From cab184b5cf9f1841e45d598e3daccf074dd821f6 Mon Sep 17 00:00:00 2001 From: Stefan Date: Sun, 5 Mar 2023 22:15:59 +0100 Subject: [PATCH] vyos config --- host_vars/core4.yml | 9 ------ roles/01-vpn-offloader-setup/tasks/main.yml | 4 +-- roles/vyos-config/templates/config.j2 | 32 ++++----------------- vyos_config.yml | 3 +- 4 files changed, 9 insertions(+), 39 deletions(-) diff --git a/host_vars/core4.yml b/host_vars/core4.yml index 23efc45..ec80277 100644 --- a/host_vars/core4.yml +++ b/host_vars/core4.yml @@ -13,15 +13,6 @@ ffrl_address: 185.66.193.107 ffrl_address_v6: 2a03:2260:121:600::0/128 ffrl_net_v6: 2a03:2260:121:600::/55 -dhcp_start: 172.16.7.10 -dhcp_end: 172.16.7.200 - -static_dhcp_leases: - vpn01: - mac_address: 36:f3:82:18:9b:03 - ip_address: 172.16.7.2 - - gre_bb_transfer_net: /31 gre_bb_transfer_net_v6: /64 gre_bb_renote_as: 201701 diff --git a/roles/01-vpn-offloader-setup/tasks/main.yml b/roles/01-vpn-offloader-setup/tasks/main.yml index ba5d35a..04c020b 100644 --- a/roles/01-vpn-offloader-setup/tasks/main.yml +++ b/roles/01-vpn-offloader-setup/tasks/main.yml @@ -33,10 +33,10 @@ reload: true - name: saveip6tables - shell: ip6tables-save > /etc/iptables/rules.v6 + ansible.builtin.shell: ip6tables-save > /etc/iptables/rules.v6 - name: saveip4tables - shell: iptables-save > /etc/iptables/rules.v4 + ansible.builtin.shell: iptables-save > /etc/iptables/rules.v4 - name: Create Routing Table 42 ansible.builtin.lineinfile: diff --git a/roles/vyos-config/templates/config.j2 b/roles/vyos-config/templates/config.j2 index 6b9f54e..81ecba4 100644 --- a/roles/vyos-config/templates/config.j2 +++ b/roles/vyos-config/templates/config.j2 @@ -1,6 +1,6 @@ interfaces { ethernet eth0 { - address {{ wan_address }} + address {{ wan_address }}{{ wan_net }} description WAN } ethernet eth1 { @@ -96,7 +96,7 @@ policy { prefix-list FFRL-OUT { rule 10 { action permit - prefix {{ ffrl_address }} + prefix {{ ffrl_address }}/32 } } prefix-list6 FFRL-IN-6 { @@ -164,7 +164,7 @@ protocols { bgp { address-family { ipv4-unicast { - network {{ ffrl_address }} { + network {{ ffrl_address }}/32 { } } ipv6-unicast { @@ -337,28 +337,6 @@ protocols { } } service { - dhcp-server { - listen-address {{ lan_address }} - shared-network-name freifunk { - subnet {{ lan_network }} { - default-router {{ lan_address }} - name-server 1.1.1.1 - name-server 1.0.0.1 - range dhcp { - start {{ dhcp_start }} - stop {{ dhcp_end }} - } - {% if static_dhcp_leases is defined %} - {% for lease in static_dhcp_leases.keys() %} - static-mapping {{ lease }} { - ip-address {{ static_dhcp_leases[lease].ip_address }} - mac-address {{ static_dhcp_leases[lease].mac_address }} - } - {% endfor %} - {% endif %} - } - } - } ntp { allow-client { address 0.0.0.0/0 @@ -421,11 +399,11 @@ system { user vyos { authentication { public-keys nils { - key ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCvwA3/NDj7Oo28Q1XdRIgOp//35gFVvsDa1dnMkgRDqJYvlIDbRiQ+UIcgu5YhstPb8BAxfvqjRP4rnMKc7v69T2Lp+HOMx+1sOYrznEe2hC5lPr4+U1u4Fzqhq/keSoItifmdTgrE+01Zc5jMBosUIm79TDgEMuEGcYVJIyAzDv9ez4u+Bz/HubRO+qT/+UmOICEg9m/C+fiH/ZAJHi90dMsj7RF5YXrRHXTAdiecurwGAZx2Adug1fFTvzB1pqBUHje1PFtEI+LheYklpNtiJo8NQ2KDEiavSxBibJrywzQHaddf0bkeAhmiNY8PRoMpMNeiu94DyNFWgdm7bLzdzrN/o5U7MlnJlcn8D1tLtdp0ngTxaN6VIywI8mQ/Ukxz8p2Ce49vu6osz4CvYhKx4mrvOSmqg9VjKcL6/rIwK7y5CWgIrddktxrSpUHXkzoQSefgZ5Bnu3CNp0GixWV5JTHnFxCulJAGi3TTqx7IvsJ8gpuKkeGnIgnDhFbqVOKeEEnR13tTCJ7MgPQ+VHREQ68u73a5TfDxJd/ggnG4tQ67HOcqxwa74+X1lv7YiJ3AvbrR7FFPNM3o5N8ZmZWhBLDaUHrjElHkZdB/V2l2bCblWhD0INCYoskuK1dFGdf3gQQeKOivGzKtzI0xNKutrxfvarkikxCEV3Exj889rQ== + key AAAAB3NzaC1yc2EAAAADAQABAAACAQCvwA3/NDj7Oo28Q1XdRIgOp//35gFVvsDa1dnMkgRDqJYvlIDbRiQ+UIcgu5YhstPb8BAxfvqjRP4rnMKc7v69T2Lp+HOMx+1sOYrznEe2hC5lPr4+U1u4Fzqhq/keSoItifmdTgrE+01Zc5jMBosUIm79TDgEMuEGcYVJIyAzDv9ez4u+Bz/HubRO+qT/+UmOICEg9m/C+fiH/ZAJHi90dMsj7RF5YXrRHXTAdiecurwGAZx2Adug1fFTvzB1pqBUHje1PFtEI+LheYklpNtiJo8NQ2KDEiavSxBibJrywzQHaddf0bkeAhmiNY8PRoMpMNeiu94DyNFWgdm7bLzdzrN/o5U7MlnJlcn8D1tLtdp0ngTxaN6VIywI8mQ/Ukxz8p2Ce49vu6osz4CvYhKx4mrvOSmqg9VjKcL6/rIwK7y5CWgIrddktxrSpUHXkzoQSefgZ5Bnu3CNp0GixWV5JTHnFxCulJAGi3TTqx7IvsJ8gpuKkeGnIgnDhFbqVOKeEEnR13tTCJ7MgPQ+VHREQ68u73a5TfDxJd/ggnG4tQ67HOcqxwa74+X1lv7YiJ3AvbrR7FFPNM3o5N8ZmZWhBLDaUHrjElHkZdB/V2l2bCblWhD0INCYoskuK1dFGdf3gQQeKOivGzKtzI0xNKutrxfvarkikxCEV3Exj889rQ== type ssh-rsa } public-keys stefan { - key ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDM0d9uUUdkK80fYEAz+IwxbhQO2qsr87Q4uxxwqQCvjVWryL+IuKMBJJGroWDMz2d9UJcIXEYdMz4436U0DoPJuoXe5iDsVvum3Vz3276My+tqx1bZWCktPa8Isft7mO/wfELNjRNQduUiwh2y712s7/3GQI+5Rs/65HuLHTnpLKrlfptqmsmYw+IUFDzGwBLJ6sqP90ywjKkperPCAH3IWcTsQwnW3EJFPToMg6BrQslZlxx/z+co3e6jCWzUuuIRP9jp4SmNVfYaVGb1cOFdL1p1P0qWHBHdGUnXHZ+c773VKVSj+spUBxKGqNC1EhRCYTsPDLVrYrhKl2BRLcgB + key AAAAB3NzaC1yc2EAAAADAQABAAABAQDM0d9uUUdkK80fYEAz+IwxbhQO2qsr87Q4uxxwqQCvjVWryL+IuKMBJJGroWDMz2d9UJcIXEYdMz4436U0DoPJuoXe5iDsVvum3Vz3276My+tqx1bZWCktPa8Isft7mO/wfELNjRNQduUiwh2y712s7/3GQI+5Rs/65HuLHTnpLKrlfptqmsmYw+IUFDzGwBLJ6sqP90ywjKkperPCAH3IWcTsQwnW3EJFPToMg6BrQslZlxx/z+co3e6jCWzUuuIRP9jp4SmNVfYaVGb1cOFdL1p1P0qWHBHdGUnXHZ+c773VKVSj+spUBxKGqNC1EhRCYTsPDLVrYrhKl2BRLcgB type ssh-rsa } } diff --git a/vyos_config.yml b/vyos_config.yml index 9c3b081..f7a1c66 100644 --- a/vyos_config.yml +++ b/vyos_config.yml @@ -2,4 +2,5 @@ - name: System preperation hosts: router roles: - - vyos-config \ No newline at end of file + - vyos-config + gather_facts: no \ No newline at end of file