mesh_wg: new role for VXLAN over WG meshing

This is still work in progress, as such it is only enabled on the test gateway.
2020-11-23 19:44:52 +01:00 · 2020-11-23 19:44:52 +01:00 · 1f0b671545
parent 97c095f75f
commit 1f0b671545
6 changed files with 55 additions and 0 deletions
--- a/host_vars/gw31.regensburg.freifunk.net
+++ b/host_vars/gw31.regensburg.freifunk.net
@ -8,6 +8,8 @@ nextnode4: 10.90.96.1
 nextnode6: fdef:f30f:1337:cafe::1
 mtu: 1312

+wg_vni_id: 3120917
+
 fastd_port: 10030

 gateway_id: 31
--- a/roles/mesh_wg/handlers/main.yml
+++ b/roles/mesh_wg/handlers/main.yml
@ -0,0 +1,4 @@
+---
+
+- name: Reload interfaces
+  command: /sbin/ifreload -a
--- a/roles/mesh_wg/tasks/main.yml
+++ b/roles/mesh_wg/tasks/main.yml
@ -0,0 +1,23 @@
+---
+
+- name: Enable backports
+  apt_repository: repo='deb http://deb.debian.org/debian buster-backports main'
+
+- name: Install kernel headers
+  apt: name=linux-headers-amd64
+
+- name: Install wireguard from backports
+  apt: name=wireguard-dkms default_release=buster-backports
+
+- name: Configure wireguard options
+  template: src=wg.conf.j2 dest=/etc/wireguard/wg-{{ site_code }}.conf force=no mode=0600
+  register: wg_new_config
+  notify: Reload interfaces
+
+- name: Generate wireguard keypair
+  command: sed -i 's/replace_me/$(wg genkey)/' /etc/wireguard/wg-{{ site_code }}.conf
+  when: wg_new_config.changed
+
+- name: Configure mesh interfaces
+  template: src=mesh_wg.conf.j2 dest=/etc/network/interfaces.d/mesh_wg.conf
+  notify: Reload interfaces
--- a/roles/mesh_wg/templates/mesh_wg.conf.j2
+++ b/roles/mesh_wg/templates/mesh_wg.conf.j2
@ -0,0 +1,18 @@
+# {{ ansible_managed }}
+
+# vx-{{ site_code }}
+auto vx-{{ site_code }}
+iface vx-{{ site_code }}
+	vxlan-id	3120917
+	vxlan-learning	no
+	vxlan-local-tunnelip6	fe80::{{ gateway_id }}
+	vxlan-physdev	wg-ffrgb_tst
+	post-up		batctl -m bat-{{ site_code }} if add vx-{{ site_code }}
+
+# wg-{{ site_code }}
+auto wg-{{ site_code }}
+iface wg-{{ site_code }}
+	address		fe80::{{ gateway_id }}/128
+	ipv6-addrgen	no
+	link-type	wireguard
+	pre-up		wg setconf wg-{{ site_code }} /etc/wireguard/wg-{{ site_code }}.conf
--- a/roles/mesh_wg/templates/wg.conf.j2
+++ b/roles/mesh_wg/templates/wg.conf.j2
@ -0,0 +1,3 @@
+[Interface]
+PrivateKey = replace_me
+ListenPort = 40001
--- a/site.yml
+++ b/site.yml
@ -26,6 +26,11 @@
  - yanic
  - web_gw

+- name: Setup gateway servers with VXoWG
+  hosts: [gw31.regensburg.freifunk.net]
+  roles:
+  - mesh_wg
+
 - name: Setup grafana server
  hosts: grafana.regensburg.freifunk.net
  roles: