From 1f0b6715458c68a64d388daaf68cc76da40b0561 Mon Sep 17 00:00:00 2001
From: Markus Hauschild <markus@moepman.eu>
Date: Mon, 23 Nov 2020 19:44:52 +0100
Subject: [PATCH] mesh_wg: new role for VXLAN over WG meshing

This is still work in progress, as such it is only enabled on the test
gateway.
---
 host_vars/gw31.regensburg.freifunk.net  |  2 ++
 roles/mesh_wg/handlers/main.yml         |  4 ++++
 roles/mesh_wg/tasks/main.yml            | 23 +++++++++++++++++++++++
 roles/mesh_wg/templates/mesh_wg.conf.j2 | 18 ++++++++++++++++++
 roles/mesh_wg/templates/wg.conf.j2      |  3 +++
 site.yml                                |  5 +++++
 6 files changed, 55 insertions(+)
 create mode 100644 roles/mesh_wg/handlers/main.yml
 create mode 100644 roles/mesh_wg/tasks/main.yml
 create mode 100644 roles/mesh_wg/templates/mesh_wg.conf.j2
 create mode 100644 roles/mesh_wg/templates/wg.conf.j2

diff --git a/host_vars/gw31.regensburg.freifunk.net b/host_vars/gw31.regensburg.freifunk.net
index 8bb916e..4b115e1 100644
--- a/host_vars/gw31.regensburg.freifunk.net
+++ b/host_vars/gw31.regensburg.freifunk.net
@@ -8,6 +8,8 @@ nextnode4: 10.90.96.1
 nextnode6: fdef:f30f:1337:cafe::1
 mtu: 1312
 
+wg_vni_id: 3120917
+
 fastd_port: 10030
 
 gateway_id: 31
diff --git a/roles/mesh_wg/handlers/main.yml b/roles/mesh_wg/handlers/main.yml
new file mode 100644
index 0000000..bd10989
--- /dev/null
+++ b/roles/mesh_wg/handlers/main.yml
@@ -0,0 +1,4 @@
+---
+
+- name: Reload interfaces
+  command: /sbin/ifreload -a
diff --git a/roles/mesh_wg/tasks/main.yml b/roles/mesh_wg/tasks/main.yml
new file mode 100644
index 0000000..3662516
--- /dev/null
+++ b/roles/mesh_wg/tasks/main.yml
@@ -0,0 +1,23 @@
+---
+
+- name: Enable backports
+  apt_repository: repo='deb http://deb.debian.org/debian buster-backports main'
+
+- name: Install kernel headers
+  apt: name=linux-headers-amd64
+
+- name: Install wireguard from backports
+  apt: name=wireguard-dkms default_release=buster-backports
+
+- name: Configure wireguard options
+  template: src=wg.conf.j2 dest=/etc/wireguard/wg-{{ site_code }}.conf force=no mode=0600
+  register: wg_new_config
+  notify: Reload interfaces
+
+- name: Generate wireguard keypair
+  command: sed -i 's/replace_me/$(wg genkey)/' /etc/wireguard/wg-{{ site_code }}.conf
+  when: wg_new_config.changed
+
+- name: Configure mesh interfaces
+  template: src=mesh_wg.conf.j2 dest=/etc/network/interfaces.d/mesh_wg.conf
+  notify: Reload interfaces
diff --git a/roles/mesh_wg/templates/mesh_wg.conf.j2 b/roles/mesh_wg/templates/mesh_wg.conf.j2
new file mode 100644
index 0000000..4747b63
--- /dev/null
+++ b/roles/mesh_wg/templates/mesh_wg.conf.j2
@@ -0,0 +1,18 @@
+# {{ ansible_managed }}
+
+# vx-{{ site_code }}
+auto vx-{{ site_code }}
+iface vx-{{ site_code }}
+	vxlan-id	3120917
+	vxlan-learning	no
+	vxlan-local-tunnelip6	fe80::{{ gateway_id }}
+	vxlan-physdev	wg-ffrgb_tst
+	post-up		batctl -m bat-{{ site_code }} if add vx-{{ site_code }}
+
+# wg-{{ site_code }}
+auto wg-{{ site_code }}
+iface wg-{{ site_code }}
+	address		fe80::{{ gateway_id }}/128
+	ipv6-addrgen	no
+	link-type	wireguard
+	pre-up		wg setconf wg-{{ site_code }} /etc/wireguard/wg-{{ site_code }}.conf
diff --git a/roles/mesh_wg/templates/wg.conf.j2 b/roles/mesh_wg/templates/wg.conf.j2
new file mode 100644
index 0000000..c45ac59
--- /dev/null
+++ b/roles/mesh_wg/templates/wg.conf.j2
@@ -0,0 +1,3 @@
+[Interface]
+PrivateKey = replace_me
+ListenPort = 40001
diff --git a/site.yml b/site.yml
index 4427f80..90a149f 100644
--- a/site.yml
+++ b/site.yml
@@ -26,6 +26,11 @@
   - yanic
   - web_gw
 
+- name: Setup gateway servers with VXoWG
+  hosts: [gw31.regensburg.freifunk.net]
+  roles:
+  - mesh_wg
+
 - name: Setup grafana server
   hosts: grafana.regensburg.freifunk.net
   roles: