nodes: add bird to wireguard nodes
All checks were successful
kunsi/bundlewrap/pipeline/head This commit looks good

This commit is contained in:
Franzi 2021-09-29 19:47:14 +02:00
parent 30d4d989fc
commit 89f91f3857
Signed by: kunsi
GPG key ID: 12E3D2136B818350
4 changed files with 44 additions and 34 deletions

View file

@ -1,6 +1,7 @@
nodes['home.router'] = { nodes['home.router'] = {
'hostname': '172.19.138.1', 'hostname': '172.19.138.1',
'bundles': { 'bundles': {
'bird',
'dhcpd', 'dhcpd',
'nginx', 'nginx',
'openvpn-client', 'openvpn-client',
@ -49,6 +50,12 @@ nodes['home.router'] = {
'backups': { 'backups': {
'exclude_from_backups': True, 'exclude_from_backups': True,
}, },
'bird': {
'static_routes': {
'172.19.138.0/24',
'172.19.139.0/24',
},
},
'cron': { 'cron': {
# Our internet provider resets the connection if you're # Our internet provider resets the connection if you're
# connected longer than 24 hours. We install this cronjob # connected longer than 24 hours. We install this cronjob
@ -210,12 +217,6 @@ nodes['home.router'] = {
}, },
}, },
}, },
'sysctl': {
'options': {
'net.ipv4.ip_forward': '1',
'net.ipv6.conf.all.forwarding': '1',
},
},
'vnstat': { 'vnstat': {
'generate-web-dashboard': True, 'generate-web-dashboard': True,
'interface': 'enp1s0.100', 'interface': 'enp1s0.100',
@ -233,13 +234,10 @@ nodes['home.router'] = {
}, },
'wireguard': { 'wireguard': {
'external_hostname': 'franzi-home.kunbox.net', # Set via DynDNS 'external_hostname': 'franzi-home.kunbox.net', # Set via DynDNS
'my_ip': '172.19.136.2/22',
'peers': { 'peers': {
'ovh.wireguard': {}, 'ovh.wireguard': {
'snat_to': '172.19.138.1',
}, },
'subnets': {
'172.19.138.0/24',
'172.19.139.0/24',
}, },
}, },
}, },

View file

@ -1,6 +1,7 @@
nodes['htz-cloud.wireguard'] = { nodes['htz-cloud.wireguard'] = {
'hostname': '162.55.54.226', 'hostname': '162.55.54.226',
'bundles': { 'bundles': {
'bird',
'wireguard', 'wireguard',
}, },
'groups': { 'groups': {
@ -30,14 +31,20 @@ nodes['htz-cloud.wireguard'] = {
'backups': { 'backups': {
'exclude_from_backups': True, 'exclude_from_backups': True,
}, },
'bird': {
'static_routes': {
'172.19.137.0/24',
},
},
'vm': { 'vm': {
'cpu': 1, 'cpu': 1,
'ram': 2, 'ram': 2,
}, },
'wireguard': { 'wireguard': {
'my_ip': '172.19.136.4/22',
'peers': { 'peers': {
'ovh.wireguard': {}, 'ovh.wireguard': {
'snat_to': '172.19.137.2',
},
}, },
'subnets': { 'subnets': {
'172.19.137.0/24', '172.19.137.0/24',

View file

@ -1,5 +1,6 @@
nodes['ovh.icinga2'] = { nodes['ovh.icinga2'] = {
'bundles': { 'bundles': {
'bird',
'icinga2', 'icinga2',
'php', 'php',
'postgresql', 'postgresql',
@ -22,12 +23,22 @@ nodes['ovh.icinga2'] = {
'gateway4': '51.195.44.1', 'gateway4': '51.195.44.1',
'gateway6': '2001:41d0:701:1100::1' 'gateway6': '2001:41d0:701:1100::1'
}, },
'dummy-snat': {
'ips': {
'172.19.136.3',
},
},
}, },
'apt': { 'apt': {
'packages': { 'packages': {
'php-imagick': {}, 'php-imagick': {},
}, },
}, },
'bird': {
'static_routes': {
'172.19.136.3/32',
},
},
'icinga2': { 'icinga2': {
'api_users': { 'api_users': {
# Used with <https://git.kunsmann.eu/kunsi/icinga2beamer> # Used with <https://git.kunsmann.eu/kunsi/icinga2beamer>
@ -126,9 +137,10 @@ nodes['ovh.icinga2'] = {
}, },
}, },
'wireguard': { 'wireguard': {
'my_ip': '172.19.136.3/22',
'peers': { 'peers': {
'ovh.wireguard': {}, 'ovh.wireguard': {
'snat_to': '172.19.136.3',
},
}, },
}, },
'zfs': { 'zfs': {

