Compare commits

..

4 Commits
master ... main

@ -1,3 +1,4 @@
---
dn42_wg_private_key: "foobar2342" dn42_wg_private_key: "foobar2342"
dn42_wg_default_if_prefix: "dn42_" dn42_wg_default_if_prefix: "dn42_"
@ -7,16 +8,20 @@ dn42_local_v4: "172.17.0.1"
dn42_local_v6: "fe80::1" dn42_local_v6: "fe80::1"
dn42_local_as: "424242424243" dn42_local_as: "424242424243"
dn42_bird2_directory: "/etc/bird/"
dn42_bird2_template: "bird2/bird.conf.j2"
dn42_bird2_peer_template: "bird2/peer.conf.j2"
dn42_enable_roa: yes dn42_enable_roa: yes
dn42_roa_v4_source: "https://dn42.burble.com/roa/dn42_roa_bird2_4.conf" dn42_roa_v4_source: "https://dn42.burble.com/roa/dn42_roa_bird2_4.conf"
dn42_roa_v4_location: "/etc/bird/roa_dn42.conf" dn42_roa_v4_location: "{{ dn42_bird2_directory }}/roa_dn42.conf"
dn42_roa_v6_source: "https://dn42.burble.com/roa/dn42_roa_bird2_6.conf" dn42_roa_v6_source: "https://dn42.burble.com/roa/dn42_roa_bird2_6.conf"
dn42_roa_v6_location: "/etc/bird/roa_dn42_v6.conf" dn42_roa_v6_location: "{{ dn42_bird2_directory }}/roa_dn42_v6.conf"
dn42_roa_cronjob: "curl -sfSLR -o{{ dn42_roa_v4_location }} -z{{ dn42_roa_v4_location }} {{ dn42_roa_v4_source }} && curl -sfSLR -o{{ dn42_roa_v6_location }} -z{{ dn42_roa_v6_location }} {{ dn42_roa_v6_source }} && birdc configure" dn42_roa_cronjob: "curl -sfSLR -o{{ dn42_roa_v4_location }} -z{{ dn42_roa_v4_location }} {{ dn42_roa_v4_source }} && curl -sfSLR -o{{ dn42_roa_v6_location }} -z{{ dn42_roa_v6_location }} {{ dn42_roa_v6_source }} && birdc configure"
dn42_pingfinder_enable: no dn42_pingfinder_enable: no
dn42_pingfinder_download_url: "https://git.dn42.us/dn42/pingfinder/raw/master/clients/generic-linux-debian-redhat-busybox.sh" dn42_pingfinder_download_url: "https://dn42.us/peers/script"
dn42_pingfinder_location: "/usr/bin/dn42_pingfinder" dn42_pingfinder_location: "/usr/bin/dn42_pingfinder"
dn42_pingfinder_uuid: "" dn42_pingfinder_uuid: ""
dn42_pingfinder_logfile: "/dev/null" dn42_pingfinder_logfile: "/dev/null"

@ -1,8 +1,8 @@
--- ---
- name: reload bird - name: reload bird
service: command: "birdc configure"
name: "bird" register: _birdc_reload
state: reloaded failed_when: "'Reconfigur' not in _birdc_reload.stdout"
- name: restart networking - name: restart networking
service: service:

@ -1,27 +1,44 @@
--- ---
#- import_tasks: bird-repos.yml #- import_tasks: bird-repos.yml
- name: Install bird2
apt: apt:
name: "bird2" name: "bird2"
state: present state: present
- name: Ensure birds config foler exists
file:
path: "{{ dn42_bird2_directory }}"
state: directory
owner: "bird"
group: "bird"
- name: Copy bird config-file - name: Copy bird config-file
template: template:
dest: /etc/bird/bird.conf dest: "{{ dn42_bird2_directory }}/bird.conf"
src: "bird2/bird.conf.j2" src: "{{ dn42_bird2_template }}"
notify: reload bird notify: reload bird
- name: Ensure birds peer foler exists - name: Ensure birds peer foler exists
file: file:
path: "/etc/bird/peers" path: "{{ dn42_bird2_directory }}/peers"
state: directory state: directory
owner: "bird" owner: "bird"
group: "bird" group: "bird"
- name: Copy birds peer config-files - name: Copy birds peer config-files
template: template:
dest: "/etc/bird/peers/{{ peer.name }}.conf" dest: "{{ dn42_bird2_directory }}/peers/{{ peer.name }}.conf"
src: "bird2/peer.conf.j2" src: "{{ dn42_bird2_peer_template }}"
when: (not peer.state is defined) or peer.state != "absent"
loop: "{{ dn42_peers }}"
loop_control:
loop_var: "peer"
notify: reload bird
- name: Remove bird peer config-files
file:
path: "{{ dn42_bird2_directory }}/peers/{{ peer.name }}.conf"
state: absent
when: peer.state is defined and peer.state == "absent"
loop: "{{ dn42_peers }}" loop: "{{ dn42_peers }}"
loop_control: loop_control:
loop_var: "peer" loop_var: "peer"

@ -7,8 +7,20 @@
group: "root" group: "root"
mode: "0755" mode: "0755"
- name: Set pingfinder UUID
cron:
name: "UUID"
job: "{{ dn42_pingfinder_uuid }}"
env: yes
- name: Set pingfinder LOGFILE
cron:
name: "LOGFILE"
job: "{{ dn42_pingfinder_logfile }}"
env: yes
- name: Add Pingfinder Cronjob - name: Add Pingfinder Cronjob
cron: cron:
name: Run Pingfinder name: Run Pingfinder
job: "UUID={{ dn42_pingfinder_uuid }} LOGFILE={{ dn42_pingfinder_logfile }} {{ dn42_pingfinder_location }}" job: "{{ dn42_pingfinder_location }}"
minute: "*/5" minute: "*/5"

