Compare commits
2 Commits
df3e8df3d7
...
622a68301a
Author | SHA1 | Date |
---|---|---|
Jesper Hess | 622a68301a | |
Jesper Hess | b9f788336d |
|
@ -15,12 +15,29 @@ bgp_peers:
|
||||||
neighbor_ip: "2a01:4262:1ab:20::1"
|
neighbor_ip: "2a01:4262:1ab:20::1"
|
||||||
|
|
||||||
- name: "hessnet_home"
|
- name: "hessnet_home"
|
||||||
template: "peer_hessnet"
|
template: "ibgp_hessnet"
|
||||||
peer_asn: "64512"
|
peer_asn: "209616"
|
||||||
neighbor_ip: "2001:678:15c:a00::1"
|
neighbor_ip: "2001:678:15c:a00::1"
|
||||||
filters:
|
filters:
|
||||||
export: "{ peer_export_dfz(); }"
|
import: "{ accept; }"
|
||||||
import: "myroutes_import_export"
|
export: "{ if is_own_route() then reject; accept; }"
|
||||||
|
|
||||||
|
- name: "ibgp_fra1"
|
||||||
|
template: "ibgp_hessnet"
|
||||||
|
peer_asn: "209616"
|
||||||
|
neighbor_ip: "2001:678:15c:b00::"
|
||||||
|
|
||||||
announce_from_here: true
|
announce_from_here: true
|
||||||
configure_static_multihop_routes: false
|
configure_static_multihop_routes: false
|
||||||
|
|
||||||
|
wireguard:
|
||||||
|
privatekey: !vault |
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
31653838616232323365396538363930313866363939303532313737613937643361666666363232
|
||||||
|
3737313837336666353366386135623030383534303931620a393434396465383461303231323563
|
||||||
|
35613861663837373866313832656334323230316133663935346161386435663762306335306365
|
||||||
|
3662346136653766620a316535336632363937656639643361666465623033396136363738356538
|
||||||
|
36306139376436666165393831363435626633313935333838613938616631666531343964666464
|
||||||
|
3833643632343962666464383336626234646362336531366331
|
||||||
|
publickey: IBJriIpmeq+hqVCBYPn7PxDXhH/ymxpG+6BOYedfZXY=
|
||||||
|
|
|
@ -38,3 +38,14 @@ bgp_peers:
|
||||||
|
|
||||||
announce_from_here: false
|
announce_from_here: false
|
||||||
configure_static_multihop_routes: true
|
configure_static_multihop_routes: true
|
||||||
|
|
||||||
|
wireguard:
|
||||||
|
privatekey: !vault |
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
32303861303330616663386339623539386564353337336432663838666665346539383562386435
|
||||||
|
3562643536356366633635326462633664376434666466390a363566666633666232353630346533
|
||||||
|
32653839353030306565326162316132313838653362353566313133376465373239353238383763
|
||||||
|
3666623233313737340a656538353865323666343532353735633139396365396462646135393930
|
||||||
|
39383837643238653233623838323033626132646430393738376465626261343337623263653239
|
||||||
|
3539623564623938363064303965393465326534393536353265
|
||||||
|
publickey: "I4IOQdIwNSi2OzQQk4yBMsprnewBMGEzjwYSw4Yy2Ug="
|
||||||
|
|
|
@ -6,7 +6,7 @@ archvm2.hosts.v6.hessnet.dk
|
||||||
vul1.ams.nl.routers.v6.hessnet.dk
|
vul1.ams.nl.routers.v6.hessnet.dk
|
||||||
|
|
||||||
[routers_copenhagen]
|
[routers_copenhagen]
|
||||||
frb1.cph.dk.routers.v6.hessnet.dk
|
frb1.cph.dk.routers.v6.hessnet.dk ansible_host=hessnet-router.hessnet.dk
|
||||||
|
|
||||||
[routers:children]
|
[routers:children]
|
