summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Pointner <equinox@spreadspace.org>2019-07-29 00:34:45 +0200
committerChristian Pointner <equinox@spreadspace.org>2019-07-29 00:34:45 +0200
commit76dcda830cbd5a5ba68b42121d2464f3b73ac977 (patch)
treedb03c228ce0e37a32eca42bb25be6adfbbe89968
parentMerge branch 'buster-unpredictable-network-ifnames' (diff)
finalize ch-router config
-rw-r--r--chaos-at-home/group_vars/chaos_at_home_vpn_extern.yml82
-rw-r--r--chaos-at-home/host_vars/ch-router.yml175
-rw-r--r--inventory/group_vars/chaos_at_home/network.yml11
-rw-r--r--inventory/group_vars/chaos_at_home_vpn_extern/main.yml45
-rw-r--r--inventory/host_vars/ch-jump.yml6
-rw-r--r--inventory/host_vars/ch-router.yml126
-rw-r--r--inventory/hosts.ini4
7 files changed, 442 insertions, 7 deletions
diff --git a/chaos-at-home/group_vars/chaos_at_home_vpn_extern.yml b/chaos-at-home/group_vars/chaos_at_home_vpn_extern.yml
new file mode 100644
index 00000000..89fcd8a6
--- /dev/null
+++ b/chaos-at-home/group_vars/chaos_at_home_vpn_extern.yml
@@ -0,0 +1,82 @@
+$ANSIBLE_VAULT;1.2;AES256;chaos-at-home
+39646465613132376562666130373038393965303130393036353861633134636231343663376561
+6238306136376663373665363832323633383634313238370a653864363239646132343665383434
+63396662366133656661613431656362343461626332383766313766613835393263396631633062
+3335636566366436640a343236356231383330396530323964303939373964636234366138633330
+32386537336464323138303036363164613163663366303230383637343561346330303034393534
+64363435313634666137343536303364633637316538626365666666343962623437393239323064
+34313231343732623031643662663666373165626230373963326534313666306630373735656339
+39363736623638633932396331376465323863303132623961383439623134663365643131383630
+38353531663638376538656634626161323934633232656262336435623961636332346666343138
+34636666373034346561666636353536613131396163623730353230396265393361663333383236
+37666435373864393161616638333564643831303266336233666433643832343432383731343130
+32396132333637616564366330393835323037366138666336393562613661383236363639643465
+64356532623436653233393363313136373632383730333333353061313630626639366663356437
+64386638303039363637666332313437306438376235643835663831346539636563613630643633
+36313437616238363631323964653737626162346266366534303735613363386331316566356462
+62343364613439623862623031303136373936663439623038376438323931643762616335303833
+30616435373930633132396463323466373238626537626363383033303638356563633962306239
+61366336663665353263636430313039333762616532326462643461363262346562336432313361
+33316237393963393330366134316539663664363437303666646666623832323162333238376438
+32366631653861326433613439383133353230613637316666386139373332363633313535353730
+37623865343365346464383232616636633736353433396536373533396361323262323131656536
+64316535353731343838313834346563313133666334656434366632376230666631616365343432
+62343532326536353861353665626331323633633862353731633063313662303733653432316430
+31653763376530346561323966393233363736373961373733336631396666373264316332626231
+36333261656139323939323436623439383165343163666565353937323365636532623334346435
+65396433396632616666636436316564303439386263643433646365343864363832316434333638
+39336538393762636263326437393030353835353064333338323035386239643836323533383032
+63396633643965303862333362613936636434323566393766363761353663643138313132623336
+35343465313738356335636333313538636562623031356565393737326531373364363130646139
+33636231393932656331356537333436623262653830633130386238373531376432373533666536
+36373032346563316163396664393039636331656330613733303566316464646463643131343537
+63646162623331306564373536383335326561343437326535303461613866396330613239626433
+66656466373331623964316431656335346637343130383764333862356166636461656237343866
+38343330356338613935353936323534353561663964636361623533343237383133306366336563
+36366531393365653039373464336463643764663839326362656339366532336138303766323066
+61376363656564383433343539373863343130313439393335386633396239613738356337393236
+37643232316264643830386462356631396132613139663335646637396534333332616534623036
+34363531613030386336313863366235623666333665313161623763626562333166313263633366
+32643839623831343935653933356131363364646236316234303066353166303939626163626234
+37623066333831643261353763623231643336633035303332343736333632623138623963656664
+65653932343065656638323530653232336338333562613738353334336136313466356665636361
+65376139316635383832343262356137306138303636623936376462333962343866393535333232
+34636138316562636261656630386363383038386666636631383538353664343738353832613962
+66353239386635363936616330666162356666636361303333346431356337656437623664633534
+33643933623565323166306430313331346236353734666532656133383365623263346139393938
+30323134306231373930623731303763346434323965343162616537636566326165653464363432
+62663338376637633330626530353035383838393939646134626630663330376131663836643166
+37333436653864323866323431373737353334396435616665346166623433333237333530666335
+64336334373162333065613533313361333463393761623736323431343239356334323863343563
+33353938393136356133636431356263653635316339643833313738613536613035323338643362
+39666538663764356630396337386532303931613834366364366261646136646263313139633939
+61346338346230346339366164376434316361313931303235636433376464366638366263363165
+63653338396230323438636430343364343832303231383066613837326435343333363730626138
+64666431623864396165316232383537336334393136656638656630346466653337653731653734
+34626137323635323731646333656561313137666536653036356437373263653261636662363261
+64366236336361343733396361613165323735663638653635373865303061376366613736353965
+63613364313966643963373738663833376639333935623064343865323231656364306363323432
+66316233363664626332643034373232303032303738333263666262396639346364316534653333
+36613133303461663536336630633639393662356632363963353234333537356130333532363762
+65373564633562623265643134333632373764376561343265326637396666303737313930343932
+62643063353838363265323036646333386435653362383262346562353036383933386536633765
+63656234356434656334363731323762356536666462326638326231633936346166303139353236
+38626435616338386566636438313461303735333831346138623834626666373636393534616531
+32346638313533383930366335386662393461656434643439643538343133363031613466613965
+62613335316436343331643939383730356163623966356539393734663662386330333634326132
+39666431613634356139616132643661303862363832643335393762393436323136376536336130
+61633136653364363435383337323335396132343263316232616633313066623762313336323731
+64316535303336656532643630643231323464383031343761373566383838383133383332333539
+61633836656136336366353662643430646439303131346162316166623033383230653632313235
+66346133333561653333333162663634346336303336353333363438313637303632353336313239
+36313764613932313730333263616330633936366538373237303237663534333935333835393830
+39363363306536363166373037343738643338303437343934613762633530326334613232626663
+35623432343435316238386263336435343630653238616137343835633831316163373963376561
+36633334623836653130376639656237633065333834666232396138646534313337626465326665
+64386162653061663266613266653334363934333732646330376534633065346430646134643930
+66643931663266343739363830363936366239336264373162626364393633393262613932363338
+39363663356535363937393236386339616133393438663830613866623133313430323334366436
+39333161343833396564646137343038633164653539343034373930663036653534633637386363
+32646336323536356563383261373731336336323331326131613933626564336233373932626162
+66323732366431396635313738373039653463306630646432306434373530373932643336373265
+6665
diff --git a/chaos-at-home/host_vars/ch-router.yml b/chaos-at-home/host_vars/ch-router.yml
new file mode 100644
index 00000000..2f1549ea
--- /dev/null
+++ b/chaos-at-home/host_vars/ch-router.yml
@@ -0,0 +1,175 @@
+$ANSIBLE_VAULT;1.2;AES256;chaos-at-home
+64633931303238633637396634333837396236613430623863336632633066323164333065616361
+3032336166306331353235343738383834373163313661630a356634363066346437356136646262
+31613961383561333663623966396434323461343439663333393733613831333138613938616230
+3731306334383337320a646233303262653436646462353536663961633134363539396437383232
+35346563653135373633323465333835393438633130353963356336623239323335383361623335
+36653939373530396232363761363662646633616563613331636261653031346138313834313262
+38366133323134373231656264366561313238383532336238663762623731313931663563313434
+63333164343063386231373636396464383737636232353061343830333837386134626639373335
+62356665663634323033646239326166343736663763336637303061656331636236613132636435