View file

@ -1,5 +1,6 @@
nodes['ovh.wireguard'] = { nodes['ovh.wireguard'] = {
'bundles': { 'bundles': {
'bird',
'wireguard', 'wireguard',
}, },
'groups': { 'groups': {
@ -23,34 +24,26 @@ nodes['ovh.wireguard'] = {
'cpu': 1, 'cpu': 1,
'ram': 2, 'ram': 2,
}, },
'sysctl': {
'options': {
'net.ipv4.ip_forward': '1',
'net.ipv6.conf.all.forwarding': '1',
},
},
'wireguard': { 'wireguard': {
'my_ip': '172.19.136.1/22',
'peers': { 'peers': {
'ovh.icinga2': {}, 'ovh.icinga2': {},
'home.router': {}, 'home.router': {},
'htz-cloud.wireguard': {}, 'htz-cloud.wireguard': {},
'kunsi-oneplus3': { 'kunsi-oneplus3': {
'ips': { 'their_ip': '172.19.136.100',
'172.19.136.100/32', 'my_ip': '172.19.136.99',
}, 'my_port': 51819,
'psk': vault.decrypt('encrypt$gAAAAABgKYeeuPfokbk7lSbbJX-52kap5Cs3tdCHpezkKcExV-yLTHPjszIcAh1T9wW1BtGElRdZea7VTikV3qEu3bupiSqEW4l2lmD5cn2ERYRfuVCoYSkOlmEGokHUX7Nja4G_A2_x'), 'psk': vault.decrypt('encrypt$gAAAAABgKYeeuPfokbk7lSbbJX-52kap5Cs3tdCHpezkKcExV-yLTHPjszIcAh1T9wW1BtGElRdZea7VTikV3qEu3bupiSqEW4l2lmD5cn2ERYRfuVCoYSkOlmEGokHUX7Nja4G_A2_x'),
'pubkey': vault.decrypt('encrypt$gAAAAABgKYdTqLG3DcB13QqQadUxyzIjvSxwgZQNjorQi-ADSLsNdDbhikSAGQnSmGelLB74V175awIIir768WEnpLJUKX6nt_i2BxOP3JazvKZSQECkiK8G-IRn8wWWgKarfmtqRwh6'), 'pubkey': vault.decrypt('encrypt$gAAAAABgKYdTqLG3DcB13QqQadUxyzIjvSxwgZQNjorQi-ADSLsNdDbhikSAGQnSmGelLB74V175awIIir768WEnpLJUKX6nt_i2BxOP3JazvKZSQECkiK8G-IRn8wWWgKarfmtqRwh6'),
'exclude_from_monitoring': True, 'exclude_from_monitoring': True,
}, },
'sophie-ejgwthink': { # 'sophie-ejgwthink': {
'ips': { # 'their_ip': '172.19.136.101',
'172.19.136.101/32', # 'my_ip': '172.19.136.92',
}, # 'psk': vault.decrypt('encrypt$gAAAAABggxrfc9m3t2k1uDLqwK-U6xnYUiL5xjtsdOK8zZhx7u2Jr2OBdbxy9V0h4O3PWuiEHnOGtAP-JdSxa9OFsi5EMcimiBqtCo56oIrwjmT57PpVqEKhWjB0vGVdJSKfU2ikHAVK'),
'psk': vault.decrypt('encrypt$gAAAAABggxrfc9m3t2k1uDLqwK-U6xnYUiL5xjtsdOK8zZhx7u2Jr2OBdbxy9V0h4O3PWuiEHnOGtAP-JdSxa9OFsi5EMcimiBqtCo56oIrwjmT57PpVqEKhWjB0vGVdJSKfU2ikHAVK'), # 'pubkey': vault.decrypt('encrypt$gAAAAABggxrfw8U3ckR8z7RxILjW4E8wOOsG8GSiVCOMem4UWMGhywWZYd8rRorapJknQrip0WyoniTWmh8INfvU_92uDIZM-0X2-VwpZn2e-Kv18GjUfxFzLbANghesONOq18gXli8Q'),
'pubkey': vault.decrypt('encrypt$gAAAAABggxrfw8U3ckR8z7RxILjW4E8wOOsG8GSiVCOMem4UWMGhywWZYd8rRorapJknQrip0WyoniTWmh8INfvU_92uDIZM-0X2-VwpZn2e-Kv18GjUfxFzLbANghesONOq18gXli8Q'), # 'exclude_from_monitoring': True,
'exclude_from_monitoring': True, # },
},
}, },
'restrict-to': { 'restrict-to': {
'*', '*',