From 8225aa0e7c76b10a4a4eec23b317545705b1bc7e Mon Sep 17 00:00:00 2001
From: Niklas Yann Wettengel <niyawe@niyawe.de>
Date: Fri, 26 Jan 2018 00:16:27 +0100
Subject: added uplink group

---
 roles/configure_iptables/templates/ip6tables.rules | 26 +++----------------
 roles/configure_iptables/templates/iptables.rules  |  9 ++-----
 roles/install_babeld/templates/babeld.conf.j2      | 12 ++-------
 .../tasks/fastd_tasks.yml                          | 12 +++------
 .../tasks/ffrl_uplink_tasks.yml                    | 29 ----------------------
 roles/install_wireguard_backbone/tasks/main.yml    |  8 ++----
 .../tasks/mullvad_uplink_tasks.yml                 | 29 ----------------------
 .../tasks/uplink_tasks.yml                         | 29 ++++++++++++++++++++++
 8 files changed, 43 insertions(+), 111 deletions(-)
 delete mode 100644 roles/install_wireguard_backbone/tasks/ffrl_uplink_tasks.yml
 delete mode 100644 roles/install_wireguard_backbone/tasks/mullvad_uplink_tasks.yml
 create mode 100644 roles/install_wireguard_backbone/tasks/uplink_tasks.yml

(limited to 'roles')

diff --git a/roles/configure_iptables/templates/ip6tables.rules b/roles/configure_iptables/templates/ip6tables.rules
index 78d76c7..dd2d1f2 100644
--- a/roles/configure_iptables/templates/ip6tables.rules
+++ b/roles/configure_iptables/templates/ip6tables.rules
@@ -11,19 +11,11 @@
 {% endif %}
 
 {% if 'fastd' in group_names %}
-{% for peer in groups['ffrl_uplink'] %}
--A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff
-{% endfor %}
-{% for peer in groups['mullvad_uplink'] %}
--A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff
-{% endfor %}
-{% endif %}
-{% if 'mullvad_uplink' in group_names %}
-{% for peer in groups['fastd'] %}
+{% for peer in groups['uplink'] %}
 -A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff
 {% endfor %}
 {% endif %}
-{% if 'ffrl_uplink' in group_names %}
+{% if 'uplink' in group_names %}
 {% for peer in groups['fastd'] %}
 -A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff
 {% endfor %}
@@ -56,22 +48,12 @@ COMMIT
 {% endif %}
 # wireguard_backbone
 {% if 'fastd' in group_names %}
-{% for peer in groups['ffrl_uplink'] %}
--A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT
--A INPUT -p udp --dport {{ hostvars[peer]['wireguard_bb_port'] }} -j ACCEPT
-{% endfor %}
-{% for peer in groups['mullvad_uplink'] %}
--A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT
--A INPUT -p udp --dport {{ hostvars[peer]['wireguard_bb_port'] }} -j ACCEPT
-{% endfor %}
-{% endif %}
-{% if 'mullvad_uplink' in group_names %}
-{% for peer in groups['fastd'] %}
+{% for peer in groups['uplink'] %}
 -A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT
 -A INPUT -p udp --dport {{ hostvars[peer]['wireguard_bb_port'] }} -j ACCEPT
 {% endfor %}
 {% endif %}
-{% if 'ffrl_uplink' in group_names %}
+{% if 'uplink' in group_names %}
 {% for peer in groups['fastd'] %}
 -A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT
 -A INPUT -p udp --dport {{ hostvars[peer]['wireguard_bb_port'] }} -j ACCEPT
diff --git a/roles/configure_iptables/templates/iptables.rules b/roles/configure_iptables/templates/iptables.rules
index 5b5410d..d832362 100644
--- a/roles/configure_iptables/templates/iptables.rules
+++ b/roles/configure_iptables/templates/iptables.rules
@@ -11,16 +11,11 @@
 {% endif %}
 