+35353930663263303534616636373934383832373239663639666563366431333733313561633863
+30386236343461633937326331366563353130366331613239636239333631613438396364356132
+62376462386262616632663561326332623266333331383061353633306562656363386434343263
+62396633323233663461316339613165363162653335333433376562656530656637663134653561
+65623439353239623533333935626635613465653166623737613336353637656232643339323831
+62316361663738643065653637316438313866323266616631383637386538343835653433623962
+63396132306363393962316431353464373733343637386339663663366462383933356461313263
+34393164656535313165303934366561613339653164323438373664656531636438313839323938
+65343462636564393863306364653733663537323430323839383337643138633436376430346366
+39623734356632613562313165663266313132323566353362316662616638393831363739613734
+61303664623532313466313833393030333063623464366133376237656664386237333935393536
+65356163643864633732626533383038663332366662396262353061383064333939643136386463
+35623330343462653635333232646266666537646337306562353836643436656161636534306537
+36386138386365363535623530393339353062343263663961326438633665663361316338633236
+31396239363431386234663965393838353330633366353034663136666566383731396233336261
+32623833623034353439343335626535373439353639386439353431356431353032336131386663
+34376662353737636633666162353533323638353739333664366239623863613039643535316634
+37333836666636343039636133346665666666303264623335333661636639303265356339623234
+65373762623430336135363932393233643931326562326232633464303662323062366236366431
+61343332356163333664353766383738623566323939383033343864363262356233613263653365
+38616532383536666339666439656562656332366465366333366637373166333737626231353762
+37336263666530636261393666636632653138623231363065623866653730396534346332303631
+33313838373562323331363961366461653233643662663064396261373365636366653539613734
+38373135656234303735363137373039643136633931643862663966346133666562313738353065
+34333032366435323238363964386537623062333730333461353261363937663839333137653463
+37303532616636643535623739643339666630656164636566633932323866613339393232386130
+35393132313336383839653835656132353238333136623339333332336462633261393462613864
+61386463633165643333333137306438613966303438323139616664666231613163323763623236
+38313839356636313632363963646262333837353064363965626565336135323661623930653165
+65306665363464313838383531643633663166643637636430336639356531363662373663383761
+62623365346132626664373262663931326534663032383961663530343633383332633965653339
+31363365316634613434623662303362643638323436303936656264653634343163363236653963
+35346535326464383261313338333165666336303832373631636431326564373662386439386234
+33643064616237383762353565373865353265323264653739333631366366643162363032643534
+32313736633666373664643266623365353564373238633463636634393736663631663738663566
+64356532353233613831336236343639343938313939333033306361633864633764346632373830
+37633866623138623763616634353135316466343639636132313764616237373038303661666162
+37366661643130633737363564353732396461323135323963656561333234306263356134386131
+66336430346333383239333132343431663161326163306337323535633735636234336261313765
+34343832303037313662323334383761393464656635383937613765633133353463393433653935
+33633132306166363030353933313037623863313566376636633162303163333635393437396365
+36326263303964376338663966386633396666623461653735616533346630656536323161353831
+62306237363235383431376535303430326634373831643032323532353235353965363530343134
+31663739323033663565656364643338613263306435393335393663386133366230353634666331
+39333138383038343738346230383230666136353231393063323031393839653632383438316337
+38346363313061613236656161646431376562383135366432356266333536396563383564356531
+39623831613731313634306430623930373837613935373030396334353435623038646331356363
+30386366376138303563313362353335393662353162316439616235643863363038336131343939
+32616231303137316536373237626462613066613461636566333334323532303733386636326635
+30323032336131656636383635396632346432393838653364343966383532623338636264323964
+32326263346537633264303533326537306337643433323662636435633334333737366532366363
+62363664356338316432373462313232643538363935393731303239313762343264656531633930
+38323731376436306465303864623134393066376337326432323263353937383336656431663035
+34653036643831373230653836613532613262373630363965636661333735633562633937346335
+32333833313634313737366236333931656231336238623037653935393462313961653465333838
+31663236623165313034613837393930303064323731393030643738306134313163353833373139
+61613832313236356638323864343262633737336261623365336163343932373565333266643939
+63626532653662356631303433356436386361323432303166313834343331663036663130316532
+39633730323539393833373361313764363338396239336430343565633637626336623664646461
+65626136613265343862383034323166346633343934363434313139613764656565633266656638
+34366566396439393839346630306636336236623739383835366565326566656436323732323762
+64623635303363616439313231376265366165663536356561613036333461333734323130363635
+34343964663331633934623632353531323564393234353630613838376332643964626264656137
+39333764383064313962323163363764343765316430633837633237313232313938333162643733
+62393663643565303238316266616363663866363230643238636632303465303339353165346461
+32383264373630303231306338653533373334626131613333663134663137646138383665663533
+37396432663064363335396431323338393334363939376332383632366464353332336366636361
+63643530633138306636393732323165633661363766663061363334656439393134306639386163
+63666339346162386636326538363464306232626262343866633838376331393765636561373464
+30663633383537386533616437636339636438653263343838363866626462323861363930656130
+39363236626637373361373839386530653030376664353431376138623366353337396432383034
+30346336383732626533383466353966336662323139386536623064616661633061336334303065
+34613439663932313337363930613366313232353631396463336432663735656466363337333837
+62363164363139623261336136353239643138306466383266633662356536363933303764343537
+37396366623030353334383532386137663438626266656238396430663338306132383034346334
+65363530613832353561663064626566313938313136363930316264346161386566613632376261
+38303034623339346530633832653362646163363832386633373934613861356336303333333663
+63363732643261376630623166623464613734626261386538306535616537383038626533333135
+30343162386239353165636539313963363365323435326166366364613931373936396237353263
+30346332626666393765333437633233663231646338343934313638303161373466383961383865
+33633037656130336264316139636536313962346338373562323263613038393866346461373333
+65633065393834623432376432386632353735383665353735653266373364346538653762666638
+66363630656530306265636261373438303761363034666139363035313063633562336464383363
+30643639356335626531343664313034356362663334343665373562333462353439323532396366
+30656239646363663938333266323433326466646234396236623533313930343463353634616233
+31613833383965363930356639393238303133636365363738616263636465396136376266336166
+63653632353936353764386437333338616134303764376434303239316366623364356230613764
+37623832663836366439666537323064373637343233343533356432366537623634643565623938
+65623965356436356162346335616435313332343437613961653064666461346662353061373238
+33323163373566356464386135626530313836356436326139343437646131613238633832336138
+37333636663738393134373335643665653932326633643436356363623139353065663861636239
+30633435653764393566656236313537633433363434386136643133663461636435353762363261
+65383039616231323539373262373734616664383766653339333736373866363865323531366136
+65383838636433666565343266383334653331323566306639666133313536623766306262393936
+38333863663430613833616161663135356633343862623830333234613664353334666331306264
+35396164326133383961323634303863363835653261653666626438633165323365306562636539
+33646334366362333337616134663632616263646631376665336262343631323031326638383339
+32663261646136356532613562366662396132393261353131313464316339646231366534623133
+37363538663830376631366636306564643631633536313562333634666235366562633431653834
+61616131363833303235643361623465666239666165636439623532373461373166326165343039
+34356338653061333661373838373833346266383232363766383633323532333534326130323937
+31666339346334636632613032663334643538636365653335333537323666636433303432653432
+37386630336534633839613535633036653065323565643030323130623261373364656137646633
+61363063316162613666626163333537643331366266383834666563613862633539306637373135
+31616632616431623766633062626333383361316565623231376135346632656335373737383532
+39666437363532336532363065336330643932363161373361383934613330393665353261313762
+35376230353431393139373137303763383664643931333433343534333730623638613038383862
+32343238316463336639376432636639613765356631363537353535646365383366373862613138
+31623163363839616665333033313765383735363831363264666330613261646636316436666565
+63376436363666343663656138623736353431303131646262663939393434623832303765396633
+66613365313330303736616137623935306335623834393939663933366463333139636437363831
+64336565363131653361313637613638356336353130303833666438326434386138343762656436
+38613639373733653733613838363866333561656432313839323562373330393461366330643132
+30333165376434383338343662653566616462653939353364376666346665663534656431333966
+38366364333662643731626366633737346439313232323036636237303166356661366464643265
+35313432323039623734323562356362646336363138363136373330656333323035353437363636
+62393464333063336237396438616165306631383466383164636237343330616239313662303636
+65346136383732646339663437363262626130366135303933393738343865653661613932366165
+62613432343033323961393162333530323735306366303837613736396634666634356364363265
+33323736346662336235653562636130383632613732646232366564656539353033343339386339
+66653365613432323266656538613739346437623265616335646266663063663331326538633034
+63666533373163343565386634346565636563313265393262306233623664343366666563623463
+30633563633565366638386232623831353766303435303531343366316362663465333561363663
+34356364363536303765333437663764613062666138343364346638383139653733333865636362
+63376638633166373762323534643563316238353531636330633734346166666232333536646535
+35303965316237623430656437663333383661343364646331336431303731643738656563366439
+39376438613263316163653037346165613639363935303062666634346561346337643431333464
+31326337636364383464643965663066633438336536613737356534623166323930333431333462
+33613737633163343431316161346564303938636232333830616161393434316166396334313437
+64633835666330616563633261343561626266636332653663343065303731663431303039373864
+63353862336463323766363535303766663265363735373039333965396565376335363739396332
+32376562623865393036633065383336306631656365353863333561336130643431356264636237
+38376430353034663736333265336538336665313834363934303164626237636166623763653564
+34613530383461323839636233303131343733396565393139313232663238663239353735663638
+63656361653663373031353634333530396439363735346532353037616135313466303436356439
+36653536383538326438323931626637313631303338303565616135616438616234653437353339
+62633035633762336233626235626463313432643236323035643466616364366339656432303937
+65616635626434653361636365333336353366306639656435623462653961356166666138653666
+38316536356463393934636661356436613537393439373062663164356566626562343233656135
+39623961343033333430616239316139666161336436383231636130643232353034666166663934
+37343431366464623161643766626534316162336231643366643835303730383061616237303232
+63343636316364656132316162323761353266313639363763333437336638376661636134383434
+37346466373937353634386561333064393630396664373234393038323533646139313439646130
+39323664376231323165613036383737363537356662653432663266376661366137356361373434
+66613034363534663536646238316332393433356134366464373365656661613538376632306633
+39636236663064306162316630303031336432303437396438343664306437636638616136393063
+31303865626538663063663939396239626231633265663632643437323963326137636237343336
+37393230343863393732313533623633386463323064613761633432613033653464333666333162
+61633065373336666638353730306130323634376638306261646330656665643463336663366333
+37303630353837303165313337303133616636326535373637343939656138623132323365653132
+61316238633937656239363461396433393265323163626164333962633730326634313338326432
+32643663643939396435623365356631343563636335643130663536353236386536366363653038
+37353739616634336366626662343537346466636662666435656637336137356265633362363139
+64343436633561373233636631653161313932343963323635656366653837646238386634313133
+38356637613933313663383465333063333639376231393731363732373131396139656434393861
+39333334353130303264333664316231633939626332666464386166343565343561626665623931
+33656639643838373232343636653036616530353863383237396336306131306163386130373838
+37333662646362373134633537343537643337666336336430303066343664623833623161393333
+39313065333363663338393633656538316564653437626130653537653636653230393139323632
+63356536383266306331383032643866353037323463663064626139303064326630396534393836
+37333739323933613839373434323737326236396431396439613461353539373739333830386264
+38393763366362646436663964323766626538653130303665633339613233656165333362616332
+61646134376434316630653935653763383136343832663936643438653433343237346266316635
+34613663303637643530363239323632613966313364383432616530313861333237623761346335
+6636646663356135346235636632326339346532353336346432
diff --git a/inventory/group_vars/chaos_at_home/network.yml b/inventory/group_vars/chaos_at_home/network.yml
index 31a2b6fd..8cfb0a98 100644
--- a/inventory/group_vars/chaos_at_home/network.yml
+++ b/inventory/group_vars/chaos_at_home/network.yml
@@ -7,9 +7,12 @@ network_zones:
dns:
- 192.168.28.254
dhcp:
- start: 1
+ start: 100
limit: 199
offsets:
+ ch-auth: 88
+ ch-prometheus: 99
+ ch-prometheus-old: 250
ch-gw-lan: 254
wifi:
ssid: "chaos at home"
@@ -37,14 +40,16 @@ network_zones:
offsets:
ch-jump: 22
ch-gw-lan: 28
- web: 80
- mail: 143
+ ch-stats: 10
+ ch-web: 80
+ ch-mail: 143
ch-router: 254
mgmt:
vlan: 42
prefix: 192.168.42.0/24
offsets:
+ ch-jump: 22
ch-sw0: 200
ch-sw1: 201
ch-ap0: 220
diff --git a/inventory/group_vars/chaos_at_home_vpn_extern/main.yml b/inventory/group_vars/chaos_at_home_vpn_extern/main.yml
new file mode 100644
index 00000000..2ada0a35
--- /dev/null
+++ b/inventory/group_vars/chaos_at_home_vpn_extern/main.yml
@@ -0,0 +1,45 @@
+---
+openvpn_ca_certificate: |
+ -----BEGIN CERTIFICATE-----
+ MIIG8TCCBNmgAwIBAgIJAOGcXf3qnvfBMA0GCSqGSIb3DQEBCwUAMIGrMQswCQYD
+ VQQGEwJBVDEPMA0GA1UECBMGU3R5cmlhMQ0wCwYDVQQHEwRHcmF6MRYwFAYDVQQK
+ Ew1jaGFvcyBhdCBob21lMQ8wDQYDVQQLEwZzeXNvcHMxGTAXBgNVBAMTEGNoYW9z
+ IGF0IGhvbWUgQ0ExEDAOBgNVBCkTB0Vhc3lSU0ExJjAkBgkqhkiG9w0BCQEWF2Fk
+ bWluQGNoYW9zLWF0LWhvbWUub3JnMB4XDTE1MDUwMjAxMDQ0NFoXDTI1MDQyOTAx
+ MDQ0NFowgasxCzAJBgNVBAYTAkFUMQ8wDQYDVQQIEwZTdHlyaWExDTALBgNVBAcT
+ BEdyYXoxFjAUBgNVBAoTDWNoYW9zIGF0IGhvbWUxDzANBgNVBAsTBnN5c29wczEZ
+ MBcGA1UEAxMQY2hhb3MgYXQgaG9tZSBDQTEQMA4GA1UEKRMHRWFzeVJTQTEmMCQG
+ CSqGSIb3DQEJARYXYWRtaW5AY2hhb3MtYXQtaG9tZS5vcmcwggIiMA0GCSqGSIb3
+ DQEBAQUAA4ICDwAwggIKAoICAQCz+MrezJ744nzWHV1LqjnWOtthbHQ4bNv3odbu
+ bOJlyL3HLIzmJ4lRLvgDPpZKQP46XlvxNsDbwMlLCXgiaKZh3Y/WhM1wixE0t4SK
+ 132S2jDa1rIP4x37G/na7Q/QLPSkB7qCzo7herYizFU5FmGLxIIMUEYDQ8ryEkrl
+ ZZ5YG583gLX4prJ6gyeP8gyitA6VK+zGoAzjA7+gpQqM7HdtQtHWYKpuaPnqL8G0
+ nCBCNyZVPLDRaYzT1RP6uittotXwBZ5+2ox1EubG3u+Insk11ydTmRubodB+DLaq
+ QRpzj2zbInd9s2FDZonSOhzLiRwg2Hkshs+NKTIf1K3eD6q6ts/83hdmYWPT/uAD
+ e7l0Py1FRc/5cQwPxdGGzo/q604oAyXEeXwHzrrVIZF1SrC33wTDtCn5PqLL/92t
+ E3sCyCAQNuGP4bLL8tMYOvzYuhurPzFlV/ijpDXc+GWdpeAf00g8m1ZLBFUuFLAy
+ Ymx/zgN7WOheBPqJSrt/l00k+FjSi3A++iGYFD9ro52jfDctV6j//Qv5HhEDgOi4
+ UtvC3A02bb44IB7255pC1cZ8VCe7VGHIV40DwHt1103jRhDflicP9mDgicP2YquF
+ bM3aSjmxkhx1lkUUfbJpHRdiIcjaSazhWwUGIYCV5dDNqs/bwSuWXp5TXuUd5YLR
+ pIDaaQIDAQABo4IBFDCCARAwHQYDVR0OBBYEFOBTIefcIZSf3fW3IMVZWhzv6B8F
+ MIHgBgNVHSMEgdgwgdWAFOBTIefcIZSf3fW3IMVZWhzv6B8FoYGxpIGuMIGrMQsw
+ CQYDVQQGEwJBVDEPMA0GA1UECBMGU3R5cmlhMQ0wCwYDVQQHEwRHcmF6MRYwFAYD
+ VQQKEw1jaGFvcyBhdCBob21lMQ8wDQYDVQQLEwZzeXNvcHMxGTAXBgNVBAMTEGNo
+ YW9zIGF0IGhvbWUgQ0ExEDAOBgNVBCkTB0Vhc3lSU0ExJjAkBgkqhkiG9w0BCQEW
+ F2FkbWluQGNoYW9zLWF0LWhvbWUub3JnggkA4Zxd/eqe98EwDAYDVR0TBAUwAwEB
+ /zANBgkqhkiG9w0BAQsFAAOCAgEAJRsbExbfH/8EwAFwRlzXQaBocQvEISvnI50e
+ LDNv8uqWEdxQRXflD9BwzSivVeV5iNqspzwDETMTkj+ZDHA/gHJogR3Tl3jupQ2H
+ S0GBSfzv/2LeOGM88WfvOqLix9aKRhBvKPgzvm0ythD5+BA+pHoO/Hi6QxZQosMU
+ zBMcYZwASoOGn7jDDaXAtymyMl9SYHASPc15i3tYUHQrnZHl0vunJS6yTCHcOxOw
+ bd7ZNSyvLWF4mymE7tFFXtQ0g6mFX41wyRX0YAXYnV6qHGaFg81PO9wwSYRE90eq
+ nalqFM+8Q8G+avVlpbVN956S/SxaJzZZMrwBFOWgf09epO6ULjKQ2efoYQhCUHJo
+ xx3KkZhYIlqYlQ67cOlKHry4rNIZissUHFrVSYtsQG+F2PvIgmY5sefCNWujUj3m
+ 9R5o9p1ox4SNt0XuIh92xLLv9AKhSKaI0eMh07hZFT1RnoO6I35QPtVI7bqx8ryT
+ Hgd5pnSvdySd1JUDS8D/W0BTkPmDhjMad4GNAGpKhvNumZqOFTw3IeSN+oWWMhYt
+ z4mYklW/xDdkbFHoaZK0FFlJl6aM+qGNoOarRx1XlA+jT5GQl5ZbIVDENfRJBEt4
+ 63sa1VvytDA7qx61roJ2jnZPZPnxbSGCgljEbgjb0LKSddOFx+sgqzc1c8KgmOlf
+ 6XrTyAc=
+ -----END CERTIFICATE-----
+
+openvpn_dhparams: "{{ vault_openvpn_dhparams }}"
+openvpn_ta_key: "{{ vault_openvpn_ta_key }}"
diff --git a/inventory/host_vars/ch-jump.yml b/inventory/host_vars/ch-jump.yml
index b46120f1..94b55319 100644
--- a/inventory/host_vars/ch-jump.yml
+++ b/inventory/host_vars/ch-jump.yml
@@ -14,7 +14,9 @@ install:
size: 10g
interfaces:
- bridge: br-svc
- name: primary0
+ name: svc0
+ - bridge: br-mgmt
+ name: mgmt0
autostart: True
network:
@@ -23,7 +25,7 @@ network:
systemd_link:
interfaces: "{{ install.interfaces }}"
primary:
- interface: primary0
+ interface: svc0
ip: "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets[inventory_hostname]) | ipaddr('address') }}"
mask: "{{ network_zones.svc.prefix | ipaddr('netmask') }}"
gateway: "{{ network_zones.svc.gw }}"
diff --git a/inventory/host_vars/ch-router.yml b/inventory/host_vars/ch-router.yml
index fe313d87..a4d8c2c7 100644
--- a/inventory/host_vars/ch-router.yml
+++ b/inventory/host_vars/ch-router.yml
@@ -27,9 +27,75 @@ openwrt_packages_add:
- usbutils
- kmod-ipt-nat
- kmod-ipt-conntrack
-
+ - openvpn
openwrt_mixin:
+ /etc/openvpn/ca.crt:
+ content: "{{ openvpn_ca_certificate }}"
+
+ /etc/openvpn/dhparams:
+ mode: "0600"
+ content: "{{ openvpn_dhparams }}"
+
+ /etc/openvpn/ta.key:
+ mode: "0600"
+ content: "{{ openvpn_ta_key }}"
+
+ /etc/openvpn/server.crt:
+ content: |
+ -----BEGIN CERTIFICATE-----
+ MIIHXDCCBUSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBqzELMAkGA1UEBhMCQVQx
+ DzANBgNVBAgTBlN0eXJpYTENMAsGA1UEBxMER3JhejEWMBQGA1UEChMNY2hhb3Mg
+ YXQgaG9tZTEPMA0GA1UECxMGc3lzb3BzMRkwFwYDVQQDExBjaGFvcyBhdCBob21l
+ IENBMRAwDgYDVQQpEwdFYXN5UlNBMSYwJAYJKoZIhvcNAQkBFhdhZG1pbkBjaGFv
+ cy1hdC1ob21lLm9yZzAeFw0xNTA1MDIwMTU3NDZaFw0yNTA0MjkwMTU3NDZaMIGi
+ MQswCQYDVQQGEwJBVDEPMA0GA1UECBMGU3R5cmlhMQ0wCwYDVQQHEwRHcmF6MRYw
+ FAYDVQQKEw1jaGFvcyBhdCBob21lMQ8wDQYDVQQLEwZzeXNvcHMxEDAOBgNVBAMT
+ B3BhbmRvcmExEDAOBgNVBCkTB0Vhc3lSU0ExJjAkBgkqhkiG9w0BCQEWF2FkbWlu
+ QGNoYW9zLWF0LWhvbWUub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
+ AgEAvwp3VeAZ2+uWLv0ePQ+I8T+0JMQkCdpv2Hn8gEQyUe4ubPtR6SE7455mXtGS
+ WA67M9uHmX6jleQmap7VQPweBy5UD6ge5q39oJMB5G2wug2/QRcgTZVF1r14ZEmk
+ mI31fQBHI/8M3gtMGzB5q0ohsaOuNSEyQir/CBDlDoyOzcVKRC3hQ4DVqD1Trp2M
+ +bxINC9jcQUQd/U5+Ui51tlSBMs/M+0gAlD0kypgcQNZcDDsLW+iTF79/XMweowp
+ bRDv8GbabL1E5kMYL1Ii0vNV6xmjbiyI/tX4DMyKa5d2LI80X932U/ILyq01GVhq
+ bhribfZzqfJhC7zAc09zw2NfQ2F6ZAAcTMmCK/GFTpKWgBufRl7gr93f3mNDzVP4
+ 9KDvQa62CUKEy7ELwxpAEyAlGEkym2Nw+SfiAy2W2uHrpV5UF4uVs58MKUnq3Ktw
+ O04comiuLnXkY9/7USrMngnuJdxcwd6kEXuk6WUZGHWhgGkdP6Ww5DE2HNicSHnT
+ 2gJFOkvvyXO5G7rmndJgK4dlsDuTdax6obIVyVEn20L8sLhuzQwfg1Z+1rnvkZVC
+ 0n9gYp104e36HrAhX5xYwkZ2sn1Rls/PU94ciH/7TjCXOxdOLcXw4yo2btsGNtli
+ 9I/tjPn5GHgLWa8VCGdGBsij7XP2AqPFGnzqS2lFi28YxukCAwEAAaOCAZAwggGM
+ MAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDQGCWCGSAGG+EIBDQQnFiVF
+ YXN5LVJTQSBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1UdDgQWBBR/
+ DVVuzBz4Tb2mji2hC3IeOR5t7jCB4AYDVR0jBIHYMIHVgBTgUyHn3CGUn931tyDF
+ WVoc7+gfBaGBsaSBrjCBqzELMAkGA1UEBhMCQVQxDzANBgNVBAgTBlN0eXJpYTEN
+ MAsGA1UEBxMER3JhejEWMBQGA1UEChMNY2hhb3MgYXQgaG9tZTEPMA0GA1UECxMG
+ c3lzb3BzMRkwFwYDVQQDExBjaGFvcyBhdCBob21lIENBMRAwDgYDVQQpEwdFYXN5
+ UlNBMSYwJAYJKoZIhvcNAQkBFhdhZG1pbkBjaGFvcy1hdC1ob21lLm9yZ4IJAOGc
+ Xf3qnvfBMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIFoDASBgNVHREE
+ CzAJggdwYW5kb3JhMA0GCSqGSIb3DQEBCwUAA4ICAQBTa8rgGfdlmKOhrzZEPUCZ
+ eAEICIpI1GnrHNLNAmbM4OIEO8lNPEVcsalqJSvFXaRh5lRBd4zGDhE2sehL13sX
+ ceeZTh4Ss6xBguHWh3ZCLcZimqbritAF9zl53Aer6AeCw0lYTlgFVgZBPU9X4UXV
+ mKqrmuorOy34vN/slRcsACrlWXonYAIrhSf6KPnTfmewp7c9LG2M8PBab05QC2tt
+ NYy9lKN6bf6e16lTREInQcf6t29OihbgWeOur4EdFg5QuckYDvr/fbbK1D2tVFjR
+ 9p8jgb7gJfvbqSc9oA6RoLQCr5mpTZeYrJWoCGlT943sXwTemPSL9NcDq/hr0RDY
+ uYUGWWR7uKi4RwGt1S5TvpEsE0p1KeiEpytInC4crWUeX5eU5oHqEmwbKFTkzTXM
+ yTj6EL4hTK5nHCGPYgY6umnPnTEc/Z7/kB9GPV4dOqu8qCWL+82+4y5PPSw/6H9B
+ BY5WYFlE66aYHpRvAseN7HKU1lqcX09rx6vTjVKtBilga3m44pOxPPgI9FN6XYQl
+ r43j0QX7FStrSTBkU7QgkXimU7jxJF7PczAhwQW8+Eyk2T2C9o8/w6T27UqMVByB
+ xnw1Z7IOVbenP1JUpX+xKvweCFjkcdGHF+bQ3ufWmo3MIwsapKC1859E37ENqWaF
+ 8ucdxgsmNPJk/dyj/4vqxQ==
+ -----END CERTIFICATE-----
+
+ /etc/openvpn/server.key:
+ mode: "0600"
+ content: "{{ vault_openvpn_key }}"
+
+ /etc/openvpn/ipp.txt:
+ mode: "0444"
+ content: |
+ pan,192.168.8.4
+ mimas,192.168.8.8
+
/etc/dropbear/authorized_keys:
content: "{{ ssh_keys_root | join('\n') }}\n"
@@ -72,15 +138,32 @@ openwrt_mixin:
iptables -A INPUT -i "$MGMT_IF" -d "$MGMT_IPADDR" -s "$MGMT_IPADDR/$MGMT_NETMASK" -j ACCEPT
+ ## VPN Traffic
+ iptables -A FORWARD -i extern0 -s 192.168.8.0/24 -o "$SVC_IF" -j ACCEPT
+ iptables -A FORWARD -i "$SVC_IF" -o extern0 -d 192.168.8.0/24 -j ACCEPT
+
+
## WAN Traffic
#
iptables -A INPUT -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p icmp -j ACCEPT
iptables -A INPUT -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p tcp --dport "$SSH_PORT" -j ACCEPT
+ iptables -A INPUT -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p udp --dport 1194 -j ACCEPT
iptables -A INPUT -i "$MAGENTA_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A PREROUTING -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p tcp --dport 2342 -j DNAT --to "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-jump']) | ipaddr('address') }}"
iptables -A FORWARD -i "$MAGENTA_IF" -o "$SVC_IF" -d "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-jump']) | ipaddr('address') }}" -p tcp --dport 2342 -j ACCEPT
+ iptables -t nat -A PREROUTING -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p tcp --dport 80 -j DNAT --to "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-web']) | ipaddr('address') }}"
+ iptables -t nat -A PREROUTING -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p tcp --dport 443 -j DNAT --to "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-web']) | ipaddr('address') }}"
+ iptables -A FORWARD -i "$MAGENTA_IF" -o "$SVC_IF" -d "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-web']) | ipaddr('address') }}" -p tcp --dport 80 -j ACCEPT
+ iptables -A FORWARD -i "$MAGENTA_IF" -o "$SVC_IF" -d "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-web']) | ipaddr('address') }}" -p tcp --dport 443 -j ACCEPT
+
+ iptables -t nat -A PREROUTING -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p tcp --dport 143 -j DNAT --to "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-mail']) | ipaddr('address') }}:144"
+ iptables -t nat -A PREROUTING -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p tcp --dport 993 -j DNAT --to "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-mail']) | ipaddr('address') }}"
+ iptables -A FORWARD -i "$MAGENTA_IF" -o "$SVC_IF" -d "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-mail']) | ipaddr('address') }}" -p tcp --dport 144 -j ACCEPT
+ iptables -A FORWARD -i "$MAGENTA_IF" -o "$SVC_IF" -d "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-mail']) | ipaddr('address') }}" -p tcp --dport 993 -j ACCEPT
+
+
## LAN Traffic
#
@@ -105,6 +188,7 @@ openwrt_mixin:
iptables -F INPUT
iptables -P FORWARD ACCEPT
iptables -F FORWARD
+ iptables -t nat -F PREROUTING
iptables -t nat -F POSTROUTING
}
@@ -141,6 +225,39 @@ openwrt_uci:
RootPasswordAuth: 'off'
Port: '{{ ansible_port | default(22) }}'
+ openvpn:
+ - name: openvpn 'extern'
+ options:
+ enabled: '1'
+ port: '1194'
+ proto: 'udp'
+ dev_type: 'tun'
+ dev: 'extern0'
+
+ server: '192.168.8.0 255.255.255.0'
+ client_to_client: '1'
+ ifconfig_pool_persist: '/etc/openvpn/ipp.txt'
+ push:
+ - 'route 192.168.28.0 255.255.255.0'
+ - 'route 192.168.32.0 255.255.255.0'
+
+ tls_auth: '/etc/openvpn/ta.key 0'
+ ca: '/etc/openvpn/ca.crt'
+ cert: '/etc/openvpn/server.crt'
+ key: '/etc/openvpn/server.key'
+ dh: '/etc/openvpn/dhparams'
+
+ tls_cipher: 'DHE-RSA-AES256-SHA'
+ cipher: 'AES-256-CBC'
+ auth: 'SHA256'
+ comp_lzo: 'yes'
+
+ keepalive: '10 120'
+ persist_key: '1'
+ persist_tun: '1'
+ user: 'nobody'
+ verb: '3'
+
network:
- name: globals 'globals'
options:
@@ -176,6 +293,13 @@ openwrt_uci:
ipaddr: "{{ network_zones.mgmt.prefix | ipaddr(network_zones.mgmt.offsets[inventory_hostname]) | ipaddr('address') }}"
netmask: "{{ network_zones.mgmt.prefix | ipaddr('netmask') }}"
+ - name: route 'lan'
+ options:
+ interface: svc
+ target: "{{ network_zones.lan.prefix | ipaddr('network') }}"
+ netmask: "{{ network_zones.lan.prefix | ipaddr('netmask') }}"
+ gateway: "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-gw-lan']) | ipaddr('address') }}"
+
virsh_domxml: |
<domain type='kvm'>
diff --git a/inventory/hosts.ini b/inventory/hosts.ini
index 048283a9..ac336af2 100644
--- a/inventory/hosts.ini
+++ b/inventory/hosts.ini
@@ -45,7 +45,9 @@ ch-sw1 host_name=sw1
ch-ap0 host_name=ap0
ch-ap1 host_name=ap1
-
+[chaos_at_home_vpn_extern]
+ch-router
+ch-pan
[realraum:vars]
host_domain=realraum.at