nodes: add bird to wireguard nodes
All checks were successful
kunsi/bundlewrap/pipeline/head This commit looks good
All checks were successful
kunsi/bundlewrap/pipeline/head This commit looks good
This commit is contained in:
parent
30d4d989fc
commit
89f91f3857
GPG key ID:
12E3D2136B818350
4 changed files with 44 additions and 34 deletions
|
|
@ -1,6 +1,7 @@
|
||||||
nodes['home.router'] = {
|
nodes['home.router'] = {
|
||||||
'hostname': '172.19.138.1',
|
'hostname': '172.19.138.1',
|
||||||
'bundles': {
|
'bundles': {
|
||||||
|
'bird',
|
||||||
'dhcpd',
|
'dhcpd',
|
||||||
'nginx',
|
'nginx',
|
||||||
'openvpn-client',
|
'openvpn-client',
|
||||||
|
|
@ -49,6 +50,12 @@ nodes['home.router'] = {
|
||||||
'backups': {
|
'backups': {
|
||||||
'exclude_from_backups': True,
|
'exclude_from_backups': True,
|
||||||
},
|
},
|
||||||
|
'bird': {
|
||||||
|
'static_routes': {
|
||||||
|
'172.19.138.0/24',
|
||||||
|
'172.19.139.0/24',
|
||||||
|
},
|
||||||
|
},
|
||||||
'cron': {
|
'cron': {
|
||||||
# Our internet provider resets the connection if you're
|
# Our internet provider resets the connection if you're
|
||||||
# connected longer than 24 hours. We install this cronjob
|
# connected longer than 24 hours. We install this cronjob
|
||||||
|
|
@ -210,12 +217,6 @@ nodes['home.router'] = {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
'sysctl': {
|
|
||||||
'options': {
|
|
||||||
'net.ipv4.ip_forward': '1',
|
|
||||||
'net.ipv6.conf.all.forwarding': '1',
|
|
||||||
},
|
|
||||||
},
|
|
||||||
'vnstat': {
|
'vnstat': {
|
||||||
'generate-web-dashboard': True,
|
'generate-web-dashboard': True,
|
||||||
'interface': 'enp1s0.100',
|
'interface': 'enp1s0.100',
|
||||||
|
|
@ -233,13 +234,10 @@ nodes['home.router'] = {
|
||||||
},
|
},
|
||||||
'wireguard': {
|
'wireguard': {
|
||||||
'external_hostname': 'franzi-home.kunbox.net', # Set via DynDNS
|
'external_hostname': 'franzi-home.kunbox.net', # Set via DynDNS
|
||||||
'my_ip': '172.19.136.2/22',
|
|
||||||
'peers': {
|
'peers': {
|
||||||
'ovh.wireguard': {},
|
'ovh.wireguard': {
|
||||||
},
|
'snat_to': '172.19.138.1',
|
||||||
'subnets': {
|
},
|
||||||
'172.19.138.0/24',
|
|
||||||
'172.19.139.0/24',
|
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,7 @@
|
||||||
nodes['htz-cloud.wireguard'] = {
|
nodes['htz-cloud.wireguard'] = {
|
||||||
'hostname': '162.55.54.226',
|
'hostname': '162.55.54.226',
|
||||||
'bundles': {
|
'bundles': {
|
||||||
|
'bird',
|
||||||
'wireguard',
|
'wireguard',
|
||||||
},
|
},
|
||||||
'groups': {
|
'groups': {
|
||||||
|
|
@ -30,14 +31,20 @@ nodes['htz-cloud.wireguard'] = {
|
||||||
'backups': {
|
'backups': {
|
||||||
'exclude_from_backups': True,
|
'exclude_from_backups': True,
|
||||||
},
|
},
|
||||||
|
'bird': {
|
||||||
|
'static_routes': {
|
||||||
|
'172.19.137.0/24',
|
||||||
|
},
|
||||||
|
},
|
||||||
'vm': {
|
'vm': {
|
||||||
'cpu': 1,
|
'cpu': 1,
|
||||||
'ram': 2,
|
'ram': 2,
|
||||||
},
|
},
|
||||||
'wireguard': {
|
'wireguard': {
|
||||||
'my_ip': '172.19.136.4/22',
|
|
||||||
'peers': {
|
'peers': {
|
||||||
'ovh.wireguard': {},
|
'ovh.wireguard': {
|
||||||
|
'snat_to': '172.19.137.2',
|
||||||
|
},
|
||||||
},
|
},
|
||||||
'subnets': {
|
'subnets': {
|
||||||
'172.19.137.0/24',
|
'172.19.137.0/24',
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,6 @@
|
||||||
nodes['ovh.icinga2'] = {
|
nodes['ovh.icinga2'] = {
|
||||||
'bundles': {
|
'bundles': {
|
||||||
|
'bird',
|
||||||
'icinga2',
|
'icinga2',
|
||||||
'php',
|
'php',
|
||||||
'postgresql',
|
'postgresql',
|
||||||
|
|
@ -22,12 +23,22 @@ nodes['ovh.icinga2'] = {
|
||||||
'gateway4': '51.195.44.1',
|
'gateway4': '51.195.44.1',
|
||||||
'gateway6': '2001:41d0:701:1100::1'
|
'gateway6': '2001:41d0:701:1100::1'
|
||||||
},
|
},
|
||||||
|
'dummy-snat': {
|
||||||
|
'ips': {
|
||||||
|
'172.19.136.3',
|
||||||
|
},
|
||||||
|
},
|
||||||
},
|
},
|
||||||
'apt': {
|
'apt': {
|
||||||
'packages': {
|
'packages': {
|
||||||
'php-imagick': {},
|
'php-imagick': {},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
'bird': {
|
||||||
|
'static_routes': {
|
||||||
|
'172.19.136.3/32',
|
||||||
|
},
|
||||||
|
},
|
||||||
'icinga2': {
|
'icinga2': {
|
||||||
'api_users': {
|
'api_users': {
|
||||||
# Used with <https://git.kunsmann.eu/kunsi/icinga2beamer>
|
# Used with <https://git.kunsmann.eu/kunsi/icinga2beamer>
|
||||||
|
|
@ -126,9 +137,10 @@ nodes['ovh.icinga2'] = {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
'wireguard': {
|
'wireguard': {
|
||||||
'my_ip': '172.19.136.3/22',
|
|
||||||
'peers': {
|
'peers': {
|
||||||
'ovh.wireguard': {},
|
'ovh.wireguard': {
|
||||||
|
'snat_to': '172.19.136.3',
|
||||||
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
'zfs': {
|
'zfs': {
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,6 @@
|
||||||
nodes['ovh.wireguard'] = {
|
nodes['ovh.wireguard'] = {
|
||||||
'bundles': {
|
'bundles': {
|
||||||
|
'bird',
|
||||||
'wireguard',
|
'wireguard',
|
||||||
},
|
},
|
||||||
'groups': {
|
'groups': {
|
||||||
|
|
@ -23,34 +24,26 @@ nodes['ovh.wireguard'] = {
|
||||||
'cpu': 1,
|
'cpu': 1,
|
||||||
'ram': 2,
|
'ram': 2,
|
||||||
},
|
},
|
||||||
