diff options
Diffstat (limited to 'roles/install_wireguard_backbone')
6 files changed, 78 insertions, 43 deletions
diff --git a/roles/install_wireguard_backbone/tasks/fastd_tasks.yml b/roles/install_wireguard_backbone/tasks/fastd_tasks.yml new file mode 100644 index 0000000..2fe4ce6 --- /dev/null +++ b/roles/install_wireguard_backbone/tasks/fastd_tasks.yml @@ -0,0 +1,29 @@ +--- +- name: create wireguard config for peers + template: + src: wg.conf.j2 + dest: /etc/wireguard/wgbb{{ hostvars[item]['wireguard_bb_name'] }}.conf + mode: 0400 + with_items: "{{ groups['ffrl_uplink'] }}" + +- name: create wireguard up scripts for peers + template: + src: up.sh.j2 + dest: /etc/wireguard/upbb{{ hostvars[item]['wireguard_bb_name'] }}.sh + mode: 0744 + with_items: "{{ groups['ffrl_uplink'] }}" + +- name: create wireguard down scripts for peers + template: + src: down.sh.j2 + dest: /etc/wireguard/downbb{{ hostvars[item]['wireguard_bb_name'] }}.sh + mode: 0744 + with_items: "{{ groups['ffrl_uplink'] }}" + +- name: start and enable wireguard mesh + systemd: + name: wgbackbone@{{ hostvars[item]['wireguard_bb_name'] }}.service + enabled: yes + state: started + daemon_reload: yes + with_items: "{{ groups['ffrl_uplink'] }}" diff --git a/roles/install_wireguard_backbone/tasks/ffrl_uplink_tasks.yml b/roles/install_wireguard_backbone/tasks/ffrl_uplink_tasks.yml new file mode 100644 index 0000000..d894758 --- /dev/null +++ b/roles/install_wireguard_backbone/tasks/ffrl_uplink_tasks.yml @@ -0,0 +1,29 @@ +--- +- name: create wireguard config for peers + template: + src: wg.conf.j2 + dest: /etc/wireguard/wgbb{{ hostvars[item]['wireguard_bb_name'] }}.conf + mode: 0400 + with_items: "{{ groups['fastd'] }}" + +- name: create wireguard up scripts for peers + template: + src: up.sh.j2 + dest: /etc/wireguard/upbb{{ hostvars[item]['wireguard_bb_name'] }}.sh + mode: 0744 + with_items: "{{ groups['fastd'] }}" + +- name: create wireguard down scripts for peers + template: + src: down.sh.j2 + dest: /etc/wireguard/downbb{{ hostvars[item]['wireguard_bb_name'] }}.sh + mode: 0744 + with_items: "{{ groups['fastd'] }}" + +- name: start and enable wireguard mesh + systemd: + name: wgbackbone@{{ hostvars[item]['wireguard_bb_name'] }}.service + enabled: yes + state: started + daemon_reload: yes + with_items: "{{ groups['fastd'] }}" diff --git a/roles/install_wireguard_backbone/tasks/main.yml b/roles/install_wireguard_backbone/tasks/main.yml index 09edb03..eafd889 100644 --- a/roles/install_wireguard_backbone/tasks/main.yml +++ b/roles/install_wireguard_backbone/tasks/main.yml @@ -1,34 +1,11 @@ --- -- name: create wireguard config for peers - template: - src: wg.conf.j2 - dest: /etc/wireguard/wgbb{{ item.name }}.conf - mode: 0400 - with_items: "{{ wireguard_bb_peers }}" - -- name: create wireguard up scripts for peers - template: - src: up.sh.j2 - dest: /etc/wireguard/upbb{{ item.name }}.sh - mode: 0744 - with_items: "{{ wireguard_bb_peers }}" - -- name: create wireguard down scripts for peers - template: - src: down.sh.j2 - dest: /etc/wireguard/downbb{{ item.name }}.sh - mode: 0744 - with_items: "{{ wireguard_bb_peers }}" - - name: create wireguard backbone service template copy: src: wgbackbone@.service dest: /etc/systemd/system/wgbackbone@.service -- name: start and enable wireguard mesh - systemd: - name: wgbackbone@{{ item.name }}.service - enabled: yes - state: started - daemon_reload: yes - with_items: "{{ wireguard_bb_peers }}" +- include_tasks: ffrl_uplink_tasks.yml + when: "'ffrl_uplink' in group_names" + +- include_tasks: fastd_tasks.yml + when: "'fastd' in group_names" diff --git a/roles/install_wireguard_backbone/templates/down.sh.j2 b/roles/install_wireguard_backbone/templates/down.sh.j2 index fbdd387..6b78d2e 100644 --- a/roles/install_wireguard_backbone/templates/down.sh.j2 +++ b/roles/install_wireguard_backbone/templates/down.sh.j2 @@ -1,5 +1,5 @@ #!/bin/bash -ip -4 rule del iif bb{{ item.name }} table ffmyk -ip -6 rule del iif bb{{ item.name }} table ffmyk -ip link set down dev bb{{ item.name }} -ip link del bb{{ item.name }} +ip -4 rule del iif bb{{ hostvars[item]['wireguard_bb_name'] }} table ffmyk +ip -6 rule del iif bb{{ hostvars[item]['wireguard_bb_name'] }} table ffmyk +ip link set down dev bb{{ hostvars[item]['wireguard_bb_name'] }} +ip link del bb{{ hostvars[item]['wireguard_bb_name'] }} diff --git a/roles/install_wireguard_backbone/templates/up.sh.j2 b/roles/install_wireguard_backbone/templates/up.sh.j2 index 38b3c26..5af1a81 100644 --- a/roles/install_wireguard_backbone/templates/up.sh.j2 +++ b/roles/install_wireguard_backbone/templates/up.sh.j2 @@ -1,8 +1,8 @@ #!/bin/bash -ip link add bb{{ item.name }} type wireguard -wg setconf bb{{ item.name }} /etc/wireguard/wgbb{{ item.name }}.conf -ip addr add {{ item.address6 }} dev bb{{ item.name }} -ip addr add {{ wireguard_bb_ipv4 }}/32 peer {{ item.address }}/32 dev bb{{ item.name }} -ip link set up dev bb{{ item.name }} -ip -4 rule add iif bb{{ item.name }} table ffmyk priority 10 -ip -6 rule add iif bb{{ item.name }} table ffmyk priority 10 +ip link add bb{{ hostvars[item]['wireguard_bb_name'] }} type wireguard +wg setconf bb{{ hostvars[item]['wireguard_bb_name'] }} /etc/wireguard/wgbb{{ hostvars[item]['wireguard_bb_name'] }}.conf +ip addr add {{ wireguard_bb_ipv6 }} dev bb{{ hostvars[item]['wireguard_bb_name'] }} +ip addr add {{ wireguard_bb_ipv4 }}/32 peer {{ hostvars[item]['wireguard_bb_ipv4'] }}/32 dev bb{{ hostvars[item]['wireguard_bb_name'] }} +ip link set up dev bb{{ hostvars[item]['wireguard_bb_name'] }} +ip -4 rule add iif bb{{ hostvars[item]['wireguard_bb_name'] }} table ffmyk priority 10 +ip -6 rule add iif bb{{ hostvars[item]['wireguard_bb_name'] }} table ffmyk priority 10 diff --git a/roles/install_wireguard_backbone/templates/wg.conf.j2 b/roles/install_wireguard_backbone/templates/wg.conf.j2 index de0e1fb..a52655c 100644 --- a/roles/install_wireguard_backbone/templates/wg.conf.j2 +++ b/roles/install_wireguard_backbone/templates/wg.conf.j2 @@ -1,9 +1,9 @@ [Interface] -ListenPort = {{ item.local_port }} -PrivateKey = {{ wireguard_bb_key }} +ListenPort = {{ hostvars[item]['wireguard_bb_port'] }} +PrivateKey = {{ wireguard_bb_priv_key }} [Peer] -PublicKey = {{ item.key }} +PublicKey = {{ hostvars[item]['wireguard_bb_pub_key'] }} AllowedIPs = 0.0.0.0/0,::/0 -Endpoint = [{{ item.endpoint }}]:{{ item.remote_port }} +Endpoint = [{{ hostvars[item]['wireguard_bb_endpoint'] }}]:{{ wireguard_bb_port }} PersistentKeepalive = 30 |