forked from FF-RGB/ansible
mesh_wg: new role for VXLAN over WG meshing
This is still work in progress, as such it is only enabled on the test gateway.
This commit is contained in:
parent
97c095f75f
commit
1f0b671545
@ -8,6 +8,8 @@ nextnode4: 10.90.96.1
|
|||||||
nextnode6: fdef:f30f:1337:cafe::1
|
nextnode6: fdef:f30f:1337:cafe::1
|
||||||
mtu: 1312
|
mtu: 1312
|
||||||
|
|
||||||
|
wg_vni_id: 3120917
|
||||||
|
|
||||||
fastd_port: 10030
|
fastd_port: 10030
|
||||||
|
|
||||||
gateway_id: 31
|
gateway_id: 31
|
||||||
|
|||||||
4
roles/mesh_wg/handlers/main.yml
Normal file
4
roles/mesh_wg/handlers/main.yml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Reload interfaces
|
||||||
|
command: /sbin/ifreload -a
|
||||||
23
roles/mesh_wg/tasks/main.yml
Normal file
23
roles/mesh_wg/tasks/main.yml
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Enable backports
|
||||||
|
apt_repository: repo='deb http://deb.debian.org/debian buster-backports main'
|
||||||
|
|
||||||
|
- name: Install kernel headers
|
||||||
|
apt: name=linux-headers-amd64
|
||||||
|
|
||||||
|
- name: Install wireguard from backports
|
||||||
|
apt: name=wireguard-dkms default_release=buster-backports
|
||||||
|
|
||||||
|
- name: Configure wireguard options
|
||||||
|
template: src=wg.conf.j2 dest=/etc/wireguard/wg-{{ site_code }}.conf force=no mode=0600
|
||||||
|
register: wg_new_config
|
||||||
|
notify: Reload interfaces
|
||||||
|
|
||||||
|
- name: Generate wireguard keypair
|
||||||
|
command: sed -i 's/replace_me/$(wg genkey)/' /etc/wireguard/wg-{{ site_code }}.conf
|
||||||
|
when: wg_new_config.changed
|
||||||
|
|
||||||
|
- name: Configure mesh interfaces
|
||||||
|
template: src=mesh_wg.conf.j2 dest=/etc/network/interfaces.d/mesh_wg.conf
|
||||||
|
notify: Reload interfaces
|
||||||
18
roles/mesh_wg/templates/mesh_wg.conf.j2
Normal file
18
roles/mesh_wg/templates/mesh_wg.conf.j2
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
|
# vx-{{ site_code }}
|
||||||
|
auto vx-{{ site_code }}
|
||||||
|
iface vx-{{ site_code }}
|
||||||
|
vxlan-id 3120917
|
||||||
|
vxlan-learning no
|
||||||
|
vxlan-local-tunnelip6 fe80::{{ gateway_id }}
|
||||||
|
vxlan-physdev wg-ffrgb_tst
|
||||||
|
post-up batctl -m bat-{{ site_code }} if add vx-{{ site_code }}
|
||||||
|
|
||||||
|
# wg-{{ site_code }}
|
||||||
|
auto wg-{{ site_code }}
|
||||||
|
iface wg-{{ site_code }}
|
||||||
|
address fe80::{{ gateway_id }}/128
|
||||||
|
ipv6-addrgen no
|
||||||
|
link-type wireguard
|
||||||
|
pre-up wg setconf wg-{{ site_code }} /etc/wireguard/wg-{{ site_code }}.conf
|
||||||
3
roles/mesh_wg/templates/wg.conf.j2
Normal file
3
roles/mesh_wg/templates/wg.conf.j2
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
[Interface]
|
||||||
|
PrivateKey = replace_me
|
||||||
|
ListenPort = 40001
|
||||||
5
site.yml
5
site.yml
@ -26,6 +26,11 @@
|
|||||||
- yanic
|
- yanic
|
||||||
- web_gw
|
- web_gw
|
||||||
|
|
||||||
|
- name: Setup gateway servers with VXoWG
|
||||||
|
hosts: [gw31.regensburg.freifunk.net]
|
||||||
|
roles:
|
||||||
|
- mesh_wg
|
||||||
|
|
||||||
- name: Setup grafana server
|
- name: Setup grafana server
|
||||||
hosts: grafana.regensburg.freifunk.net
|
hosts: grafana.regensburg.freifunk.net
|
||||||
roles:
|
roles:
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user