From 116e29699f949d2d342fc619ee96873a57506b12 Mon Sep 17 00:00:00 2001
From: Stefan Hoffmann <s.hoffmann@hoffmann-hosting.de>
Date: Wed, 18 Feb 2026 21:17:43 +0100
Subject: [PATCH] latest changes i dont know

---
 .DS_Store                                     | Bin 6148 -> 8196 bytes
 host_vars/edge5/vars.yml                      |  14 +++++++++
 host_vars/edge5/vault.yml                     |  12 ++++++++
 host_vars/edge6/vars.yml                      |  14 +++++++++
 host_vars/edge6/vault.yml                     |  12 ++++++++
 host_vars/vpn01/vars.yml                      |  29 +++++++++++++++---
 hosts.yml                                     |   3 +-
 .../templates/edgerouter.conf.j2              |   5 ++-
 ...tup-unifi.yml => system-setup-services.yml |   3 +-
 update_wg.yml                                 |   2 +-
 10 files changed, 86 insertions(+), 8 deletions(-)
 create mode 100644 host_vars/edge5/vars.yml
 create mode 100644 host_vars/edge5/vault.yml
 create mode 100644 host_vars/edge6/vars.yml
 create mode 100644 host_vars/edge6/vault.yml
 rename system-setup-unifi.yml => system-setup-services.yml (74%)

diff --git a/.DS_Store b/.DS_Store
index 060efa99d78232597ec74be949650b0a00b383fc..6fdc27e62eca7cdc529481efe1644b44c405f996 100644
GIT binary patch
literal 8196
zcmeHM!EVz)5S>j^>L{ujA&^>57Ti!8l0qvXE>S3lUI~H&AY<2VYvI_DoivJ~NV&s_
z@8HCZAK`c4&F;3c69<V4qGCtdo%Qa#S?}9f+mjHH=#Bjj(Jm2LD6AWGR3*aWTvnu_
zdv>4&@I);-rG#QSJBe1TO^0E?Fkl!k3>XFs1OEa8cxSU%Yu@{6)YOIn!@z&Z06!mW
z6xLm>7fQ=V2P&BYKv&T%1#RR35@T!K)q0_{gu<uF9)yMponi<D$GFYr&|R$;N-H=C
z1t+0r7CJ)_a(3WsX-=Z6w5bgPhJjTEICrmIW$pR=JvsHF#KR~bs2)n|rxdh^w#lb}
z&L~8#AJPbgv;Gzh$Ulh+$Zt!?+rasBjyeTq3@o>t>pKWBmKA-7`%6CR60<L{8R`~I
zF>|zp`m%(o(FJB?dxtK`#jH#7RQQpSUu6lxn`A@H%Xe=Wh1sax{vj$G)y-R5)|OSb
z-uEw(Nq^*y##zrz-}2R~B#FGMw(GqPgNf6)^E`=1ZWsrt1cZJ7lXq{z*iR<CWE}gM
z#P-#IRkLbNV{bM)=o}t3?apCm-n3^=586%p$>XE>yk^~f@aWk~=VLU8lTTO%MCd0a
zHmfL~aappo%YGV1Nqo-Gf<;zNa3zIRk**XQ<6?UU&}G5EVe~Z@Mw>DSB3LhN1##Hq
zE%&f-Q@MEoyziqGU?ayg)a?{o8X}0`sr+tb5am7I`>jXz%z+srWH{8<hgjZcW3A6p
zybQQJep{}{2Zwwt9Gc)Tlp~q@JaPx?pUUtq9;H$=A7}9}w-0buCL9Jf3hS=c3#GY>
z`}xSQHt&BX!iZtu1~IUq?sb>*{}=0j|Gz;iGPi0NFbw=D1EPA|Kjv>U`BpDM^IP6V
s`GCU0b_=B?1XbZf0N2-l7@}>%lrdec7fPcCVtxpaG?>aT@K+i51q9C<4gdfE

