diff --git a/.DS_Store b/.DS_Store index 060efa9..6fdc27e 100644 Binary files a/.DS_Store and b/.DS_Store differ diff --git a/host_vars/edge5/vars.yml b/host_vars/edge5/vars.yml new file mode 100644 index 0000000..7fa6eb2 --- /dev/null +++ b/host_vars/edge5/vars.yml @@ -0,0 +1,14 @@ +ansible_host: localhost +ansible_connection: local +ansible_python_interpreter: /usr/bin/python3 + +ipv4_network: 10.11.0.0/16 +ipv4_dhcp_start: 10.11.0.30 +ipv4_dhcp_stop: 10.11.0.250 +ipv4_address: 10.11.0.1 +ipv6_network: 2a03:2260:121:60b::/64 +ipv6_address: 2a03:2260:121:60b::1/64 +wireguard_address: 10.255.1.11/24 +wireguard_v6_address: fd80:3ea2:e399:203a::11 +wireguard_public: 5B/YTaDPVWVApUyHshJp899iXXlBy8rBqJUpYvKo+1s= +wiregurad_v4: 10.255.1.1 \ No newline at end of file diff --git a/host_vars/edge5/vault.yml b/host_vars/edge5/vault.yml new file mode 100644 index 0000000..f4d44e6 --- /dev/null +++ b/host_vars/edge5/vault.yml @@ -0,0 +1,12 @@ +$ANSIBLE_VAULT;1.1;AES256 +63373161393033633933653763653661626365376332306438326363333263656366623837333061 +3665663736393837663634653439356465356234613933320a613530656335326538326262376163 +36336139633033326430663362633839653831326362326439303634376666623862663037636533 +3031306666356637370a396164386339653630343366393163623136333166643162393663323931 +65376261356666313034633237323531363733343061396166343333666538313232616265303933 +32303633343666346134666332626635396132313932623535383538326639316465633432343239 +32353563643565393034653933356235663434376131366565636634376332353738363730626162 +31353236303764663236346437613031623634663762653664383534613738353363346563313063 +66363430306533666263356365383365303564303565316462306664356236316430653065613036 +30386238616564326132303262623664313935376332373037343664666138303932316330336238 +363762633930393837363662343133666363 diff --git a/host_vars/edge6/vars.yml b/host_vars/edge6/vars.yml new file mode 100644 index 0000000..ed53fbc --- /dev/null +++ b/host_vars/edge6/vars.yml @@ -0,0 +1,14 @@ +ansible_host: localhost +ansible_connection: local +ansible_python_interpreter: /usr/bin/python3 + +ipv4_network: 10.12.0.0/16 +ipv4_dhcp_start: 10.12.0.30 +ipv4_dhcp_stop: 10.12.0.250 +ipv4_address: 10.12.0.1 +ipv6_network: 2a03:2260:121:60c::/64 +ipv6_address: 2a03:2260:121:60c::1/64 +wireguard_address: 10.255.1.12/24 +wireguard_v6_address: fd80:3ea2:e399:203a::12 +wireguard_public: 5B/YTaDPVWVApUyHshJp899iXXlBy8rBqJUpYvKo+1s= +wiregurad_v4: 10.255.1.1 \ No newline at end of file diff --git a/host_vars/edge6/vault.yml b/host_vars/edge6/vault.yml new file mode 100644 index 0000000..f4d44e6 --- /dev/null +++ b/host_vars/edge6/vault.yml @@ -0,0 +1,12 @@ +$ANSIBLE_VAULT;1.1;AES256 +63373161393033633933653763653661626365376332306438326363333263656366623837333061 +3665663736393837663634653439356465356234613933320a613530656335326538326262376163 +36336139633033326430663362633839653831326362326439303634376666623862663037636533 +3031306666356637370a396164386339653630343366393163623136333166643162393663323931 +65376261356666313034633237323531363733343061396166343333666538313232616265303933 +32303633343666346134666332626635396132313932623535383538326639316465633432343239 +32353563643565393034653933356235663434376131366565636634376332353738363730626162 +31353236303764663236346437613031623634663762653664383534613738353363346563313063 +66363430306533666263356365383365303564303565316462306664356236316430653065613036 +30386238616564326132303262623664313935376332373037343664666138303932316330336238 +363762633930393837363662343133666363 diff --git a/host_vars/vpn01/vars.yml b/host_vars/vpn01/vars.yml index b45c3b2..af12587 100644 --- a/host_vars/vpn01/vars.yml +++ b/host_vars/vpn01/vars.yml @@ -46,7 +46,7 @@ wireguard_unmanaged_peers: allowed_ips: 10.255.1.7/32, 10.7.0.0/16, fd80:3ea2:e399:203a::7/128, 2a03:2260:121:607::/64 ## Nils vpn8-nils: - public_key: g+l9gP3SR99Q8TZ3uKs7yu1mANy97EFA21THrC/n1W0= + public_key: coMTSYaBzEc1gHOi08biqztysr6ehmvDY/D4/x6AvQM= allowed_ips: 10.255.1.8/32, 10.8.0.0/16, fd80:3ea2:e399:203a::8/128, 2a03:2260:121:608::/64 ## edge3 vpn9-edge3: @@ -56,7 +56,28 @@ wireguard_unmanaged_peers: vpn10-edge4: public_key: 2Cq7gW5mSTcOJGzvw4dvdERhAFx3EIga5Ftds9zKlT8= allowed_ips: 10.255.1.10/32, 10.10.0.0/16, fd80:3ea2:e399:203a::10/128, 2a03:2260:121:60a::/64 - ## Stefan_Test - vpn10-edge4: - public_key: UHaYitx18sO71Ssk2SVUgdjLaAILbCthCmosU+Fs5Es= + ## edge5 - Galerie Troisdorf + vpn11-edge5: + public_key: CxEaN9CosiuFPScPGEDYiy/sij2I3yRY/QpaxsU+RTI= allowed_ips: 10.255.1.11/32, 10.11.0.0/16, fd80:3ea2:e399:203a::11/128, 2a03:2260:121:60b::/64 + ## CCT - Kirche Troisdorf Michael + vpn12-edge6: + public_key: OgSeG+P1YvIwyD6/AQtA68UXYWTH8XPePLZiLvETfww= + allowed_ips: 10.255.1.12/32, 10.12.0.0/16, fd80:3ea2:e399:203a::12/128, 2a03:2260:121:60c::/64 + ## CloudGateway Donrather Hof + vpn13-cgu2: + public_key: qXa7Loe+uO4x5fkBp7EsVNLhkgEF3v1xCCM74cJwujo= + allowed_ips: 10.255.1.13/32, 10.13.0.0/16, fd80:3ea2:e399:203a::13/128, 2a03:2260:121:60d::/64 + ## Nils 2 + vpn14-nils2: + public_key: 49jZ+ysNWTm0XQ/9zDRzPc8WpPoEIHOq4tz5wS+HBQE= + allowed_ips: 10.255.1.14/32, 10.14.0.0/16, fd80:3ea2:e399:203a::14/128, 2a03:2260:121:60e::/64 + ## Nils 3 + vpn15-nils3: + public_key: V2Mx7MxX87dfwnkD1H1xjMvmk/9ONpFEVLNeIL3eayo= + allowed_ips: 10.255.1.15/32, 10.15.0.0/16, fd80:3ea2:e399:203a::15/128, 2a03:2260:121:60f::/64 + ## BrĂ¼sseler Str. + vpn16-bruesseler: + public_key: ldhDOhrZtj37rrg+gyvtcbhf3T/fw8oSFhR5XZKdAh8= + allowed_ips: 10.255.1.16/32, 10.16.0.0/16, fd80:3ea2:e399:203a::16/128, 2a03:2260:121:61a::/64 + diff --git a/hosts.yml b/hosts.yml index d1d3772..ebb3dd4 100644 --- a/hosts.yml +++ b/hosts.yml @@ -32,4 +32,5 @@ all: edge2: edge3: edge4: - \ No newline at end of file + edge5: + edge6: \ No newline at end of file diff --git a/roles/01-vpn-router-config/templates/edgerouter.conf.j2 b/roles/01-vpn-router-config/templates/edgerouter.conf.j2 index ae90dba..6af05b4 100644 --- a/roles/01-vpn-router-config/templates/edgerouter.conf.j2 +++ b/roles/01-vpn-router-config/templates/edgerouter.conf.j2 @@ -4,6 +4,9 @@ Ein LAN mit Adresse: {{ ipv4_address }} Dann auf der Konsole weiter + +add system image https://dl.ui.com/firmwares/edgemax/v2.0.9-hotfix.6/ER-e50.v2.0.9-hotfix.6.5574651.tar + ## Install Wireguard cd /tmp curl -OL https://github.com/WireGuard/wireguard-vyatta-ubnt/releases/download/1.0.20211208-1/e50-v2-v1.0.20211208-v1.0.20210914.deb @@ -73,7 +76,7 @@ set interfaces switch switch0 switch-port interface eth3 set interfaces switch switch0 switch-port interface eth4 set interfaces switch switch0 switch-port vlan-aware disable set interfaces wireguard wg0 address {{ wireguard_address }} -set interfaces wireguard wg0 address {{ wireguard_v6_address }} +set interfaces wireguard wg0 address {{ wireguard_v6_address }}/128 set interfaces wireguard wg0 listen-port 51822 set interfaces wireguard wg0 mtu 1380 set interfaces wireguard wg0 peer {{ wireguard_public }} allowed-ips 0.0.0.0/0 diff --git a/system-setup-unifi.yml b/system-setup-services.yml similarity index 74% rename from system-setup-unifi.yml rename to system-setup-services.yml index 66e8554..9ac29df 100644 --- a/system-setup-unifi.yml +++ b/system-setup-services.yml @@ -1,8 +1,9 @@ -# ansible-playbook -i hosts.yml system-setup-unifi.yml +# ansible-playbook -i hosts.yml system-setup-services.yml - name: System preperation hosts: service_server roles: - 00-ubuntu-basic + - 21-install-oitc - name: Docker Setup hosts: unifi diff --git a/update_wg.yml b/update_wg.yml index 3bc88a6..0832ce9 100644 --- a/update_wg.yml +++ b/update_wg.yml @@ -1,6 +1,6 @@ # ansible-playbook -i hosts.yml update_wg.yml -e vault.yml --ask-vault-password - name: System preperation - hosts: vpn-offloader-wireguard + hosts: supernodes roles: - 21-install-wireguard