 {% if 'fastd' in group_names %}
-{% for peer in groups['ffrl_uplink'] %}
+{% for peer in groups['uplink'] %}
 -A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -j MARK --set-xmark 0x1/0xffffffff
 {% endfor %}
 {% endif %}
-{% if 'mullvad_uplink' in group_names %}
-{% for peer in groups['fastd'] %}
--A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -j MARK --set-xmark 0x1/0xffffffff
-{% endfor %}
-{% endif %}
-{% if 'ffrl_uplink' in group_names %}
+{% if 'uplink' in group_names %}
 {% for peer in groups['fastd'] %}
 -A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -j MARK --set-xmark 0x1/0xffffffff
 {% endfor %}
diff --git a/roles/install_babeld/templates/babeld.conf.j2 b/roles/install_babeld/templates/babeld.conf.j2
index 7b436da..47a4d3e 100644
--- a/roles/install_babeld/templates/babeld.conf.j2
+++ b/roles/install_babeld/templates/babeld.conf.j2
@@ -6,19 +6,11 @@ ipv6-subtrees true
 
 # You must provide at least one interface for babeld to operate on.
 {% if 'fastd' in group_names %}
-{% for peer in groups['ffrl_uplink'] %}
-interface bb{{ hostvars[peer]['wireguard_bb_name'] }}
-{% endfor %}
-{% for peer in groups['mullvad_uplink'] %}
-interface bb{{ hostvars[peer]['wireguard_bb_name'] }}
-{% endfor %}
-{% endif %}
-{% if 'mullvad_uplink' in group_names %}
-{% for peer in groups['fastd'] %}
+{% for peer in groups['uplink'] %}
 interface bb{{ hostvars[peer]['wireguard_bb_name'] }}
 {% endfor %}
 {% endif %}
-{% if 'ffrl_uplink' in group_names %}
+{% if 'uplink' in group_names %}
 {% for peer in groups['fastd'] %}
 interface bb{{ hostvars[peer]['wireguard_bb_name'] }}
 {% endfor %}
diff --git a/roles/install_wireguard_backbone/tasks/fastd_tasks.yml b/roles/install_wireguard_backbone/tasks/fastd_tasks.yml
index 36a61d7..d1d9974 100644
--- a/roles/install_wireguard_backbone/tasks/fastd_tasks.yml
+++ b/roles/install_wireguard_backbone/tasks/fastd_tasks.yml
@@ -5,8 +5,7 @@
       dest: /etc/wireguard/wgbb{{ hostvars[item]['wireguard_bb_name'] }}.conf
       mode: 0400
   with_items:
-      - "{{ groups['mullvad_uplink'] }}"
-      - "{{ groups['ffrl_uplink'] }}"
+      - "{{ groups['uplink'] }}"
 
 - name: create wireguard up scripts for peers
   template:
@@ -14,8 +13,7 @@
       dest: /etc/wireguard/upbb{{ hostvars[item]['wireguard_bb_name'] }}.sh
       mode: 0744
   with_items: 
-      - "{{ groups['mullvad_uplink'] }}"
-      - "{{ groups['ffrl_uplink'] }}"
+      - "{{ groups['uplink'] }}"
 
 - name: create wireguard down scripts for peers
   template:
@@ -23,8 +21,7 @@
       dest: /etc/wireguard/downbb{{ hostvars[item]['wireguard_bb_name'] }}.sh
       mode: 0744
   with_items: 
-      - "{{ groups['mullvad_uplink'] }}"
-      - "{{ groups['ffrl_uplink'] }}"
+      - "{{ groups['uplink'] }}"
 
 - name: start and enable wireguard mesh
   systemd:
@@ -33,5 +30,4 @@
       state: started
       daemon_reload: yes
   with_items: 
-      - "{{ groups['mullvad_uplink'] }}"
-      - "{{ groups['ffrl_uplink'] }}"
+      - "{{ groups['uplink'] }}"
diff --git a/roles/install_wireguard_backbone/tasks/ffrl_uplink_tasks.yml b/roles/install_wireguard_backbone/tasks/ffrl_uplink_tasks.yml
deleted file mode 100644
index d894758..0000000
--- a/roles/install_wireguard_backbone/tasks/ffrl_uplink_tasks.yml
+++ /dev/null
@@ -1,29 +0,0 @@
----
-- name: create wireguard config for peers
-  template:
-      src: wg.conf.j2
-      dest: /etc/wireguard/wgbb{{ hostvars[item]['wireguard_bb_name'] }}.conf
-      mode: 0400
-  with_items: "{{ groups['fastd'] }}"
-
-- name: create wireguard up scripts for peers
-  template:
-      src: up.sh.j2
-      dest: /etc/wireguard/upbb{{ hostvars[item]['wireguard_bb_name'] }}.sh
-      mode: 0744
-  with_items: "{{ groups['fastd'] }}"
-
-- name: create wireguard down scripts for peers
-  template:
-      src: down.sh.j2
-      dest: /etc/wireguard/downbb{{ hostvars[item]['wireguard_bb_name'] }}.sh
-      mode: 0744
-  with_items: "{{ groups['fastd'] }}"
-
-- name: start and enable wireguard mesh
-  systemd:
-      name: wgbackbone@{{ hostvars[item]['wireguard_bb_name'] }}.service
-      enabled: yes
-      state: started
-      daemon_reload: yes
-  with_items: "{{ groups['fastd'] }}"
diff --git a/roles/install_wireguard_backbone/tasks/main.yml b/roles/install_wireguard_backbone/tasks/main.yml
index 8f9ca5a..9ccfe05 100644
--- a/roles/install_wireguard_backbone/tasks/main.yml
+++ b/roles/install_wireguard_backbone/tasks/main.yml
@@ -7,9 +7,5 @@
 - include_tasks: fastd_tasks.yml
   when: "'fastd' in group_names"
 