delta 275
zcmZp1XfcprU|?W$DortDU=RQ@Ie-{MGjUEV6q~50D9Q?w2a6Rm=rL3><TB)V=4>on
z&dA6*Sy4!ZjlmJ9KyPxbkgEE65bHk}09gzStPDjA`3yM>sSL$Q<;4X_Ir&LI(H)cB
z1Pj$As;iBSOm!5DO^s@G6sj$a40IGsjLm9mIXOg?^{s>AvvYFu^1CMA7nGOoMm4J}
zxF|0tKQA39$~ZYx*ocQw7RZEJys@y9WidMkhafXh3<w0cfrKl_KN}0bGf(E1aRhl7
T<Rcak%>?l=SZs4V&m3j|;;THQ

diff --git a/host_vars/edge5/vars.yml b/host_vars/edge5/vars.yml
new file mode 100644
index 0000000..7fa6eb2
--- /dev/null
+++ b/host_vars/edge5/vars.yml
@@ -0,0 +1,14 @@
+ansible_host: localhost
+ansible_connection: local
+ansible_python_interpreter: /usr/bin/python3
+
+ipv4_network: 10.11.0.0/16
+ipv4_dhcp_start: 10.11.0.30
+ipv4_dhcp_stop: 10.11.0.250
+ipv4_address: 10.11.0.1
+ipv6_network: 2a03:2260:121:60b::/64
+ipv6_address: 2a03:2260:121:60b::1/64
+wireguard_address: 10.255.1.11/24
+wireguard_v6_address: fd80:3ea2:e399:203a::11
+wireguard_public: 5B/YTaDPVWVApUyHshJp899iXXlBy8rBqJUpYvKo+1s=
+wiregurad_v4: 10.255.1.1
\ No newline at end of file
diff --git a/host_vars/edge5/vault.yml b/host_vars/edge5/vault.yml
new file mode 100644
index 0000000..f4d44e6
--- /dev/null
+++ b/host_vars/edge5/vault.yml
@@ -0,0 +1,12 @@
+$ANSIBLE_VAULT;1.1;AES256
+63373161393033633933653763653661626365376332306438326363333263656366623837333061
+3665663736393837663634653439356465356234613933320a613530656335326538326262376163
+36336139633033326430663362633839653831326362326439303634376666623862663037636533
+3031306666356637370a396164386339653630343366393163623136333166643162393663323931
+65376261356666313034633237323531363733343061396166343333666538313232616265303933
+32303633343666346134666332626635396132313932623535383538326639316465633432343239
+32353563643565393034653933356235663434376131366565636634376332353738363730626162
+31353236303764663236346437613031623634663762653664383534613738353363346563313063
+66363430306533666263356365383365303564303565316462306664356236316430653065613036
+30386238616564326132303262623664313935376332373037343664666138303932316330336238
+363762633930393837363662343133666363
diff --git a/host_vars/edge6/vars.yml b/host_vars/edge6/vars.yml
new file mode 100644
index 0000000..ed53fbc
--- /dev/null
+++ b/host_vars/edge6/vars.yml
@@ -0,0 +1,14 @@
+ansible_host: localhost
+ansible_connection: local
+ansible_python_interpreter: /usr/bin/python3
+
+ipv4_network: 10.12.0.0/16
+ipv4_dhcp_start: 10.12.0.30
+ipv4_dhcp_stop: 10.12.0.250
+ipv4_address: 10.12.0.1
+ipv6_network: 2a03:2260:121:60c::/64
+ipv6_address: 2a03:2260:121:60c::1/64
+wireguard_address: 10.255.1.12/24
+wireguard_v6_address: fd80:3ea2:e399:203a::12
+wireguard_public: 5B/YTaDPVWVApUyHshJp899iXXlBy8rBqJUpYvKo+1s=
+wiregurad_v4: 10.255.1.1
\ No newline at end of file
diff --git a/host_vars/edge6/vault.yml b/host_vars/edge6/vault.yml
new file mode 100644
index 0000000..f4d44e6
--- /dev/null
+++ b/host_vars/edge6/vault.yml
@@ -0,0 +1,12 @@
+$ANSIBLE_VAULT;1.1;AES256
+63373161393033633933653763653661626365376332306438326363333263656366623837333061
+3665663736393837663634653439356465356234613933320a613530656335326538326262376163
+36336139633033326430663362633839653831326362326439303634376666623862663037636533
+3031306666356637370a396164386339653630343366393163623136333166643162393663323931
