguard_bb_peers|default([]) }}"
diff --git a/setup_fastd.yml b/setup_fastd.yml
index 8429e56..e55f267 100644
--- a/setup_fastd.yml
+++ b/setup_fastd.yml
@@ -7,7 +7,6 @@
- configure_sysctl
- configure_iptables
- configure_static_routes
- #- install_ssmtp
- install_cronie
- install_php
- install_nginx
@@ -21,39 +20,11 @@
- install_wireguard_mesh
- install_wireguard_backbone
- install_babeld
- - install_wgkex
+ - install_wg_add
- install_fastd
- install_mesh-announce
- install_monitoring
- install_iperf3
- update_ssh_keys
- install_admin_packages
-- name: basic uplink config
- hosts: uplink
- user: root
- roles:
- - configure_journald
- - configure_sysctl
- - configure_iptables
- - configure_static_routes
- - install_cronie
- #- install_nginx
- - install_ntp
- - install_haveged
- - install_wireguard
- - install_wireguard_backbone
- - install_babeld
- - install_monitoring
- - install_iperf3
- - update_ssh_keys
- - install_admin_packages
-- name: install openvpn uplink
- hosts: mullvad_uplink
- user: root
- roles:
- - install_openvpn
-- name: setup ffrl
- hosts: ffrl_uplink
- user: root
- roles:
- setup_ffrl_tunnel