diff options
author | Christian Pointner <equinox@spreadspace.org> | 2019-07-29 00:34:45 +0200 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2019-07-29 00:34:45 +0200 |
commit | 76dcda830cbd5a5ba68b42121d2464f3b73ac977 (patch) | |
tree | db03c228ce0e37a32eca42bb25be6adfbbe89968 | |
parent | Merge branch 'buster-unpredictable-network-ifnames' (diff) |
finalize ch-router config
-rw-r--r-- | chaos-at-home/group_vars/chaos_at_home_vpn_extern.yml | 82 | ||||
-rw-r--r-- | chaos-at-home/host_vars/ch-router.yml | 175 | ||||
-rw-r--r-- | inventory/group_vars/chaos_at_home/network.yml | 11 | ||||
-rw-r--r-- | inventory/group_vars/chaos_at_home_vpn_extern/main.yml | 45 | ||||
-rw-r--r-- | inventory/host_vars/ch-jump.yml | 6 | ||||
-rw-r--r-- | inventory/host_vars/ch-router.yml | 126 | ||||
-rw-r--r-- | inventory/hosts.ini | 4 |
7 files changed, 442 insertions, 7 deletions
diff --git a/chaos-at-home/group_vars/chaos_at_home_vpn_extern.yml b/chaos-at-home/group_vars/chaos_at_home_vpn_extern.yml new file mode 100644 index 00000000..89fcd8a6 --- /dev/null +++ b/chaos-at-home/group_vars/chaos_at_home_vpn_extern.yml @@ -0,0 +1,82 @@ +$ANSIBLE_VAULT;1.2;AES256;chaos-at-home +39646465613132376562666130373038393965303130393036353861633134636231343663376561 +6238306136376663373665363832323633383634313238370a653864363239646132343665383434 +63396662366133656661613431656362343461626332383766313766613835393263396631633062 +3335636566366436640a343236356231383330396530323964303939373964636234366138633330 +32386537336464323138303036363164613163663366303230383637343561346330303034393534 +64363435313634666137343536303364633637316538626365666666343962623437393239323064 +34313231343732623031643662663666373165626230373963326534313666306630373735656339 +39363736623638633932396331376465323863303132623961383439623134663365643131383630 +38353531663638376538656634626161323934633232656262336435623961636332346666343138 +34636666373034346561666636353536613131396163623730353230396265393361663333383236 +37666435373864393161616638333564643831303266336233666433643832343432383731343130 +32396132333637616564366330393835323037366138666336393562613661383236363639643465 +64356532623436653233393363313136373632383730333333353061313630626639366663356437 +64386638303039363637666332313437306438376235643835663831346539636563613630643633 +36313437616238363631323964653737626162346266366534303735613363386331316566356462 +62343364613439623862623031303136373936663439623038376438323931643762616335303833 +30616435373930633132396463323466373238626537626363383033303638356563633962306239 +61366336663665353263636430313039333762616532326462643461363262346562336432313361 +33316237393963393330366134316539663664363437303666646666623832323162333238376438 +32366631653861326433613439383133353230613637316666386139373332363633313535353730 +37623865343365346464383232616636633736353433396536373533396361323262323131656536 +64316535353731343838313834346563313133666334656434366632376230666631616365343432 +62343532326536353861353665626331323633633862353731633063313662303733653432316430 +31653763376530346561323966393233363736373961373733336631396666373264316332626231 +36333261656139323939323436623439383165343163666565353937323365636532623334346435 +65396433396632616666636436316564303439386263643433646365343864363832316434333638 +39336538393762636263326437393030353835353064333338323035386239643836323533383032 +63396633643965303862333362613936636434323566393766363761353663643138313132623336 +35343465313738356335636333313538636562623031356565393737326531373364363130646139 +33636231393932656331356537333436623262653830633130386238373531376432373533666536 +36373032346563316163396664393039636331656330613733303566316464646463643131343537 +63646162623331306564373536383335326561343437326535303461613866396330613239626433 +66656466373331623964316431656335346637343130383764333862356166636461656237343866 +38343330356338613935353936323534353561663964636361623533343237383133306366336563 +36366531393365653039373464336463643764663839326362656339366532336138303766323066 +61376363656564383433343539373863343130313439393335386633396239613738356337393236 +37643232316264643830386462356631396132613139663335646637396534333332616534623036 +34363531613030386336313863366235623666333665313161623763626562333166313263633366 +32643839623831343935653933356131363364646236316234303066353166303939626163626234 +37623066333831643261353763623231643336633035303332343736333632623138623963656664 +65653932343065656638323530653232336338333562613738353334336136313466356665636361 +65376139316635383832343262356137306138303636623936376462333962343866393535333232 +34636138316562636261656630386363383038386666636631383538353664343738353832613962 +66353239386635363936616330666162356666636361303333346431356337656437623664633534 +33643933623565323166306430313331346236353734666532656133383365623263346139393938 +30323134306231373930623731303763346434323965343162616537636566326165653464363432 +62663338376637633330626530353035383838393939646134626630663330376131663836643166 +37333436653864323866323431373737353334396435616665346166623433333237333530666335 +64336334373162333065613533313361333463393761623736323431343239356334323863343563 +33353938393136356133636431356263653635316339643833313738613536613035323338643362 +39666538663764356630396337386532303931613834366364366261646136646263313139633939 +61346338346230346339366164376434316361313931303235636433376464366638366263363165 +63653338396230323438636430343364343832303231383066613837326435343333363730626138 +64666431623864396165316232383537336334393136656638656630346466653337653731653734 +34626137323635323731646333656561313137666536653036356437373263653261636662363261 +64366236336361343733396361613165323735663638653635373865303061376366613736353965 +63613364313966643963373738663833376639333935623064343865323231656364306363323432 +66316233363664626332643034373232303032303738333263666262396639346364316534653333 +36613133303461663536336630633639393662356632363963353234333537356130333532363762 +65373564633562623265643134333632373764376561343265326637396666303737313930343932 +62643063353838363265323036646333386435653362383262346562353036383933386536633765 +63656234356434656334363731323762356536666462326638326231633936346166303139353236 +38626435616338386566636438313461303735333831346138623834626666373636393534616531 +32346638313533383930366335386662393461656434643439643538343133363031613466613965 +62613335316436343331643939383730356163623966356539393734663662386330333634326132 +39666431613634356139616132643661303862363832643335393762393436323136376536336130 +61633136653364363435383337323335396132343263316232616633313066623762313336323731 +64316535303336656532643630643231323464383031343761373566383838383133383332333539 +61633836656136336366353662643430646439303131346162316166623033383230653632313235 +66346133333561653333333162663634346336303336353333363438313637303632353336313239 +36313764613932313730333263616330633936366538373237303237663534333935333835393830 +39363363306536363166373037343738643338303437343934613762633530326334613232626663 +35623432343435316238386263336435343630653238616137343835633831316163373963376561 +36633334623836653130376639656237633065333834666232396138646534313337626465326665 +64386162653061663266613266653334363934333732646330376534633065346430646134643930 +66643931663266343739363830363936366239336264373162626364393633393262613932363338 +39363663356535363937393236386339616133393438663830613866623133313430323334366436 +39333161343833396564646137343038633164653539343034373930663036653534633637386363 +32646336323536356563383261373731336336323331326131613933626564336233373932626162 +66323732366431396635313738373039653463306630646432306434373530373932643336373265 +6665 diff --git a/chaos-at-home/host_vars/ch-router.yml b/chaos-at-home/host_vars/ch-router.yml new file mode 100644 index 00000000..2f1549ea --- /dev/null +++ b/chaos-at-home/host_vars/ch-router.yml @@ -0,0 +1,175 @@ +$ANSIBLE_VAULT;1.2;AES256;chaos-at-home +64633931303238633637396634333837396236613430623863336632633066323164333065616361 +3032336166306331353235343738383834373163313661630a356634363066346437356136646262 +31613961383561333663623966396434323461343439663333393733613831333138613938616230 +3731306334383337320a646233303262653436646462353536663961633134363539396437383232 +35346563653135373633323465333835393438633130353963356336623239323335383361623335 +36653939373530396232363761363662646633616563613331636261653031346138313834313262 +38366133323134373231656264366561313238383532336238663762623731313931663563313434 +63333164343063386231373636396464383737636232353061343830333837386134626639373335 +62356665663634323033646239326166343736663763336637303061656331636236613132636435 +35353930663263303534616636373934383832373239663639666563366431333733313561633863 +30386236343461633937326331366563353130366331613239636239333631613438396364356132 +62376462386262616632663561326332623266333331383061353633306562656363386434343263 +62396633323233663461316339613165363162653335333433376562656530656637663134653561 +65623439353239623533333935626635613465653166623737613336353637656232643339323831 +62316361663738643065653637316438313866323266616631383637386538343835653433623962 +63396132306363393962316431353464373733343637386339663663366462383933356461313263 +34393164656535313165303934366561613339653164323438373664656531636438313839323938 +65343462636564393863306364653733663537323430323839383337643138633436376430346366 +39623734356632613562313165663266313132323566353362316662616638393831363739613734 +61303664623532313466313833393030333063623464366133376237656664386237333935393536 +65356163643864633732626533383038663332366662396262353061383064333939643136386463 +35623330343462653635333232646266666537646337306562353836643436656161636534306537 +36386138386365363535623530393339353062343263663961326438633665663361316338633236 +31396239363431386234663965393838353330633366353034663136666566383731396233336261 +32623833623034353439343335626535373439353639386439353431356431353032336131386663 +34376662353737636633666162353533323638353739333664366239623863613039643535316634 +37333836666636343039636133346665666666303264623335333661636639303265356339623234 +65373762623430336135363932393233643931326562326232633464303662323062366236366431 +61343332356163333664353766383738623566323939383033343864363262356233613263653365 +38616532383536666339666439656562656332366465366333366637373166333737626231353762 +37336263666530636261393666636632653138623231363065623866653730396534346332303631 +33313838373562323331363961366461653233643662663064396261373365636366653539613734 +38373135656234303735363137373039643136633931643862663966346133666562313738353065 +34333032366435323238363964386537623062333730333461353261363937663839333137653463 +37303532616636643535623739643339666630656164636566633932323866613339393232386130 +35393132313336383839653835656132353238333136623339333332336462633261393462613864 +61386463633165643333333137306438613966303438323139616664666231613163323763623236 +38313839356636313632363963646262333837353064363965626565336135323661623930653165 +65306665363464313838383531643633663166643637636430336639356531363662373663383761 +62623365346132626664373262663931326534663032383961663530343633383332633965653339 +31363365316634613434623662303362643638323436303936656264653634343163363236653963 +35346535326464383261313338333165666336303832373631636431326564373662386439386234 +33643064616237383762353565373865353265323264653739333631366366643162363032643534 +32313736633666373664643266623365353564373238633463636634393736663631663738663566 +64356532353233613831336236343639343938313939333033306361633864633764346632373830 +37633866623138623763616634353135316466343639636132313764616237373038303661666162 +37366661643130633737363564353732396461323135323963656561333234306263356134386131 +66336430346333383239333132343431663161326163306337323535633735636234336261313765 +34343832303037313662323334383761393464656635383937613765633133353463393433653935 +33633132306166363030353933313037623863313566376636633162303163333635393437396365 +36326263303964376338663966386633396666623461653735616533346630656536323161353831 +62306237363235383431376535303430326634373831643032323532353235353965363530343134 +31663739323033663565656364643338613263306435393335393663386133366230353634666331 +39333138383038343738346230383230666136353231393063323031393839653632383438316337 +38346363313061613236656161646431376562383135366432356266333536396563383564356531 +39623831613731313634306430623930373837613935373030396334353435623038646331356363 +30386366376138303563313362353335393662353162316439616235643863363038336131343939 +32616231303137316536373237626462613066613461636566333334323532303733386636326635 +30323032336131656636383635396632346432393838653364343966383532623338636264323964 +32326263346537633264303533326537306337643433323662636435633334333737366532366363 +62363664356338316432373462313232643538363935393731303239313762343264656531633930 +38323731376436306465303864623134393066376337326432323263353937383336656431663035 +34653036643831373230653836613532613262373630363965636661333735633562633937346335 +32333833313634313737366236333931656231336238623037653935393462313961653465333838 +31663236623165313034613837393930303064323731393030643738306134313163353833373139 +61613832313236356638323864343262633737336261623365336163343932373565333266643939 +63626532653662356631303433356436386361323432303166313834343331663036663130316532 +39633730323539393833373361313764363338396239336430343565633637626336623664646461 +65626136613265343862383034323166346633343934363434313139613764656565633266656638 +34366566396439393839346630306636336236623739383835366565326566656436323732323762 +64623635303363616439313231376265366165663536356561613036333461333734323130363635 +34343964663331633934623632353531323564393234353630613838376332643964626264656137 +39333764383064313962323163363764343765316430633837633237313232313938333162643733 +62393663643565303238316266616363663866363230643238636632303465303339353165346461 +32383264373630303231306338653533373334626131613333663134663137646138383665663533 +37396432663064363335396431323338393334363939376332383632366464353332336366636361 +63643530633138306636393732323165633661363766663061363334656439393134306639386163 +63666339346162386636326538363464306232626262343866633838376331393765636561373464 +30663633383537386533616437636339636438653263343838363866626462323861363930656130 +39363236626637373361373839386530653030376664353431376138623366353337396432383034 +30346336383732626533383466353966336662323139386536623064616661633061336334303065 +34613439663932313337363930613366313232353631396463336432663735656466363337333837 +62363164363139623261336136353239643138306466383266633662356536363933303764343537 +37396366623030353334383532386137663438626266656238396430663338306132383034346334 +65363530613832353561663064626566313938313136363930316264346161386566613632376261 +38303034623339346530633832653362646163363832386633373934613861356336303333333663 +63363732643261376630623166623464613734626261386538306535616537383038626533333135 +30343162386239353165636539313963363365323435326166366364613931373936396237353263 +30346332626666393765333437633233663231646338343934313638303161373466383961383865 +33633037656130336264316139636536313962346338373562323263613038393866346461373333 +65633065393834623432376432386632353735383665353735653266373364346538653762666638 +66363630656530306265636261373438303761363034666139363035313063633562336464383363 +30643639356335626531343664313034356362663334343665373562333462353439323532396366 +30656239646363663938333266323433326466646234396236623533313930343463353634616233 +31613833383965363930356639393238303133636365363738616263636465396136376266336166 +63653632353936353764386437333338616134303764376434303239316366623364356230613764 +37623832663836366439666537323064373637343233343533356432366537623634643565623938 +65623965356436356162346335616435313332343437613961653064666461346662353061373238 +33323163373566356464386135626530313836356436326139343437646131613238633832336138 +37333636663738393134373335643665653932326633643436356363623139353065663861636239 +30633435653764393566656236313537633433363434386136643133663461636435353762363261 +65383039616231323539373262373734616664383766653339333736373866363865323531366136 +65383838636433666565343266383334653331323566306639666133313536623766306262393936 +38333863663430613833616161663135356633343862623830333234613664353334666331306264 +35396164326133383961323634303863363835653261653666626438633165323365306562636539 +33646334366362333337616134663632616263646631376665336262343631323031326638383339 +32663261646136356532613562366662396132393261353131313464316339646231366534623133 +37363538663830376631366636306564643631633536313562333634666235366562633431653834 +61616131363833303235643361623465666239666165636439623532373461373166326165343039 +34356338653061333661373838373833346266383232363766383633323532333534326130323937 +31666339346334636632613032663334643538636365653335333537323666636433303432653432 +37386630336534633839613535633036653065323565643030323130623261373364656137646633 +61363063316162613666626163333537643331366266383834666563613862633539306637373135 +31616632616431623766633062626333383361316565623231376135346632656335373737383532 +39666437363532336532363065336330643932363161373361383934613330393665353261313762 +35376230353431393139373137303763383664643931333433343534333730623638613038383862 +32343238316463336639376432636639613765356631363537353535646365383366373862613138 +31623163363839616665333033313765383735363831363264666330613261646636316436666565 +63376436363666343663656138623736353431303131646262663939393434623832303765396633 +66613365313330303736616137623935306335623834393939663933366463333139636437363831 +64336565363131653361313637613638356336353130303833666438326434386138343762656436 +38613639373733653733613838363866333561656432313839323562373330393461366330643132 +30333165376434383338343662653566616462653939353364376666346665663534656431333966 +38366364333662643731626366633737346439313232323036636237303166356661366464643265 +35313432323039623734323562356362646336363138363136373330656333323035353437363636 +62393464333063336237396438616165306631383466383164636237343330616239313662303636 +65346136383732646339663437363262626130366135303933393738343865653661613932366165 +62613432343033323961393162333530323735306366303837613736396634666634356364363265 +33323736346662336235653562636130383632613732646232366564656539353033343339386339 +66653365613432323266656538613739346437623265616335646266663063663331326538633034 +63666533373163343565386634346565636563313265393262306233623664343366666563623463 +30633563633565366638386232623831353766303435303531343366316362663465333561363663 +34356364363536303765333437663764613062666138343364346638383139653733333865636362 +63376638633166373762323534643563316238353531636330633734346166666232333536646535 +35303965316237623430656437663333383661343364646331336431303731643738656563366439 +39376438613263316163653037346165613639363935303062666634346561346337643431333464 +31326337636364383464643965663066633438336536613737356534623166323930333431333462 +33613737633163343431316161346564303938636232333830616161393434316166396334313437 +64633835666330616563633261343561626266636332653663343065303731663431303039373864 +63353862336463323766363535303766663265363735373039333965396565376335363739396332 +32376562623865393036633065383336306631656365353863333561336130643431356264636237 +38376430353034663736333265336538336665313834363934303164626237636166623763653564 +34613530383461323839636233303131343733396565393139313232663238663239353735663638 +63656361653663373031353634333530396439363735346532353037616135313466303436356439 +36653536383538326438323931626637313631303338303565616135616438616234653437353339 +62633035633762336233626235626463313432643236323035643466616364366339656432303937 +65616635626434653361636365333336353366306639656435623462653961356166666138653666 +38316536356463393934636661356436613537393439373062663164356566626562343233656135 +39623961343033333430616239316139666161336436383231636130643232353034666166663934 +37343431366464623161643766626534316162336231643366643835303730383061616237303232 +63343636316364656132316162323761353266313639363763333437336638376661636134383434 +37346466373937353634386561333064393630396664373234393038323533646139313439646130 +39323664376231323165613036383737363537356662653432663266376661366137356361373434 +66613034363534663536646238316332393433356134366464373365656661613538376632306633 +39636236663064306162316630303031336432303437396438343664306437636638616136393063 +31303865626538663063663939396239626231633265663632643437323963326137636237343336 +37393230343863393732313533623633386463323064613761633432613033653464333666333162 +61633065373336666638353730306130323634376638306261646330656665643463336663366333 +37303630353837303165313337303133616636326535373637343939656138623132323365653132 +61316238633937656239363461396433393265323163626164333962633730326634313338326432 +32643663643939396435623365356631343563636335643130663536353236386536366363653038 +37353739616634336366626662343537346466636662666435656637336137356265633362363139 +64343436633561373233636631653161313932343963323635656366653837646238386634313133 +38356637613933313663383465333063333639376231393731363732373131396139656434393861 +39333334353130303264333664316231633939626332666464386166343565343561626665623931 +33656639643838373232343636653036616530353863383237396336306131306163386130373838 +37333662646362373134633537343537643337666336336430303066343664623833623161393333 +39313065333363663338393633656538316564653437626130653537653636653230393139323632 +63356536383266306331383032643866353037323463663064626139303064326630396534393836 +37333739323933613839373434323737326236396431396439613461353539373739333830386264 +38393763366362646436663964323766626538653130303665633339613233656165333362616332 +61646134376434316630653935653763383136343832663936643438653433343237346266316635 +34613663303637643530363239323632613966313364383432616530313861333237623761346335 +6636646663356135346235636632326339346532353336346432 diff --git a/inventory/group_vars/chaos_at_home/network.yml b/inventory/group_vars/chaos_at_home/network.yml index 31a2b6fd..8cfb0a98 100644 --- a/inventory/group_vars/chaos_at_home/network.yml +++ b/inventory/group_vars/chaos_at_home/network.yml @@ -7,9 +7,12 @@ network_zones: dns: - 192.168.28.254 dhcp: - start: 1 + start: 100 limit: 199 offsets: + ch-auth: 88 + ch-prometheus: 99 + ch-prometheus-old: 250 ch-gw-lan: 254 wifi: ssid: "chaos at home" @@ -37,14 +40,16 @@ network_zones: offsets: ch-jump: 22 ch-gw-lan: 28 - web: 80 - mail: 143 + ch-stats: 10 + ch-web: 80 + ch-mail: 143 ch-router: 254 mgmt: vlan: 42 prefix: 192.168.42.0/24 offsets: + ch-jump: 22 ch-sw0: 200 ch-sw1: 201 ch-ap0: 220 diff --git a/inventory/group_vars/chaos_at_home_vpn_extern/main.yml b/inventory/group_vars/chaos_at_home_vpn_extern/main.yml new file mode 100644 index 00000000..2ada0a35 --- /dev/null +++ b/inventory/group_vars/chaos_at_home_vpn_extern/main.yml @@ -0,0 +1,45 @@ +--- +openvpn_ca_certificate: | + -----BEGIN CERTIFICATE----- + MIIG8TCCBNmgAwIBAgIJAOGcXf3qnvfBMA0GCSqGSIb3DQEBCwUAMIGrMQswCQYD + VQQGEwJBVDEPMA0GA1UECBMGU3R5cmlhMQ0wCwYDVQQHEwRHcmF6MRYwFAYDVQQK + Ew1jaGFvcyBhdCBob21lMQ8wDQYDVQQLEwZzeXNvcHMxGTAXBgNVBAMTEGNoYW9z + IGF0IGhvbWUgQ0ExEDAOBgNVBCkTB0Vhc3lSU0ExJjAkBgkqhkiG9w0BCQEWF2Fk + bWluQGNoYW9zLWF0LWhvbWUub3JnMB4XDTE1MDUwMjAxMDQ0NFoXDTI1MDQyOTAx + MDQ0NFowgasxCzAJBgNVBAYTAkFUMQ8wDQYDVQQIEwZTdHlyaWExDTALBgNVBAcT + BEdyYXoxFjAUBgNVBAoTDWNoYW9zIGF0IGhvbWUxDzANBgNVBAsTBnN5c29wczEZ + MBcGA1UEAxMQY2hhb3MgYXQgaG9tZSBDQTEQMA4GA1UEKRMHRWFzeVJTQTEmMCQG + CSqGSIb3DQEJARYXYWRtaW5AY2hhb3MtYXQtaG9tZS5vcmcwggIiMA0GCSqGSIb3 + DQEBAQUAA4ICDwAwggIKAoICAQCz+MrezJ744nzWHV1LqjnWOtthbHQ4bNv3odbu + bOJlyL3HLIzmJ4lRLvgDPpZKQP46XlvxNsDbwMlLCXgiaKZh3Y/WhM1wixE0t4SK + 132S2jDa1rIP4x37G/na7Q/QLPSkB7qCzo7herYizFU5FmGLxIIMUEYDQ8ryEkrl + ZZ5YG583gLX4prJ6gyeP8gyitA6VK+zGoAzjA7+gpQqM7HdtQtHWYKpuaPnqL8G0 + nCBCNyZVPLDRaYzT1RP6uittotXwBZ5+2ox1EubG3u+Insk11ydTmRubodB+DLaq + QRpzj2zbInd9s2FDZonSOhzLiRwg2Hkshs+NKTIf1K3eD6q6ts/83hdmYWPT/uAD + e7l0Py1FRc/5cQwPxdGGzo/q604oAyXEeXwHzrrVIZF1SrC33wTDtCn5PqLL/92t + E3sCyCAQNuGP4bLL8tMYOvzYuhurPzFlV/ijpDXc+GWdpeAf00g8m1ZLBFUuFLAy + Ymx/zgN7WOheBPqJSrt/l00k+FjSi3A++iGYFD9ro52jfDctV6j//Qv5HhEDgOi4 + UtvC3A02bb44IB7255pC1cZ8VCe7VGHIV40DwHt1103jRhDflicP9mDgicP2YquF + bM3aSjmxkhx1lkUUfbJpHRdiIcjaSazhWwUGIYCV5dDNqs/bwSuWXp5TXuUd5YLR + pIDaaQIDAQABo4IBFDCCARAwHQYDVR0OBBYEFOBTIefcIZSf3fW3IMVZWhzv6B8F + MIHgBgNVHSMEgdgwgdWAFOBTIefcIZSf3fW3IMVZWhzv6B8FoYGxpIGuMIGrMQsw + CQYDVQQGEwJBVDEPMA0GA1UECBMGU3R5cmlhMQ0wCwYDVQQHEwRHcmF6MRYwFAYD + VQQKEw1jaGFvcyBhdCBob21lMQ8wDQYDVQQLEwZzeXNvcHMxGTAXBgNVBAMTEGNo + YW9zIGF0IGhvbWUgQ0ExEDAOBgNVBCkTB0Vhc3lSU0ExJjAkBgkqhkiG9w0BCQEW + F2FkbWluQGNoYW9zLWF0LWhvbWUub3JnggkA4Zxd/eqe98EwDAYDVR0TBAUwAwEB + /zANBgkqhkiG9w0BAQsFAAOCAgEAJRsbExbfH/8EwAFwRlzXQaBocQvEISvnI50e + LDNv8uqWEdxQRXflD9BwzSivVeV5iNqspzwDETMTkj+ZDHA/gHJogR3Tl3jupQ2H + S0GBSfzv/2LeOGM88WfvOqLix9aKRhBvKPgzvm0ythD5+BA+pHoO/Hi6QxZQosMU + zBMcYZwASoOGn7jDDaXAtymyMl9SYHASPc15i3tYUHQrnZHl0vunJS6yTCHcOxOw + bd7ZNSyvLWF4mymE7tFFXtQ0g6mFX41wyRX0YAXYnV6qHGaFg81PO9wwSYRE90eq + nalqFM+8Q8G+avVlpbVN956S/SxaJzZZMrwBFOWgf09epO6ULjKQ2efoYQhCUHJo + xx3KkZhYIlqYlQ67cOlKHry4rNIZissUHFrVSYtsQG+F2PvIgmY5sefCNWujUj3m + 9R5o9p1ox4SNt0XuIh92xLLv9AKhSKaI0eMh07hZFT1RnoO6I35QPtVI7bqx8ryT + Hgd5pnSvdySd1JUDS8D/W0BTkPmDhjMad4GNAGpKhvNumZqOFTw3IeSN+oWWMhYt + z4mYklW/xDdkbFHoaZK0FFlJl6aM+qGNoOarRx1XlA+jT5GQl5ZbIVDENfRJBEt4 + 63sa1VvytDA7qx61roJ2jnZPZPnxbSGCgljEbgjb0LKSddOFx+sgqzc1c8KgmOlf + 6XrTyAc= + -----END CERTIFICATE----- + +openvpn_dhparams: "{{ vault_openvpn_dhparams }}" +openvpn_ta_key: "{{ vault_openvpn_ta_key }}" diff --git a/inventory/host_vars/ch-jump.yml