diff options
Diffstat (limited to 'roles')
| -rw-r--r-- | roles/configure_iptables/templates/ip6tables.rules | 26 | ||||
| -rw-r--r-- | roles/configure_iptables/templates/iptables.rules | 9 | ||||
| -rw-r--r-- | roles/install_babeld/templates/babeld.conf.j2 | 12 | ||||
| -rw-r--r-- | roles/install_wireguard_backbone/tasks/fastd_tasks.yml | 12 | ||||
| -rw-r--r-- | roles/install_wireguard_backbone/tasks/main.yml | 8 | ||||
| -rw-r--r-- | roles/install_wireguard_backbone/tasks/mullvad_uplink_tasks.yml | 29 | ||||
| -rw-r--r-- | roles/install_wireguard_backbone/tasks/uplink_tasks.yml (renamed from roles/install_wireguard_backbone/tasks/ffrl_uplink_tasks.yml) | 0 |
7 files changed, 14 insertions, 82 deletions
diff --git a/roles/configure_iptables/templates/ip6tables.rules b/roles/configure_iptables/templates/ip6tables.rules index 78d76c7..dd2d1f2 100644 --- a/roles/configure_iptables/templates/ip6tables.rules +++ b/roles/configure_iptables/templates/ip6tables.rules @@ -11,19 +11,11 @@ {% endif %} {% if 'fastd' in group_names %} -{% for peer in groups['ffrl_uplink'] %} --A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff -{% endfor %} -{% for peer in groups['mullvad_uplink'] %} --A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff -{% endfor %} -{% endif %} -{% if 'mullvad_uplink' in group_names %} -{% for peer in groups['fastd'] %} +{% for peer in groups['uplink'] %} -A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff {% endfor %} {% endif %} -{% if 'ffrl_uplink' in group_names %} +{% if 'uplink' in group_names %} {% for peer in groups['fastd'] %} -A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff {% endfor %} @@ -56,22 +48,12 @@ COMMIT {% endif %} # wireguard_backbone {% if 'fastd' in group_names %} -{% for peer in groups['ffrl_uplink'] %} --A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT --A INPUT -p udp --dport {{ hostvars[peer]['wireguard_bb_port'] }} -j ACCEPT -{% endfor %} -{% for peer in groups['mullvad_uplink'] %} --A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT --A INPUT -p udp --dport {{ hostvars[peer]['wireguard_bb_port'] }} -j ACCEPT -{% endfor %} -{% endif %} -{% if 'mullvad_uplink' in group_names %} -{% for peer in groups['fastd'] %} +{% for peer in groups['uplink'] %} -A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT -A INPUT -p udp --dport {{ hostvars[peer]['wireguard_bb_port'] }} -j ACCEPT {% endfor %} {% endif %} -{% if 'ffrl_uplink' in group_names %} +{% if 'uplink' in group_names %} {% for peer in groups['fastd'] %} -A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT -A INPUT -p udp --dport {{ hostvars[peer]['wireguard_bb_port'] }} -j ACCEPT diff --git a/roles/configure_iptables/templates/iptables.rules b/roles/configure_iptables/templates/iptables.rules index 5b5410d..d832362 100644 --- a/roles/configure_iptables/templates/iptables.rules +++ b/roles/configure_iptables/templates/iptables.rules @@ -11,16 +11,11 @@ {% endif %} {% if 'fastd' in group_names %} -{% for peer in groups['ffrl_uplink'] %} +{% for peer in groups['uplink'] %} -A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -j MARK --set-xmark 0x1/0xffffffff {% endfor %} {% endif %} -{% if 'mullvad_uplink' in group_names %} -{% for peer in groups['fastd'] %} --A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -j MARK --set-xmark 0x1/0xffffffff -{% endfor %} -{% endif %} -{% if 'ffrl_uplink' in group_names %} +{% if 'uplink' in group_names %} {% for peer in groups['fastd'] %} -A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -j MARK --set-xmark 0x1/0xffffffff {% endfor %} diff --git a/roles/install_babeld/templates/babeld.conf.j2 b/roles/install_babeld/templates/babeld.conf.j2 index 7b436da..47a4d3e 100644 --- a/roles/install_babeld/templates/babeld.conf.j2 +++ b/roles/install_babeld/templates/babeld.conf.j2 @@ -6,19 +6,11 @@ ipv6-subtrees true # You must provide at least one interface for babeld to operate on. {% if 'fastd' in group_names %} -{% for peer in groups['ffrl_uplink'] %} -interface bb{{ hostvars[peer]['wireguard_bb_name'] }} -{% endfor %} -{% for peer in groups['mullvad_uplink'] %} -interface bb{{ hostvars[peer]['wireguard_bb_name'] }} -{% endfor %} -{% endif %} -{% if 'mullvad_uplink' in group_names %} -{% for peer in groups['fastd'] %} +{% for peer in groups['uplink'] %} interface bb{{ hostvars[peer]['wireguard_bb_name'] }} {% endfor %} {% endif %} -{% if 'ffrl_uplink' in group_names %} +{% if 'uplink' in group_names %} {% for peer in groups['fastd'] %} interface bb{{ hostvars[peer]['wireguard_bb_name'] }} {% endfor %} diff --git a/roles/install_wireguard_backbone/tasks/fastd_tasks.yml b/roles/install_wireguard_backbone/tasks/fastd_tasks.yml index 36a61d7..d1d9974 100644 --- a/roles/install_wireguard_backbone/tasks/fastd_tasks.yml +++ b/roles/install_wireguard_backbone/tasks/fastd_tasks.yml @@ -5,8 +5,7 @@ dest: /etc/wireguard/wgbb{{ hostvars[item]['wireguard_bb_name'] }}.conf mode: 0400 with_items: - - "{{ groups['mullvad_uplink'] }}" - - "{{ groups['ffrl_uplink'] }}" + - "{{ groups['uplink'] }}" - name: create wireguard up scripts for peers template: @@ -14,8 +13,7 @@ dest: /etc/wireguard/upbb{{ hostvars[item]['wireguard_bb_name'] }}.sh mode: 0744 with_items: - - "{{ groups['mullvad_uplink'] }}" - - "{{ groups['ffrl_uplink'] }}" + - "{{ groups['uplink'] }}" - name: create wireguard down scripts for peers template: @@ -23,8 +21,7 @@ dest: /etc/wireguard/downbb{{ hostvars[item]['wireguard_bb_name'] }}.sh mode: 0744 with_items: - - "{{ groups['mullvad_uplink'] }}" - - "{{ groups['ffrl_uplink'] }}" + - "{{ groups['uplink'] }}" - name: start and enable wireguard mesh systemd: @@ -33,5 +30,4 @@ state: started daemon_reload: yes with_items: - - "{{ groups['mullvad_uplink'] }}" - - "{{ groups['ffrl_uplink'] }}" + - "{{ groups['uplink'] }}" diff --git a/roles/install_wireguard_backbone/tasks/main.yml b/roles/install_wireguard_backbone/tasks/main.yml index 8f9ca5a..9ccfe05 100644 --- a/roles/install_wireguard_backbone/tasks/main.yml +++ b/roles/install_wireguard_backbone/tasks/main.yml @@ -7,9 +7,5 @@ - include_tasks: fastd_tasks.yml when: "'fastd' in group_names" -- include_tasks: mullvad_uplink_tasks.yml - when: "'mullvad_uplink' in group_names" - -- include_tasks: ffrl_uplink_tasks.yml - when: "'ffrl_uplink' in group_names" - +- include_tasks: uplink_tasks.yml + when: "'uplink' in group_names" diff --git a/roles/install_wireguard_backbone/tasks/mullvad_uplink_tasks.yml b/roles/install_wireguard_backbone/tasks/mullvad_uplink_tasks.yml deleted file mode 100644 index d894758..0000000 --- a/roles/install_wireguard_backbone/tasks/mullvad_uplink_tasks.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -- name: create wireguard config for peers - template: - src: wg.conf.j2 - dest: /etc/wireguard/wgbb{{ hostvars[item]['wireguard_bb_name'] }}.conf - mode: 0400 - with_items: "{{ groups['fastd'] }}" - -- name: create wireguard up scripts for peers - template: - src: up.sh.j2 - dest: /etc/wireguard/upbb{{ hostvars[item]['wireguard_bb_name'] }}.sh - mode: 0744 - with_items: "{{ groups['fastd'] }}" - -- name: create wireguard down scripts for peers - template: - src: down.sh.j2 - dest: /etc/wireguard/downbb{{ hostvars[item]['wireguard_bb_name'] }}.sh - mode: 0744 - with_items: "{{ groups['fastd'] }}" - -- name: start and enable wireguard mesh - systemd: - name: wgbackbone@{{ hostvars[item]['wireguard_bb_name'] }}.service - enabled: yes - state: started - daemon_reload: yes - with_items: "{{ groups['fastd'] }}" diff --git a/roles/install_wireguard_backbone/tasks/ffrl_uplink_tasks.yml b/roles/install_wireguard_backbone/tasks/uplink_tasks.yml index d894758..d894758 100644 --- a/roles/install_wireguard_backbone/tasks/ffrl_uplink_tasks.yml +++ b/roles/install_wireguard_backbone/tasks/uplink_tasks.yml |