||||||
routers_vultr
|
routers_vultr
|
||||||
|
|
|
@ -92,7 +92,7 @@ function peer_export_dfz_and_default() {
|
||||||
}
|
}
|
||||||
|
|
||||||
filter kernel_export {
|
filter kernel_export {
|
||||||
if source !~ [ RTS_BGP, RTS_OSPF, RTS_STATIC ] then reject;
|
if source !~ [ RTS_BGP, RTS_OSPF, RTS_OSPF_EXT1, RTS_OSPF_EXT2, RTS_STATIC ] then reject;
|
||||||
if is_default_route() then accept;
|
if is_default_route() then accept;
|
||||||
if is_own_route() then accept;
|
if is_own_route() then accept;
|
||||||
reject;
|
reject;
|
||||||
|
@ -100,6 +100,7 @@ filter kernel_export {
|
||||||
|
|
||||||
filter ospf_export {
|
filter ospf_export {
|
||||||
if source = RTS_DEVICE then accept;
|
if source = RTS_DEVICE then accept;
|
||||||
|
if is_own_route() then accept;
|
||||||
reject;
|
reject;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -119,7 +120,7 @@ filter transit_export {
|
||||||
}
|
}
|
||||||
|
|
||||||
filter myroutes_import_export {
|
filter myroutes_import_export {
|
||||||
if source !~ [ RTS_BGP, RTS_OSPF, RTS_STATIC ] then reject;
|
if source !~ [ RTS_BGP, RTS_OSPF, RTS_OSPF_EXT1, RTS_OSPF_EXT2, RTS_STATIC ] then reject;
|
||||||
if is_own_route() then accept;
|
if is_own_route() then accept;
|
||||||
reject;
|
reject;
|
||||||
}
|
}
|
||||||
|
@ -232,6 +233,15 @@ template bgp peer_hessnet {
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
template bgp ibgp_hessnet {
|
||||||
|
local as my_asn;
|
||||||
|
ipv6 {
|
||||||
|
next hop self;
|
||||||
|
import all;
|
||||||
|
export all;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
{% for peer in bgp_peers %}
|
{% for peer in bgp_peers %}
|
||||||
protocol bgp {{ peer.name }} from {{ peer.template }} {
|
protocol bgp {{ peer.name }} from {{ peer.template }} {
|
||||||
neighbor {{peer.neighbor_ip}} as {{peer.peer_asn}};
|
neighbor {{peer.neighbor_ip}} as {{peer.peer_asn}};
|
||||||
|
@ -257,6 +267,7 @@ protocol ospf v3 {
|
||||||
|
|
||||||
interface "wg*" { };
|
interface "wg*" { };
|
||||||
interface "tun*" { };
|
interface "tun*" { };
|
||||||
|
interface "v6tunnel*" { };
|
||||||
};
|
};
|
||||||
|
|
||||||
ipv6 {
|
ipv6 {
|
||||||
|
|
|
@ -19,4 +19,4 @@
|
||||||
become: "yes"
|
become: "yes"
|
||||||
roles:
|
roles:
|
||||||
- { role: "bird", tags: "bird" }
|
- { role: "bird", tags: "bird" }
|
||||||
- "wireguard-tools"
|
- "wireguard"
|
|
@ -1,2 +0,0 @@
|
||||||
---
|
|
||||||
- include_tasks: "wireguard-tools.yml"
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
---
|
||||||
|
- include_tasks: "wireguard-tools.yml"
|
||||||
|
- include_tasks: "wireguard-keys.yml"
|
|
@ -0,0 +1,11 @@
|
||||||
|
---
|
||||||
|
- name: "Copy wireguard public key"
|
||||||
|
copy:
|
||||||
|
content: "{{ wireguard.publickey }}"
|
||||||
|
dest: "/etc/wireguard/pub.key"
|
||||||
|
|
||||||
|
- name: "Copy wireguard private key"
|
||||||
|
copy:
|
||||||
|
content: "{{ wireguard.privatekey }}"
|
||||||
|
dest: "/etc/wireguard/priv.key"
|
||||||
|
mode: "0600"
|
Loading…
Reference in New Issue