nodes: add bird to wireguard nodes
All checks were successful
kunsi/bundlewrap/pipeline/head This commit looks good
All checks were successful
kunsi/bundlewrap/pipeline/head This commit looks good
This commit is contained in:
parent
30d4d989fc
commit
89f91f3857
GPG key ID:
12E3D2136B818350
4 changed files with 44 additions and 34 deletions
|
|
@ -1,6 +1,7 @@
|
|||
nodes['home.router'] = {
|
||||
'hostname': '172.19.138.1',
|
||||
'bundles': {
|
||||
'bird',
|
||||
'dhcpd',
|
||||
'nginx',
|
||||
'openvpn-client',
|
||||
|
|
@ -49,6 +50,12 @@ nodes['home.router'] = {
|
|||
'backups': {
|
||||
'exclude_from_backups': True,
|
||||
},
|
||||
'bird': {
|
||||
'static_routes': {
|
||||
'172.19.138.0/24',
|
||||
'172.19.139.0/24',
|
||||
},
|
||||
},
|
||||
'cron': {
|
||||
# Our internet provider resets the connection if you're
|
||||
# connected longer than 24 hours. We install this cronjob
|
||||
|
|
@ -210,12 +217,6 @@ nodes['home.router'] = {
|
|||
},
|
||||
},
|
||||
},
|
||||
'sysctl': {
|
||||
'options': {
|
||||
'net.ipv4.ip_forward': '1',
|
||||
'net.ipv6.conf.all.forwarding': '1',
|
||||
},
|
||||
},
|
||||
'vnstat': {
|
||||
'generate-web-dashboard': True,
|
||||
'interface': 'enp1s0.100',
|
||||
|
|
@ -233,13 +234,10 @@ nodes['home.router'] = {
|
|||
},
|
||||
'wireguard': {
|
||||
'external_hostname': 'franzi-home.kunbox.net', # Set via DynDNS
|
||||
'my_ip': '172.19.136.2/22',
|
||||
'peers': {
|
||||
'ovh.wireguard': {},
|
||||
},
|
||||
'subnets': {
|
||||
'172.19.138.0/24',
|
||||
'172.19.139.0/24',
|
||||
'ovh.wireguard': {
|
||||
'snat_to': '172.19.138.1',
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
nodes['htz-cloud.wireguard'] = {
|
||||
'hostname': '162.55.54.226',
|
||||
'bundles': {
|
||||
'bird',
|
||||
'wireguard',
|
||||
},
|
||||
'groups': {
|
||||
|
|
@ -30,14 +31,20 @@ nodes['htz-cloud.wireguard'] = {
|
|||
'backups': {
|
||||
'exclude_from_backups': True,
|
||||
},
|
||||
'bird': {
|
||||
'static_routes': {
|
||||
'172.19.137.0/24',
|
||||
},
|
||||
},
|
||||
'vm': {
|
||||
'cpu': 1,
|
||||
'ram': 2,
|
||||
},
|
||||
'wireguard': {
|
||||
'my_ip': '172.19.136.4/22',
|
||||
'peers': {
|
||||
'ovh.wireguard': {},
|
||||
'ovh.wireguard': {
|
||||
'snat_to': '172.19.137.2',
|
||||
},
|
||||
},
|
||||
'subnets': {
|
||||
'172.19.137.0/24',
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
nodes['ovh.icinga2'] = {
|
||||
'bundles': {
|
||||
'bird',
|
||||
'icinga2',
|
||||
'php',
|
||||
'postgresql',
|
||||
|
|
@ -22,12 +23,22 @@ nodes['ovh.icinga2'] = {
|
|||
'gateway4': '51.195.44.1',
|
||||
'gateway6': '2001:41d0:701:1100::1'
|
||||
},
|
||||
'dummy-snat': {
|
||||
'ips': {
|
||||
'172.19.136.3',
|
||||
},
|
||||
},
|
||||
},
|
||||
'apt': {
|
||||
'packages': {
|
||||
'php-imagick': {},
|
||||
},
|
||||
},
|
||||
'bird': {
|
||||
'static_routes': {
|
||||
'172.19.136.3/32',
|
||||
},
|
||||
},
|
||||
'icinga2': {
|
||||
'api_users': {
|
||||
# Used with <https://git.kunsmann.eu/kunsi/icinga2beamer>
|
||||
|
|
@ -126,9 +137,10 @@ nodes['ovh.icinga2'] = {
|
|||
},
|
||||
},
|
||||
'wireguard': {
|
||||
'my_ip': '172.19.136.3/22',
|
||||
'peers': {
|
||||
'ovh.wireguard': {},
|
||||
'ovh.wireguard': {
|
||||
'snat_to': '172.19.136.3',
|
||||
},
|
||||
},
|
||||
},
|
||||
'zfs': {
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
nodes['ovh.wireguard'] = {
|
||||
'bundles': {
|
||||
'bird',
|
||||
'wireguard',
|
||||
},
|
||||
'groups': {
|
||||
|
|
@ -23,34 +24,26 @@ nodes['ovh.wireguard'] = {
|
|||
'cpu': 1,
|
||||
'ram': 2,
|
||||
},
|
||||
'sysctl': {
|
||||
'options': {
|
||||
'net.ipv4.ip_forward': '1',
|
||||
'net.ipv6.conf.all.forwarding': '1',
|
||||
},
|
||||
},
|
||||
'wireguard': {
|
||||
'my_ip': '172.19.136.1/22',
|
||||
'peers': {
|
||||
'ovh.icinga2': {},
|
||||
'home.router': {},
|
||||
'htz-cloud.wireguard': {},
|
||||
'kunsi-oneplus3': {
|
||||
'ips': {
|
||||
'172.19.136.100/32',
|
||||
},
|
||||
'their_ip': '172.19.136.100',
|
||||
'my_ip': '172.19.136.99',
|
||||
'my_port': 51819,
|
||||
'psk': vault.decrypt('encrypt$gAAAAABgKYeeuPfokbk7lSbbJX-52kap5Cs3tdCHpezkKcExV-yLTHPjszIcAh1T9wW1BtGElRdZea7VTikV3qEu3bupiSqEW4l2lmD5cn2ERYRfuVCoYSkOlmEGokHUX7Nja4G_A2_x'),
|
||||
'pubkey': vault.decrypt('encrypt$gAAAAABgKYdTqLG3DcB13QqQadUxyzIjvSxwgZQNjorQi-ADSLsNdDbhikSAGQnSmGelLB74V175awIIir768WEnpLJUKX6nt_i2BxOP3JazvKZSQECkiK8G-IRn8wWWgKarfmtqRwh6'),
|
||||
'exclude_from_monitoring': True,
|
||||
},
|
||||
'sophie-ejgwthink': {
|
||||
'ips': {
|
||||
'172.19.136.101/32',
|
||||
},
|
||||
'psk': vault.decrypt('encrypt$gAAAAABggxrfc9m3t2k1uDLqwK-U6xnYUiL5xjtsdOK8zZhx7u2Jr2OBdbxy9V0h4O3PWuiEHnOGtAP-JdSxa9OFsi5EMcimiBqtCo56oIrwjmT57PpVqEKhWjB0vGVdJSKfU2ikHAVK'),
|
||||
'pubkey': vault.decrypt('encrypt$gAAAAABggxrfw8U3ckR8z7RxILjW4E8wOOsG8GSiVCOMem4UWMGhywWZYd8rRorapJknQrip0WyoniTWmh8INfvU_92uDIZM-0X2-VwpZn2e-Kv18GjUfxFzLbANghesONOq18gXli8Q'),
|
||||
'exclude_from_monitoring': True,
|
||||
},
|
||||
# 'sophie-ejgwthink': {
|
||||
# 'their_ip': '172.19.136.101',
|
||||
# 'my_ip': '172.19.136.92',
|
||||
# 'psk': vault.decrypt('encrypt$gAAAAABggxrfc9m3t2k1uDLqwK-U6xnYUiL5xjtsdOK8zZhx7u2Jr2OBdbxy9V0h4O3PWuiEHnOGtAP-JdSxa9OFsi5EMcimiBqtCo56oIrwjmT57PpVqEKhWjB0vGVdJSKfU2ikHAVK'),
|
||||
# 'pubkey': vault.decrypt('encrypt$gAAAAABggxrfw8U3ckR8z7RxILjW4E8wOOsG8GSiVCOMem4UWMGhywWZYd8rRorapJknQrip0WyoniTWmh8INfvU_92uDIZM-0X2-VwpZn2e-Kv18GjUfxFzLbANghesONOq18gXli8Q'),
|
||||
# 'exclude_from_monitoring': True,
|
||||
# },
|
||||
},
|
||||
'restrict-to': {
|
||||
'*',
|
||||
|
|
|
|||
Loading…
Reference in a new issue