-- include_tasks: mullvad_uplink_tasks.yml
-  when: "'mullvad_uplink' in group_names"
-
-- include_tasks: ffrl_uplink_tasks.yml
-  when: "'ffrl_uplink' in group_names"
-
+- include_tasks: uplink_tasks.yml
+  when: "'uplink' in group_names"
diff --git a/roles/install_wireguard_backbone/tasks/mullvad_uplink_tasks.yml b/roles/install_wireguard_backbone/tasks/mullvad_uplink_tasks.yml
deleted file mode 100644
index d894758..0000000
--- a/roles/install_wireguard_backbone/tasks/mullvad_uplink_tasks.yml
+++ /dev/null
@@ -1,29 +0,0 @@
----
-- name: create wireguard config for peers
-  template:
-      src: wg.conf.j2
-      dest: /etc/wireguard/wgbb{{ hostvars[item]['wireguard_bb_name'] }}.conf
-      mode: 0400
-  with_items: "{{ groups['fastd'] }}"
-
-- name: create wireguard up scripts for peers
-  template:
-      src: up.sh.j2
-      dest: /etc/wireguard/upbb{{ hostvars[item]['wireguard_bb_name'] }}.sh
-      mode: 0744
-  with_items: "{{ groups['fastd'] }}"
-
-- name: create wireguard down scripts for peers
-  template:
-      src: down.sh.j2
-      dest: /etc/wireguard/downbb{{ hostvars[item]['wireguard_bb_name'] }}.sh
-      mode: 0744
-  with_items: "{{ groups['fastd'] }}"
-
-- name: start and enable wireguard mesh
-  systemd:
-      name: wgbackbone@{{ hostvars[item]['wireguard_bb_name'] }}.service
-      enabled: yes
-      state: started
-      daemon_reload: yes
-  with_items: "{{ groups['fastd'] }}"
diff --git a/roles/install_wireguard_backbone/tasks/uplink_tasks.yml b/roles/install_wireguard_backbone/tasks/uplink_tasks.yml
new file mode 100644
index 0000000..d894758
--- /dev/null
+++ b/roles/install_wireguard_backbone/tasks/uplink_tasks.yml
@@ -0,0 +1,29 @@
+---
+- name: create wireguard config for peers
+  template:
+      src: wg.conf.j2
+      dest: /etc/wireguard/wgbb{{ hostvars[item]['wireguard_bb_name'] }}.conf
+      mode: 0400
+  with_items: "{{ groups['fastd'] }}"
+
+- name: create wireguard up scripts for peers
+  template:
+      src: up.sh.j2
+      dest: /etc/wireguard/upbb{{ hostvars[item]['wireguard_bb_name'] }}.sh
+      mode: 0744
+  with_items: "{{ groups['fastd'] }}"
+
+- name: create wireguard down scripts for peers
+  template:
+      src: down.sh.j2
+      dest: /etc/wireguard/downbb{{ hostvars[item]['wireguard_bb_name'] }}.sh
+      mode: 0744
+  with_items: "{{ groups['fastd'] }}"
+
+- name: start and enable wireguard mesh
+  systemd:
+      name: wgbackbone@{{ hostvars[item]['wireguard_bb_name'] }}.service
+      enabled: yes
+      state: started
+      daemon_reload: yes
+  with_items: "{{ groups['fastd'] }}"
-- 
cgit v1.2.3-54-g00ecf