@ -3,21 +3,36 @@
template: template:
dest: "/etc/wireguard/{{ peer.if.name | default(dn42_wg_default_if_prefix + peer.name) }}.conf" dest: "/etc/wireguard/{{ peer.if.name | default(dn42_wg_default_if_prefix + peer.name) }}.conf"
src: "wg-quick.j2" src: "wg-quick.j2"
when: "peer.wg is defined" when:
- peer.wg is defined
- (not peer.state is defined) or peer.state != "absent"
register: "configuration" register: "configuration"
- name: Enable wg-quick@{{ peer.if.name | default(dn42_wg_default_if_prefix + peer.name) }} service - name: Enable wg-quick@{{ peer.if.name | default(dn42_wg_default_if_prefix + peer.name) }} service
service: service:
name: "wg-quick@{{ peer.if.name | default(dn42_wg_default_if_prefix + peer.name) }}" name: "wg-quick@{{ peer.if.name | default(dn42_wg_default_if_prefix + peer.name) }}"
enabled: yes enabled: yes
when:
- peer.wg is defined
- (not peer.state is defined) or peer.state != "absent"
- name: Restart wg-quick@{{ peer.if.name | default(dn42_wg_default_if_prefix + peer.name) }} - name: Restart wg-quick@{{ peer.if.name | default(dn42_wg_default_if_prefix + peer.name) }}
service: service:
name: "wg-quick@{{ peer.if.name | default(dn42_wg_default_if_prefix + peer.name) }}" name: "wg-quick@{{ peer.if.name | default(dn42_wg_default_if_prefix + peer.name) }}"
state: restarted state: restarted
when: "configuration is changed" when:
- "configuration is changed"
- (not peer.state is defined) or peer.state != "absent"
- name: Stop wg-quick@{{ peer.if.name | default(dn42_wg_default_if_prefix + peer.name) }}
service:
name: "wg-quick@{{ peer.if.name | default(dn42_wg_default_if_prefix + peer.name) }}"
state: stopped
enabled: no
when: peer.state is defined and peer.state == "absent"
- name: Remove wg-quick@{{ peer.if.name | default(dn42_wg_default_if_prefix + peer.name) }} config
file:
path: "/etc/wireguard/{{ peer.if.name | default(dn42_wg_default_if_prefix + peer.name) }}.conf"
state: absent
when: peer.state is defined and peer.state == "absent"

@ -1,7 +1,24 @@
{%- set ifname = peer.if.name | default(dn42_wg_default_if_prefix + peer.name) -%}
{%- set localv4 = peer.if.v4 | default(dn42_local_v4) -%}
{%- set localv6 = peer.if.v6 | default(dn42_local_v6) -%}
{%- if dn42_configure_linux_network_table -%}
{%- set table = "42" -%}
{%- else -%}
{%- set table = "main" -%}
{%- endif -%}
[Interface] [Interface]
PrivateKey = {{ peer.wg.privkey | default(dn42_wg_private_key) }} PrivateKey = {{ peer.wg.privkey | default(dn42_wg_private_key) }}
Address = {{ peer.if.v4 | default(dn42_local_v4) }}/32, {{ peer.if.v6 | default(dn42_local_v6) }}/128 Address = {{ localv4 }}/32, {{ localv6 }}/128
PostUp = {% if peer.v4 is defined %}/sbin/ip addr del dev {{ peer.if.name | default(dn42_wg_default_if_prefix + peer.name) }} {{ peer.if.v4 | default(dn42_local_v4) }}/32 && /sbin/ip addr add dev {{ peer.if.name | default(dn42_wg_default_if_prefix + peer.name) }} {{ peer.if.v4 | default(dn42_local_v4) }}/32 peer {{ peer.v4 }}/32 && {% endif %}{% if peer.v6 is defined %}/sbin/ip addr del dev {{ peer.if.name | default(dn42_wg_default_if_prefix + peer.name) }} {{ peer.if.v6 | default(dn42_local_v6) }}/128 && /sbin/ip addr add dev {{ peer.if.name | default(dn42_wg_default_if_prefix + peer.name) }} {{ peer.if.v6 | default(dn42_local_v6) }}/128 peer {{ peer.v6 }}/128{% endif %} PostUp = {% if peer.v4 is defined -%}
/sbin/ip addr del dev {{ ifname }} {{ localv4 }}/32 && {# ... -#}
/sbin/ip addr add dev {{ ifname }} {{ localv4 }}/32 peer {{ peer.v4 }}/32
{%- if peer.v6 is defined %} && {% endif -%}
{%- endif %}{% if peer.v6 is defined -%}
/sbin/ip addr del dev {{ ifname }} {{ localv6 }}/128 && {# ... -#}
/sbin/ip addr add dev {{ ifname }} {{ localv6 }}/128 peer {{ peer.v6 }}/128 && {# ... -#}
ip -6 r add {{ peer.v6 }}/128 dev {{ ifname }} table {{ table }} || true
{%- endif %}
Table = off Table = off
ListenPort = {{ peer.wg.port }} ListenPort = {{ peer.wg.port }}

Loading…
Cancel
Save