b/inventory/host_vars/ch-jump.yml index b46120f1..94b55319 100644 --- a/inventory/host_vars/ch-jump.yml +++ b/inventory/host_vars/ch-jump.yml @@ -14,7 +14,9 @@ install: size: 10g interfaces: - bridge: br-svc - name: primary0 + name: svc0 + - bridge: br-mgmt + name: mgmt0 autostart: True network: @@ -23,7 +25,7 @@ network: systemd_link: interfaces: "{{ install.interfaces }}" primary: - interface: primary0 + interface: svc0 ip: "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets[inventory_hostname]) | ipaddr('address') }}" mask: "{{ network_zones.svc.prefix | ipaddr('netmask') }}" gateway: "{{ network_zones.svc.gw }}" diff --git a/inventory/host_vars/ch-router.yml b/inventory/host_vars/ch-router.yml index fe313d87..a4d8c2c7 100644 --- a/inventory/host_vars/ch-router.yml +++ b/inventory/host_vars/ch-router.yml @@ -27,9 +27,75 @@ openwrt_packages_add: - usbutils - kmod-ipt-nat - kmod-ipt-conntrack - + - openvpn openwrt_mixin: + /etc/openvpn/ca.crt: + content: "{{ openvpn_ca_certificate }}" + + /etc/openvpn/dhparams: + mode: "0600" + content: "{{ openvpn_dhparams }}" + + /etc/openvpn/ta.key: + mode: "0600" + content: "{{ openvpn_ta_key }}" + + /etc/openvpn/server.crt: + content: | + -----BEGIN CERTIFICATE----- + MIIHXDCCBUSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBqzELMAkGA1UEBhMCQVQx + DzANBgNVBAgTBlN0eXJpYTENMAsGA1UEBxMER3JhejEWMBQGA1UEChMNY2hhb3Mg + YXQgaG9tZTEPMA0GA1UECxMGc3lzb3BzMRkwFwYDVQQDExBjaGFvcyBhdCBob21l + IENBMRAwDgYDVQQpEwdFYXN5UlNBMSYwJAYJKoZIhvcNAQkBFhdhZG1pbkBjaGFv + cy1hdC1ob21lLm9yZzAeFw0xNTA1MDIwMTU3NDZaFw0yNTA0MjkwMTU3NDZaMIGi + MQswCQYDVQQGEwJBVDEPMA0GA1UECBMGU3R5cmlhMQ0wCwYDVQQHEwRHcmF6MRYw + FAYDVQQKEw1jaGFvcyBhdCBob21lMQ8wDQYDVQQLEwZzeXNvcHMxEDAOBgNVBAMT + B3BhbmRvcmExEDAOBgNVBCkTB0Vhc3lSU0ExJjAkBgkqhkiG9w0BCQEWF2FkbWlu + QGNoYW9zLWF0LWhvbWUub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC + AgEAvwp3VeAZ2+uWLv0ePQ+I8T+0JMQkCdpv2Hn8gEQyUe4ubPtR6SE7455mXtGS + WA67M9uHmX6jleQmap7VQPweBy5UD6ge5q39oJMB5G2wug2/QRcgTZVF1r14ZEmk + mI31fQBHI/8M3gtMGzB5q0ohsaOuNSEyQir/CBDlDoyOzcVKRC3hQ4DVqD1Trp2M + +bxINC9jcQUQd/U5+Ui51tlSBMs/M+0gAlD0kypgcQNZcDDsLW+iTF79/XMweowp + bRDv8GbabL1E5kMYL1Ii0vNV6xmjbiyI/tX4DMyKa5d2LI80X932U/ILyq01GVhq + bhribfZzqfJhC7zAc09zw2NfQ2F6ZAAcTMmCK/GFTpKWgBufRl7gr93f3mNDzVP4 + 9KDvQa62CUKEy7ELwxpAEyAlGEkym2Nw+SfiAy2W2uHrpV5UF4uVs58MKUnq3Ktw + O04comiuLnXkY9/7USrMngnuJdxcwd6kEXuk6WUZGHWhgGkdP6Ww5DE2HNicSHnT + 2gJFOkvvyXO5G7rmndJgK4dlsDuTdax6obIVyVEn20L8sLhuzQwfg1Z+1rnvkZVC + 0n9gYp104e36HrAhX5xYwkZ2sn1Rls/PU94ciH/7TjCXOxdOLcXw4yo2btsGNtli + 9I/tjPn5GHgLWa8VCGdGBsij7XP2AqPFGnzqS2lFi28YxukCAwEAAaOCAZAwggGM + MAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDQGCWCGSAGG+EIBDQQnFiVF + YXN5LVJTQSBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1UdDgQWBBR/ + DVVuzBz4Tb2mji2hC3IeOR5t7jCB4AYDVR0jBIHYMIHVgBTgUyHn3CGUn931tyDF + WVoc7+gfBaGBsaSBrjCBqzELMAkGA1UEBhMCQVQxDzANBgNVBAgTBlN0eXJpYTEN + MAsGA1UEBxMER3JhejEWMBQGA1UEChMNY2hhb3MgYXQgaG9tZTEPMA0GA1UECxMG + c3lzb3BzMRkwFwYDVQQDExBjaGFvcyBhdCBob21lIENBMRAwDgYDVQQpEwdFYXN5 + UlNBMSYwJAYJKoZIhvcNAQkBFhdhZG1pbkBjaGFvcy1hdC1ob21lLm9yZ4IJAOGc + Xf3qnvfBMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIFoDASBgNVHREE + CzAJggdwYW5kb3JhMA0GCSqGSIb3DQEBCwUAA4ICAQBTa8rgGfdlmKOhrzZEPUCZ + eAEICIpI1GnrHNLNAmbM4OIEO8lNPEVcsalqJSvFXaRh5lRBd4zGDhE2sehL13sX + ceeZTh4Ss6xBguHWh3ZCLcZimqbritAF9zl53Aer6AeCw0lYTlgFVgZBPU9X4UXV + mKqrmuorOy34vN/slRcsACrlWXonYAIrhSf6KPnTfmewp7c9LG2M8PBab05QC2tt + NYy9lKN6bf6e16lTREInQcf6t29OihbgWeOur4EdFg5QuckYDvr/fbbK1D2tVFjR + 9p8jgb7gJfvbqSc9oA6RoLQCr5mpTZeYrJWoCGlT943sXwTemPSL9NcDq/hr0RDY + uYUGWWR7uKi4RwGt1S5TvpEsE0p1KeiEpytInC4crWUeX5eU5oHqEmwbKFTkzTXM + yTj6EL4hTK5nHCGPYgY6umnPnTEc/Z7/kB9GPV4dOqu8qCWL+82+4y5PPSw/6H9B + BY5WYFlE66aYHpRvAseN7HKU1lqcX09rx6vTjVKtBilga3m44pOxPPgI9FN6XYQl + r43j0QX7FStrSTBkU7QgkXimU7jxJF7PczAhwQW8+Eyk2T2C9o8/w6T27UqMVByB + xnw1Z7IOVbenP1JUpX+xKvweCFjkcdGHF+bQ3ufWmo3MIwsapKC1859E37ENqWaF + 8ucdxgsmNPJk/dyj/4vqxQ== + -----END CERTIFICATE----- + + /etc/openvpn/server.key: + mode: "0600" + content: "{{ vault_openvpn_key }}" + + /etc/openvpn/ipp.txt: + mode: "0444" + content: | + pan,192.168.8.4 + mimas,192.168.8.8 + /etc/dropbear/authorized_keys: content: "{{ ssh_keys_root | join('\n') }}\n" @@ -72,15 +138,32 @@ openwrt_mixin: iptables -A INPUT -i "$MGMT_IF" -d "$MGMT_IPADDR" -s "$MGMT_IPADDR/$MGMT_NETMASK" -j ACCEPT + ## VPN Traffic + iptables -A FORWARD -i extern0 -s 192.168.8.0/24 -o "$SVC_IF" -j ACCEPT + iptables -A FORWARD -i "$SVC_IF" -o extern0 -d 192.168.8.0/24 -j ACCEPT + + ## WAN Traffic # iptables -A INPUT -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p icmp -j ACCEPT iptables -A INPUT -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p tcp --dport "$SSH_PORT" -j ACCEPT + iptables -A INPUT -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p udp --dport 1194 -j ACCEPT iptables -A INPUT -i "$MAGENTA_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT iptables -t nat -A PREROUTING -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p tcp --dport 2342 -j DNAT --to "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-jump']) | ipaddr('address') }}" iptables -A FORWARD -i "$MAGENTA_IF" -o "$SVC_IF" -d "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-jump']) | ipaddr('address') }}" -p tcp --dport 2342 -j ACCEPT + iptables -t nat -A PREROUTING -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p tcp --dport 80 -j DNAT --to "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-web']) | ipaddr('address') }}" + iptables -t nat -A PREROUTING -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p tcp --dport 443 -j DNAT --to "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-web']) | ipaddr('address') }}" + iptables -A FORWARD -i "$MAGENTA_IF" -o "$SVC_IF" -d "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-web']) | ipaddr('address') }}" -p tcp --dport 80 -j ACCEPT + iptables -A FORWARD -i "$MAGENTA_IF" -o "$SVC_IF" -d "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-web']) | ipaddr('address') }}" -p tcp --dport 443 -j ACCEPT + + iptables -t nat -A PREROUTING -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p tcp --dport 143 -j DNAT --to "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-mail']) | ipaddr('address') }}:144" + iptables -t nat -A PREROUTING -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p tcp --dport 993 -j DNAT --to "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-mail']) | ipaddr('address') }}" + iptables -A FORWARD -i "$MAGENTA_IF" -o "$SVC_IF" -d "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-mail']) | ipaddr('address') }}" -p tcp --dport 144 -j ACCEPT + iptables -A FORWARD -i "$MAGENTA_IF" -o "$SVC_IF" -d "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-mail']) | ipaddr('address') }}" -p tcp --dport 993 -j ACCEPT + + ## LAN Traffic # @@ -105,6 +188,7 @@ openwrt_mixin: iptables -F INPUT iptables -P FORWARD ACCEPT iptables -F FORWARD + iptables -t nat -F PREROUTING iptables -t nat -F POSTROUTING } @@ -141,6 +225,39 @@ openwrt_uci: RootPasswordAuth: 'off' Port: '{{ ansible_port | default(22) }}' + openvpn: + - name: openvpn 'extern' + options: + enabled: '1' + port: '1194' + proto: 'udp' + dev_type: 'tun' + dev: 'extern0' + + server: '192.168.8.0 255.255.255.0' + client_to_client: '1' + ifconfig_pool_persist: '/etc/openvpn/ipp.txt' + push: + - 'route 192.168.28.0 255.255.255.0' + - 'route 192.168.32.0 255.255.255.0' + + tls_auth: '/etc/openvpn/ta.key 0' + ca: '/etc/openvpn/ca.crt' + cert: '/etc/openvpn/server.crt' + key: '/etc/openvpn/server.key' + dh: '/etc/openvpn/dhparams' + + tls_cipher: 'DHE-RSA-AES256-SHA' + cipher: 'AES-256-CBC' + auth: 'SHA256' + comp_lzo: 'yes' + + keepalive: '10 120' + persist_key: '1' + persist_tun: '1' + user: 'nobody' + verb: '3' + network: - name: globals 'globals' options: @@ -176,6 +293,13 @@ openwrt_uci: ipaddr: "{{ network_zones.mgmt.prefix | ipaddr(network_zones.mgmt.offsets[inventory_hostname]) | ipaddr('address') }}" netmask: "{{ network_zones.mgmt.prefix | ipaddr('netmask') }}" + - name: route 'lan' + options: + interface: svc + target: "{{ network_zones.lan.prefix | ipaddr('network') }}" + netmask: "{{ network_zones.lan.prefix | ipaddr('netmask') }}" + gateway: "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-gw-lan']) | ipaddr('address') }}" + virsh_domxml: | <domain type='kvm'> diff --git a/inventory/hosts.ini b/inventory/hosts.ini index 048283a9..ac336af2 100644 --- a/inventory/hosts.ini +++ b/inventory/hosts.ini @@ -45,7 +45,9 @@ ch-sw1 host_name=sw1 ch-ap0 host_name=ap0 ch-ap1 host_name=ap1 - +[chaos_at_home_vpn_extern] +ch-router +ch-pan [realraum:vars] host_domain=realraum.at |