'sysctl': {
|
|
||||||
'options': {
|
|
||||||
'net.ipv4.ip_forward': '1',
|
|
||||||
'net.ipv6.conf.all.forwarding': '1',
|
|
||||||
},
|
|
||||||
},
|
|
||||||
'wireguard': {
|
'wireguard': {
|
||||||
'my_ip': '172.19.136.1/22',
|
|
||||||
'peers': {
|
'peers': {
|
||||||
'ovh.icinga2': {},
|
'ovh.icinga2': {},
|
||||||
'home.router': {},
|
'home.router': {},
|
||||||
'htz-cloud.wireguard': {},
|
'htz-cloud.wireguard': {},
|
||||||
'kunsi-oneplus3': {
|
'kunsi-oneplus3': {
|
||||||
'ips': {
|
'their_ip': '172.19.136.100',
|
||||||
'172.19.136.100/32',
|
'my_ip': '172.19.136.99',
|
||||||
},
|
'my_port': 51819,
|
||||||
'psk': vault.decrypt('encrypt$gAAAAABgKYeeuPfokbk7lSbbJX-52kap5Cs3tdCHpezkKcExV-yLTHPjszIcAh1T9wW1BtGElRdZea7VTikV3qEu3bupiSqEW4l2lmD5cn2ERYRfuVCoYSkOlmEGokHUX7Nja4G_A2_x'),
|
'psk': vault.decrypt('encrypt$gAAAAABgKYeeuPfokbk7lSbbJX-52kap5Cs3tdCHpezkKcExV-yLTHPjszIcAh1T9wW1BtGElRdZea7VTikV3qEu3bupiSqEW4l2lmD5cn2ERYRfuVCoYSkOlmEGokHUX7Nja4G_A2_x'),
|
||||||
'pubkey': vault.decrypt('encrypt$gAAAAABgKYdTqLG3DcB13QqQadUxyzIjvSxwgZQNjorQi-ADSLsNdDbhikSAGQnSmGelLB74V175awIIir768WEnpLJUKX6nt_i2BxOP3JazvKZSQECkiK8G-IRn8wWWgKarfmtqRwh6'),
|
'pubkey': vault.decrypt('encrypt$gAAAAABgKYdTqLG3DcB13QqQadUxyzIjvSxwgZQNjorQi-ADSLsNdDbhikSAGQnSmGelLB74V175awIIir768WEnpLJUKX6nt_i2BxOP3JazvKZSQECkiK8G-IRn8wWWgKarfmtqRwh6'),
|
||||||
'exclude_from_monitoring': True,
|
'exclude_from_monitoring': True,
|
||||||
},
|
},
|
||||||
'sophie-ejgwthink': {
|
# 'sophie-ejgwthink': {
|
||||||
'ips': {
|
# 'their_ip': '172.19.136.101',
|
||||||
'172.19.136.101/32',
|
# 'my_ip': '172.19.136.92',
|
||||||
},
|
# 'psk': vault.decrypt('encrypt$gAAAAABggxrfc9m3t2k1uDLqwK-U6xnYUiL5xjtsdOK8zZhx7u2Jr2OBdbxy9V0h4O3PWuiEHnOGtAP-JdSxa9OFsi5EMcimiBqtCo56oIrwjmT57PpVqEKhWjB0vGVdJSKfU2ikHAVK'),
|
||||||
'psk': vault.decrypt('encrypt$gAAAAABggxrfc9m3t2k1uDLqwK-U6xnYUiL5xjtsdOK8zZhx7u2Jr2OBdbxy9V0h4O3PWuiEHnOGtAP-JdSxa9OFsi5EMcimiBqtCo56oIrwjmT57PpVqEKhWjB0vGVdJSKfU2ikHAVK'),
|
# 'pubkey': vault.decrypt('encrypt$gAAAAABggxrfw8U3ckR8z7RxILjW4E8wOOsG8GSiVCOMem4UWMGhywWZYd8rRorapJknQrip0WyoniTWmh8INfvU_92uDIZM-0X2-VwpZn2e-Kv18GjUfxFzLbANghesONOq18gXli8Q'),
|
||||||
'pubkey': vault.decrypt('encrypt$gAAAAABggxrfw8U3ckR8z7RxILjW4E8wOOsG8GSiVCOMem4UWMGhywWZYd8rRorapJknQrip0WyoniTWmh8INfvU_92uDIZM-0X2-VwpZn2e-Kv18GjUfxFzLbANghesONOq18gXli8Q'),
|
# 'exclude_from_monitoring': True,
|
||||||
'exclude_from_monitoring': True,
|
# },
|
||||||
},
|
|
||||||
},
|
},
|
||||||
'restrict-to': {
|
'restrict-to': {
|
||||||
'*',
|
'*',
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue