latest changes i dont know
This commit is contained in:
Stefan Hoffmann
parent
bc3bc799ad
commit
116e29699f
14
host_vars/edge5/vars.yml
Normal file
14
host_vars/edge5/vars.yml
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
ansible_host: localhost
|
||||||
|
ansible_connection: local
|
||||||
|
ansible_python_interpreter: /usr/bin/python3
|
||||||
|
|
||||||
|
ipv4_network: 10.11.0.0/16
|
||||||
|
ipv4_dhcp_start: 10.11.0.30
|
||||||
|
ipv4_dhcp_stop: 10.11.0.250
|
||||||
|
ipv4_address: 10.11.0.1
|
||||||
|
ipv6_network: 2a03:2260:121:60b::/64
|
||||||
|
ipv6_address: 2a03:2260:121:60b::1/64
|
||||||
|
wireguard_address: 10.255.1.11/24
|
||||||
|
wireguard_v6_address: fd80:3ea2:e399:203a::11
|
||||||
|
wireguard_public: 5B/YTaDPVWVApUyHshJp899iXXlBy8rBqJUpYvKo+1s=
|
||||||
|
wiregurad_v4: 10.255.1.1
|
||||||
12
host_vars/edge5/vault.yml
Normal file
12
host_vars/edge5/vault.yml
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
63373161393033633933653763653661626365376332306438326363333263656366623837333061
|
||||||
|
3665663736393837663634653439356465356234613933320a613530656335326538326262376163
|
||||||
|
36336139633033326430663362633839653831326362326439303634376666623862663037636533
|
||||||
|
3031306666356637370a396164386339653630343366393163623136333166643162393663323931
|
||||||
|
65376261356666313034633237323531363733343061396166343333666538313232616265303933
|
||||||
|
32303633343666346134666332626635396132313932623535383538326639316465633432343239
|
||||||
|
32353563643565393034653933356235663434376131366565636634376332353738363730626162
|
||||||
|
31353236303764663236346437613031623634663762653664383534613738353363346563313063
|
||||||
|
66363430306533666263356365383365303564303565316462306664356236316430653065613036
|
||||||
|
30386238616564326132303262623664313935376332373037343664666138303932316330336238
|
||||||
|
363762633930393837363662343133666363
|
||||||
14
host_vars/edge6/vars.yml
Normal file
14
host_vars/edge6/vars.yml
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
ansible_host: localhost
|
||||||
|
ansible_connection: local
|
||||||
|
ansible_python_interpreter: /usr/bin/python3
|
||||||
|
|
||||||
|
ipv4_network: 10.12.0.0/16
|
||||||
|
ipv4_dhcp_start: 10.12.0.30
|
||||||
|
ipv4_dhcp_stop: 10.12.0.250
|
||||||
|
ipv4_address: 10.12.0.1
|
||||||
|
ipv6_network: 2a03:2260:121:60c::/64
|
||||||
|
ipv6_address: 2a03:2260:121:60c::1/64
|
||||||
|
wireguard_address: 10.255.1.12/24
|
||||||
|
wireguard_v6_address: fd80:3ea2:e399:203a::12
|
||||||
|
wireguard_public: 5B/YTaDPVWVApUyHshJp899iXXlBy8rBqJUpYvKo+1s=
|
||||||
|
wiregurad_v4: 10.255.1.1
|
||||||
12
host_vars/edge6/vault.yml
Normal file
12
host_vars/edge6/vault.yml
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
63373161393033633933653763653661626365376332306438326363333263656366623837333061
|
||||||
|
3665663736393837663634653439356465356234613933320a613530656335326538326262376163
|
||||||
|
36336139633033326430663362633839653831326362326439303634376666623862663037636533
|
||||||
|
3031306666356637370a396164386339653630343366393163623136333166643162393663323931
|
||||||
|
65376261356666313034633237323531363733343061396166343333666538313232616265303933
|
||||||
|
32303633343666346134666332626635396132313932623535383538326639316465633432343239
|
||||||
|
32353563643565393034653933356235663434376131366565636634376332353738363730626162
|
||||||
|
31353236303764663236346437613031623634663762653664383534613738353363346563313063
|
||||||
|
66363430306533666263356365383365303564303565316462306664356236316430653065613036
|
||||||
|
30386238616564326132303262623664313935376332373037343664666138303932316330336238
|
||||||
|
363762633930393837363662343133666363
|
||||||
@ -46,7 +46,7 @@ wireguard_unmanaged_peers:
|
|||||||
allowed_ips: 10.255.1.7/32, 10.7.0.0/16, fd80:3ea2:e399:203a::7/128, 2a03:2260:121:607::/64
|
allowed_ips: 10.255.1.7/32, 10.7.0.0/16, fd80:3ea2:e399:203a::7/128, 2a03:2260:121:607::/64
|
||||||
## Nils
|
## Nils
|
||||||
vpn8-nils:
|
vpn8-nils:
|
||||||
public_key: g+l9gP3SR99Q8TZ3uKs7yu1mANy97EFA21THrC/n1W0=
|
public_key: coMTSYaBzEc1gHOi08biqztysr6ehmvDY/D4/x6AvQM=
|
||||||
allowed_ips: 10.255.1.8/32, 10.8.0.0/16, fd80:3ea2:e399:203a::8/128, 2a03:2260:121:608::/64
|
allowed_ips: 10.255.1.8/32, 10.8.0.0/16, fd80:3ea2:e399:203a::8/128, 2a03:2260:121:608::/64
|
||||||
## edge3
|
## edge3
|
||||||
vpn9-edge3:
|
vpn9-edge3:
|
||||||
@ -56,7 +56,28 @@ wireguard_unmanaged_peers:
|
|||||||
vpn10-edge4:
|
vpn10-edge4:
|
||||||
public_key: 2Cq7gW5mSTcOJGzvw4dvdERhAFx3EIga5Ftds9zKlT8=
|
public_key: 2Cq7gW5mSTcOJGzvw4dvdERhAFx3EIga5Ftds9zKlT8=
|
||||||
allowed_ips: 10.255.1.10/32, 10.10.0.0/16, fd80:3ea2:e399:203a::10/128, 2a03:2260:121:60a::/64
|
allowed_ips: 10.255.1.10/32, 10.10.0.0/16, fd80:3ea2:e399:203a::10/128, 2a03:2260:121:60a::/64
|
||||||
## Stefan_Test
|
## edge5 - Galerie Troisdorf
|
||||||
vpn10-edge4:
|
vpn11-edge5:
|
||||||
public_key: UHaYitx18sO71Ssk2SVUgdjLaAILbCthCmosU+Fs5Es=
|
public_key: CxEaN9CosiuFPScPGEDYiy/sij2I3yRY/QpaxsU+RTI=
|
||||||
allowed_ips: 10.255.1.11/32, 10.11.0.0/16, fd80:3ea2:e399:203a::11/128, 2a03:2260:121:60b::/64
|
allowed_ips: 10.255.1.11/32, 10.11.0.0/16, fd80:3ea2:e399:203a::11/128, 2a03:2260:121:60b::/64
|
||||||
|
## CCT - Kirche Troisdorf Michael
|
||||||
|
vpn12-edge6:
|
||||||
|
public_key: OgSeG+P1YvIwyD6/AQtA68UXYWTH8XPePLZiLvETfww=
|
||||||
|
allowed_ips: 10.255.1.12/32, 10.12.0.0/16, fd80:3ea2:e399:203a::12/128, 2a03:2260:121:60c::/64
|
||||||
|
## CloudGateway Donrather Hof
|
||||||
|
vpn13-cgu2:
|
||||||
|
public_key: qXa7Loe+uO4x5fkBp7EsVNLhkgEF3v1xCCM74cJwujo=
|
||||||
|
allowed_ips: 10.255.1.13/32, 10.13.0.0/16, fd80:3ea2:e399:203a::13/128, 2a03:2260:121:60d::/64
|
||||||
|
## Nils 2
|
||||||
|
vpn14-nils2:
|
||||||
|
public_key: 49jZ+ysNWTm0XQ/9zDRzPc8WpPoEIHOq4tz5wS+HBQE=
|
||||||
|
allowed_ips: 10.255.1.14/32, 10.14.0.0/16, fd80:3ea2:e399:203a::14/128, 2a03:2260:121:60e::/64
|
||||||
|
## Nils 3
|
||||||
|
vpn15-nils3:
|
||||||
|
public_key: V2Mx7MxX87dfwnkD1H1xjMvmk/9ONpFEVLNeIL3eayo=
|
||||||
|
allowed_ips: 10.255.1.15/32, 10.15.0.0/16, fd80:3ea2:e399:203a::15/128, 2a03:2260:121:60f::/64
|
||||||
|
## Brüsseler Str.
|
||||||
|
vpn16-bruesseler:
|
||||||
|
public_key: ldhDOhrZtj37rrg+gyvtcbhf3T/fw8oSFhR5XZKdAh8=
|
||||||
|
allowed_ips: 10.255.1.16/32, 10.16.0.0/16, fd80:3ea2:e399:203a::16/128, 2a03:2260:121:61a::/64
|
||||||
|
|
||||||
|
|||||||
@ -4,6 +4,9 @@ Ein LAN mit Adresse: {{ ipv4_address }}
|
|||||||
|
|
||||||
Dann auf der Konsole weiter
|
Dann auf der Konsole weiter
|
||||||
|
|
||||||
|
|
||||||
|
add system image https://dl.ui.com/firmwares/edgemax/v2.0.9-hotfix.6/ER-e50.v2.0.9-hotfix.6.5574651.tar
|
||||||
|
|
||||||
## Install Wireguard
|
## Install Wireguard
|
||||||
cd /tmp
|
cd /tmp
|
||||||
curl -OL https://github.com/WireGuard/wireguard-vyatta-ubnt/releases/download/1.0.20211208-1/e50-v2-v1.0.20211208-v1.0.20210914.deb
|
curl -OL https://github.com/WireGuard/wireguard-vyatta-ubnt/releases/download/1.0.20211208-1/e50-v2-v1.0.20211208-v1.0.20210914.deb
|
||||||
@ -73,7 +76,7 @@ set interfaces switch switch0 switch-port interface eth3
|
|||||||
set interfaces switch switch0 switch-port interface eth4
|
set interfaces switch switch0 switch-port interface eth4
|
||||||
set interfaces switch switch0 switch-port vlan-aware disable
|
set interfaces switch switch0 switch-port vlan-aware disable
|
||||||
set interfaces wireguard wg0 address {{ wireguard_address }}
|
set interfaces wireguard wg0 address {{ wireguard_address }}
|
||||||
set interfaces wireguard wg0 address {{ wireguard_v6_address }}
|
set interfaces wireguard wg0 address {{ wireguard_v6_address }}/128
|
||||||
set interfaces wireguard wg0 listen-port 51822
|
set interfaces wireguard wg0 listen-port 51822
|
||||||
set interfaces wireguard wg0 mtu 1380
|
set interfaces wireguard wg0 mtu 1380
|
||||||
set interfaces wireguard wg0 peer {{ wireguard_public }} allowed-ips 0.0.0.0/0
|
set interfaces wireguard wg0 peer {{ wireguard_public }} allowed-ips 0.0.0.0/0
|
||||||
|
|||||||
@ -1,8 +1,9 @@
|
|||||||
# ansible-playbook -i hosts.yml system-setup-unifi.yml
|
# ansible-playbook -i hosts.yml system-setup-services.yml
|
||||||
- name: System preperation
|
- name: System preperation
|
||||||
hosts: service_server
|
hosts: service_server
|
||||||
roles:
|
roles:
|
||||||
- 00-ubuntu-basic
|
- 00-ubuntu-basic
|
||||||
|
- 21-install-oitc
|
||||||
|
|
||||||
- name: Docker Setup
|
- name: Docker Setup
|
||||||
hosts: unifi
|
hosts: unifi
|
||||||
@ -1,6 +1,6 @@
|
|||||||
# ansible-playbook -i hosts.yml update_wg.yml -e vault.yml --ask-vault-password
|
# ansible-playbook -i hosts.yml update_wg.yml -e vault.yml --ask-vault-password
|
||||||
- name: System preperation
|
- name: System preperation
|
||||||
hosts: vpn-offloader-wireguard
|
hosts: supernodes
|
||||||
roles:
|
roles:
|
||||||
- 21-install-wireguard
|
- 21-install-wireguard
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user