+65376261356666313034633237323531363733343061396166343333666538313232616265303933
+32303633343666346134666332626635396132313932623535383538326639316465633432343239
+32353563643565393034653933356235663434376131366565636634376332353738363730626162
+31353236303764663236346437613031623634663762653664383534613738353363346563313063
+66363430306533666263356365383365303564303565316462306664356236316430653065613036
+30386238616564326132303262623664313935376332373037343664666138303932316330336238
+363762633930393837363662343133666363
diff --git a/host_vars/vpn01/vars.yml b/host_vars/vpn01/vars.yml
index b45c3b2..af12587 100644
--- a/host_vars/vpn01/vars.yml
+++ b/host_vars/vpn01/vars.yml
@@ -46,7 +46,7 @@ wireguard_unmanaged_peers:
     allowed_ips: 10.255.1.7/32, 10.7.0.0/16, fd80:3ea2:e399:203a::7/128, 2a03:2260:121:607::/64
   ## Nils
   vpn8-nils:
-    public_key: g+l9gP3SR99Q8TZ3uKs7yu1mANy97EFA21THrC/n1W0=
+    public_key: coMTSYaBzEc1gHOi08biqztysr6ehmvDY/D4/x6AvQM=
     allowed_ips: 10.255.1.8/32, 10.8.0.0/16, fd80:3ea2:e399:203a::8/128, 2a03:2260:121:608::/64
   ## edge3
   vpn9-edge3:
@@ -56,7 +56,28 @@ wireguard_unmanaged_peers:
   vpn10-edge4:
     public_key: 2Cq7gW5mSTcOJGzvw4dvdERhAFx3EIga5Ftds9zKlT8=
     allowed_ips: 10.255.1.10/32, 10.10.0.0/16, fd80:3ea2:e399:203a::10/128, 2a03:2260:121:60a::/64
-  ## Stefan_Test
-  vpn10-edge4:
-    public_key: UHaYitx18sO71Ssk2SVUgdjLaAILbCthCmosU+Fs5Es=
+  ## edge5 - Galerie Troisdorf
+  vpn11-edge5:
+    public_key: CxEaN9CosiuFPScPGEDYiy/sij2I3yRY/QpaxsU+RTI=
     allowed_ips: 10.255.1.11/32, 10.11.0.0/16, fd80:3ea2:e399:203a::11/128, 2a03:2260:121:60b::/64
+  ## CCT - Kirche Troisdorf Michael
+  vpn12-edge6:
+    public_key: OgSeG+P1YvIwyD6/AQtA68UXYWTH8XPePLZiLvETfww=
+    allowed_ips: 10.255.1.12/32, 10.12.0.0/16, fd80:3ea2:e399:203a::12/128, 2a03:2260:121:60c::/64
+  ## CloudGateway Donrather Hof
+  vpn13-cgu2:
+    public_key: qXa7Loe+uO4x5fkBp7EsVNLhkgEF3v1xCCM74cJwujo=
+    allowed_ips: 10.255.1.13/32, 10.13.0.0/16, fd80:3ea2:e399:203a::13/128, 2a03:2260:121:60d::/64
+  ## Nils 2
+  vpn14-nils2:
+    public_key: 49jZ+ysNWTm0XQ/9zDRzPc8WpPoEIHOq4tz5wS+HBQE=
+    allowed_ips: 10.255.1.14/32, 10.14.0.0/16, fd80:3ea2:e399:203a::14/128, 2a03:2260:121:60e::/64
+  ## Nils 3
+  vpn15-nils3:
+    public_key: V2Mx7MxX87dfwnkD1H1xjMvmk/9ONpFEVLNeIL3eayo=
+    allowed_ips: 10.255.1.15/32, 10.15.0.0/16, fd80:3ea2:e399:203a::15/128, 2a03:2260:121:60f::/64
+  ## Brüsseler Str.
+  vpn16-bruesseler:
+    public_key: ldhDOhrZtj37rrg+gyvtcbhf3T/fw8oSFhR5XZKdAh8=
+    allowed_ips: 10.255.1.16/32, 10.16.0.0/16, fd80:3ea2:e399:203a::16/128, 2a03:2260:121:61a::/64
+
diff --git a/hosts.yml b/hosts.yml
index d1d3772..ebb3dd4 100644
--- a/hosts.yml
+++ b/hosts.yml
@@ -32,4 +32,5 @@ all:
         edge2:
         edge3:
         edge4:
-            
\ No newline at end of file
+        edge5:
+        edge6:
\ No newline at end of file
diff --git a/roles/01-vpn-router-config/templates/edgerouter.conf.j2 b/roles/01-vpn-router-config/templates/edgerouter.conf.j2
index ae90dba..6af05b4 100644
--- a/roles/01-vpn-router-config/templates/edgerouter.conf.j2
+++ b/roles/01-vpn-router-config/templates/edgerouter.conf.j2
@@ -4,6 +4,9 @@ Ein LAN mit Adresse: {{ ipv4_address }}
 
