From 82e6f06b6bc5ab3baeb7b40fc4cd4afc44069e48 Mon Sep 17 00:00:00 2001 From: Niklas Yann Wettengel Date: Tue, 20 Dec 2022 13:09:39 +0100 Subject: ff-uniko1 --- host_vars/ff-loppermann1 | 2 +- host_vars/ff-uniko1 | 68 ++++++++++++++++++++++ inventory.ini | 1 + roles/install_bind/templates/named.conf.j2 | 21 ++++--- .../files/ffmyk-influx/daemon.sh | 1 - .../templates/ffmyk-influx/traffic.php.j2 | 1 - roles/install_tayga/templates/tayga.conf.j2 | 1 - roles/install_wireguard_vpn/templates/up.sh.j2 | 2 +- 8 files changed, 81 insertions(+), 16 deletions(-) create mode 100644 host_vars/ff-uniko1 diff --git a/host_vars/ff-loppermann1 b/host_vars/ff-loppermann1 index 4cc245d..9730b30 100644 --- a/host_vars/ff-loppermann1 +++ b/host_vars/ff-loppermann1 @@ -28,7 +28,7 @@ wireguard_vpn_address: 'fe80::d3:16ff:fee5:6239' wireguard_vpn_client_range: '2a03:2260:1016:3000::/52' tayga_ipv4: 10.3.0.1 tayga_pool: 10.3.0.0/16 -ffrl_router_id: 10.222.0.16 +ffrl_ip4: '185.66.194.105' ffrl_peers: - name: 'bbaakber' remote: '185.66.195.0' diff --git a/host_vars/ff-uniko1 b/host_vars/ff-uniko1 new file mode 100644 index 0000000..b9fb419 --- /dev/null +++ b/host_vars/ff-uniko1 @@ -0,0 +1,68 @@ +--- +ansible_host: 2001:4c80:50:14::c04 +sites: [] +wireguard_bb_name: 'uniko1' +wireguard_bb_endpoint: '{{ ansible_host }}' +wireguard_bb_priv_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 33323865636533656363643734313137313933353762316661623164616232333730303032613736 + 6238353532643966316135323861393937623739656636650a343839373332343939316533363230 + 30333038643766663131316136373264343536343734356139393737303030383436616366336430 + 3762656635303866310a333930333034613963363562313930663932333237306462663364663762 + 39306631356330353035386164616164656339316362366366366532373065643034613561323233 + 6132653032393235336566363561323563666133306639376637 +wireguard_bb_pub_key: 'skqPL/XGmezXsF/3L/AO+kVF6XPw8ioGoN5T76Ukc30=' +wireguard_bb_ipv4: '10.222.0.13' +wireguard_bb_ipv6: 'fe80::ffbb:ffbb:13' +wireguard_bb_port: 10113 +wireguard_vpn_port: 10010 +wireguard_vpn_priv_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 32393830323730303332326634336466663262356131323333363936393431613137616462346662 + 6330386466393666626131303362633065393630323461380a373336633762643238643662663664 + 62383934616366373663653033353431633535393738393830363464303466313365373833306366 + 6533353438663861340a636638636265653136326130346133343332376663336161626234343136 + 39653135633037663766333863333063393635623937323139663063333863643637306630616565 + 6433343965626635393231646639366663393363363734623333 +wireguard_vpn_address: 'fe80::58:c9ff:fe34:9785' +wireguard_vpn_client_range: '2a03:2260:1016:4000::/52' +tayga_ipv4: 10.4.0.1 +tayga_pool: 10.4.0.0/16 +ffrl_ip4: '185.66.194.104' +ffrl_peers: + - name: 'bbaakber' + remote: '185.66.195.0' + ip4: '100.64.11.81' + peer_ip4: '100.64.11.80' + ip6: '2a03:2260:0:5c1::2' + peer_ip6: '2a03:2260:0:5c1::1' + - name: 'bbafra2fra' + remote: '185.66.194.0' + ip4: '100.64.11.83' + peer_ip4: '100.64.11.82' + ip6: '2a03:2260:0:5c2::2' + peer_ip6: '2a03:2260:0:5c2::1' + - name: 'bbaixdus' + remote: '185.66.193.0' + ip4: '100.64.11.85' + peer_ip4: '100.64.11.84' + ip6: '2a03:2260:0:5c3::2' + peer_ip6: '2a03:2260:0:5c3::1' + - name: 'bbbakber' + remote: '185.66.195.1' + ip4: '100.64.11.87' + peer_ip4: '100.64.11.86' + ip6: '2a03:2260:0:5c4::2' + peer_ip6: '2a03:2260:0:5c4::1' + - name: 'bbbfra2fra' + remote: '185.66.194.1' + ip4: '100.64.11.89' + peer_ip4: '100.64.11.88' + ip6: '2a03:2260:0:5c5::2' + peer_ip6: '2a03:2260:0:5c5::1' + - name: 'bbbixdus' + remote: '185.66.193.1' + ip4: '100.64.11.91' + peer_ip4: '100.64.11.90' + ip6: '2a03:2260:0:5c6::2' + peer_ip6: '2a03:2260:0:5c6::1' diff --git a/inventory.ini b/inventory.ini index 8ed0e39..f2adfe9 100644 --- a/inventory.ini +++ b/inventory.ini @@ -2,3 +2,4 @@ ff-niyawe1 ff-niyawe2 ff-loppermann1 +ff-uniko1 diff --git a/roles/install_bind/templates/named.conf.j2 b/roles/install_bind/templates/named.conf.j2 index 056a6ea..feba4de 100644 --- a/roles/install_bind/templates/named.conf.j2 +++ b/roles/install_bind/templates/named.conf.j2 @@ -4,7 +4,6 @@ options { directory "/var/named"; pid-file "/run/named/named.pid"; - dnssec-enable yes; dnssec-validation auto; auth-nxdomain no; # conform to RFC1035 @@ -29,9 +28,9 @@ options { hostname none; server-id none; - dns64 64:ff9b::/96 { - clients { any; }; - }; + //dns64 64:ff9b::/96 { + // clients { any; }; + //}; max-cache-size 1024M; }; @@ -69,47 +68,47 @@ zone "ffaw" IN { type slave; file "bak/ffaw.zone"; allow-query { any; }; - masters { 2a01:4f8:a0:826b:1::17; }; + masters { 2a01:4f8:a0:6396:1::17; }; }; zone "ffcoc" IN { type slave; file "bak/ffcoc.zone"; allow-query { any; }; - masters { 2a01:4f8:a0:826b:1::17; }; + masters { 2a01:4f8:a0:6396:1::17; }; }; zone "ffems" IN { type slave; file "bak/ffems.zone"; allow-query { any; }; - masters { 2a01:4f8:a0:826b:1::17; }; + masters { 2a01:4f8:a0:6396:1::17; }; }; zone "ffko" IN { type slave; file "bak/ffko.zone"; allow-query { any; }; - masters { 2a01:4f8:a0:826b:1::17; }; + masters { 2a01:4f8:a0:6396:1::17; }; }; zone "ffmy" IN { type slave; file "bak/ffmy.zone"; allow-query { any; }; - masters { 2a01:4f8:a0:826b:1::17; }; + masters { 2a01:4f8:a0:6396:1::17; }; }; zone "ffmyk" IN { type slave; file "bak/ffmyk.zone"; allow-query { any; }; - masters { 2a01:4f8:a0:826b:1::17; }; + masters { 2a01:4f8:a0:6396:1::17; }; }; zone "ffsim" IN { type slave; file "bak/ffsim.zone"; allow-query { any; }; - masters { 2a01:4f8:a0:826b:1::17; }; + masters { 2a01:4f8:a0:6396:1::17; }; }; diff --git a/roles/install_monitoring/files/ffmyk-influx/daemon.sh b/roles/install_monitoring/files/ffmyk-influx/daemon.sh index 1cc5a8d..19f5d33 100755 --- a/roles/install_monitoring/files/ffmyk-influx/daemon.sh +++ b/roles/install_monitoring/files/ffmyk-influx/daemon.sh @@ -3,6 +3,5 @@ cd /opt/ffmyk-influx while : ;do php -c ./php.ini -f dhcp.php php -c ./php.ini -f traffic.php - php -c ./php.ini -f fastd.php sleep 15 done diff --git a/roles/install_monitoring/templates/ffmyk-influx/traffic.php.j2 b/roles/install_monitoring/templates/ffmyk-influx/traffic.php.j2 index 9a848da..78220da 100644 --- a/roles/install_monitoring/templates/ffmyk-influx/traffic.php.j2 +++ b/roles/install_monitoring/templates/ffmyk-influx/traffic.php.j2 @@ -21,7 +21,6 @@ function traffic($iface, $alias=false) { {% endif %} {% for site in sites %} (traffic('bat{{ site.name }}')); -(traffic('vpn{{ site.name }}')); (traffic('wg{{ site.name }}')); {% endfor %} diff --git a/roles/install_tayga/templates/tayga.conf.j2 b/roles/install_tayga/templates/tayga.conf.j2 index 8606dcb..d2fe7d7 100644 --- a/roles/install_tayga/templates/tayga.conf.j2 +++ b/roles/install_tayga/templates/tayga.conf.j2 @@ -3,4 +3,3 @@ ipv4-addr {{ tayga_ipv4 }} ipv6-addr 2a03:2260:1016::64 prefix 64:ff9b::/96 dynamic-pool {{ tayga_pool }} -data-dir /var/db/tayga diff --git a/roles/install_wireguard_vpn/templates/up.sh.j2 b/roles/install_wireguard_vpn/templates/up.sh.j2 index c57d16f..7aaa380 100644 --- a/roles/install_wireguard_vpn/templates/up.sh.j2 +++ b/roles/install_wireguard_vpn/templates/up.sh.j2 @@ -5,5 +5,5 @@ ip -6 rule add from {{ wireguard_vpn_client_range }} table ffmyk priority 10 ip -6 rule add from all iif wgmyk type unreachable priority 200 -ip -6 route add {{ wireguard_vpn_client_range }} table ffmyk dev wgmyk +ip -6 route add {{ wireguard_vpn_client_range }} table ffmyk dev wgmyk proto static systemctl restart named.service -- cgit v1.2.3-54-g00ecf