 Dann auf der Konsole weiter
 
+
+add system image https://dl.ui.com/firmwares/edgemax/v2.0.9-hotfix.6/ER-e50.v2.0.9-hotfix.6.5574651.tar
+
 ## Install Wireguard
 cd /tmp
 curl -OL https://github.com/WireGuard/wireguard-vyatta-ubnt/releases/download/1.0.20211208-1/e50-v2-v1.0.20211208-v1.0.20210914.deb
@@ -73,7 +76,7 @@ set interfaces switch switch0 switch-port interface eth3
 set interfaces switch switch0 switch-port interface eth4
 set interfaces switch switch0 switch-port vlan-aware disable
 set interfaces wireguard wg0 address {{ wireguard_address }}
-set interfaces wireguard wg0 address {{ wireguard_v6_address }}
+set interfaces wireguard wg0 address {{ wireguard_v6_address }}/128
 set interfaces wireguard wg0 listen-port 51822
 set interfaces wireguard wg0 mtu 1380
 set interfaces wireguard wg0 peer {{ wireguard_public }} allowed-ips 0.0.0.0/0
diff --git a/system-setup-unifi.yml b/system-setup-services.yml
similarity index 74%
rename from system-setup-unifi.yml
rename to system-setup-services.yml
index 66e8554..9ac29df 100644
--- a/system-setup-unifi.yml
+++ b/system-setup-services.yml
@@ -1,8 +1,9 @@
-# ansible-playbook -i hosts.yml system-setup-unifi.yml
+# ansible-playbook -i hosts.yml system-setup-services.yml
 - name: System preperation
   hosts: service_server
   roles:
     - 00-ubuntu-basic
+    - 21-install-oitc
 
 - name: Docker Setup
   hosts: unifi
diff --git a/update_wg.yml b/update_wg.yml
index 3bc88a6..0832ce9 100644
--- a/update_wg.yml
+++ b/update_wg.yml
@@ -1,6 +1,6 @@
 # ansible-playbook -i hosts.yml update_wg.yml -e vault.yml --ask-vault-password
 - name: System preperation
-  hosts: vpn-offloader-wireguard
+  hosts: supernodes
   roles:
      - 21-install-wireguard