diff options
author | Christian Pointner <equinox@spreadspace.org> | 2020-02-29 04:55:38 +0100 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2020-02-29 04:55:38 +0100 |
commit | b399a54c2363ff717b1a92732e42e82f73cd958d (patch) | |
tree | 74bbcc77e0e14277f3bcbfe6ee6a5bb4413df8a0 | |
parent | ele-media fix firewall rules (ssh port) (diff) |
prepare wireguard tunnel for emc
-rw-r--r-- | dan/host_vars/ele-gwhetzner.yml | 21 | ||||
-rw-r--r-- | dan/host_vars/ele-router.yml | 10 | ||||
-rw-r--r-- | inventory/group_vars/elevate-festival/main.yml | 28 | ||||
-rw-r--r-- | inventory/host_vars/ele-gwhetzner.yml | 22 | ||||
-rw-r--r-- | inventory/host_vars/ele-router.yml | 10 |
5 files changed, 77 insertions, 14 deletions
diff --git a/dan/host_vars/ele-gwhetzner.yml b/dan/host_vars/ele-gwhetzner.yml index 4fc98f53..a2b6d67a 100644 --- a/dan/host_vars/ele-gwhetzner.yml +++ b/dan/host_vars/ele-gwhetzner.yml @@ -1,10 +1,13 @@ $ANSIBLE_VAULT;1.2;AES256;dan -62393830326163353339343132303631303230383938316134343732313339346532383339323064 -3361613830343332303664393438633161326233303537630a353465313033386630663731363865 -63346563343632366639323165663331393335356266383533316165356335356132343534623934 -6336396437393931350a303737353861613264303733363662336461386666376531356538356563 -35383636343538316337313132326566326564386131376563666235396235393236643366613232 -66366530653965336265623636616233643738373465386331626330396563303134313061653838 -37303039343364376633373931663031383638326132616336623636306162373462653138666464 -39623737613464313432326131666135353261333864323436353130626636393764393433326166 -3133 +63613763393832643163353733663563356666323338356338323465626566383934623265316335 +3931633335623561653232363531303533353363393030300a353732336235323137643937313939 +62396430653465366139623464633632366331623738376262323932316632633431393561633464 +3863383033633766630a373737373937646563653632613035303261376163376365396237623538 +36643138353435656265303639663035326330626534326264306263353663656231653362626235 +61613337303863336664303266303831366135376264336239353565633739636136356263636539 +32666637613536613036316636656134666261333561313230613136313939396636303064633731 +35386232386235666264326239353736303163643264313737613436356265366366613031393439 +36643038353862323361613138363165323431656132396638346539643932623663303366333365 +62353865356537333263393566623762666563333131323664346462306532613263323263643837 +61643265666366393237626266316439356331333438646462643730353137333433623031306631 +38326131363565326232 diff --git a/dan/host_vars/ele-router.yml b/dan/host_vars/ele-router.yml new file mode 100644 index 00000000..2730423b --- /dev/null +++ b/dan/host_vars/ele-router.yml @@ -0,0 +1,10 @@ +$ANSIBLE_VAULT;1.2;AES256;dan +39333736323632303766653165323636316234343764663335303762663366626362303131376536 +3938396235396230633731613838363931323339633235360a636130306165643239333531613939 +35353134393133366236383465653161646464366539366136303833656433393332633137333766 +3730353830613236360a653135653266616638656565323230306566646465666339366361663635 +35383031326436623030633566636163343764353435376633313937363265396534356562666330 +65303234306463383538333462363166323761333433613765366163366265333035383162663061 +39626436643839343561663166646539343135363163346338313964623038376463613762343338 +31316139313531303965326635663962303864386561333864356435383463623235663862346632 +3463 diff --git a/inventory/group_vars/elevate-festival/main.yml b/inventory/group_vars/elevate-festival/main.yml index 013aef69..30d9ee4a 100644 --- a/inventory/group_vars/elevate-festival/main.yml +++ b/inventory/group_vars/elevate-festival/main.yml @@ -20,11 +20,26 @@ network_zones: datacop: 249 equinox-t450s: 250 ele-laptop: 251 + ele-router: 254 wifi: ssid: "elevate Staff" encryption: "psk2" key: "{{ vault_wifi_keys.lan }}" + emc: + vlan: 20 + prefix: 192.168.20.0/24 + gateway: 192.168.20.254 + dns: + - 192.168.20.254 + dhcp: + start: 1 + limit: 199 + offsets: + equinox-t450s: 250 + ele-laptop: 251 + ele-router: 254 + guest: vlan: 23 prefix: 192.168.23.0/24 @@ -35,6 +50,9 @@ network_zones: start: 1 limit: 250 leasetime: 2h + offsets: + equinox-t450s: 250 + ele-router: 254 wifi: ssid: "elevate Public" encryption: "psk2" @@ -107,6 +125,9 @@ network_zones: mixer: vlan: 48 prefix: 192.168.48.0/24 + gateway: 192.168.48.254 + dns: + - 192.168.48.254 offsets: kuschelbaer: 48 atem-datacop: 90 @@ -121,9 +142,7 @@ network_zones: x32core: 216 datacop: 249 equinox-t450s: 250 - gateway: 192.168.48.254 - dns: - - 192.168.48.254 + ele-router: 254 infoscreens: vlan: 73 @@ -134,6 +153,9 @@ network_zones: dhcp: start: 100 limit: 199 + offsets: + equinox-t450s: 250 + ele-router: 254 wifi: ssid: "elevate Infoscreens" encryption: "psk2" diff --git a/inventory/host_vars/ele-gwhetzner.yml b/inventory/host_vars/ele-gwhetzner.yml index f68ff783..3575c943 100644 --- a/inventory/host_vars/ele-gwhetzner.yml +++ b/inventory/host_vars/ele-gwhetzner.yml @@ -37,6 +37,9 @@ wireguard_keys: elemedia: pub: "1GdTR5ehIcSVvwdWWsKitRjzcm1gY3Z9ASzJAuN7VH0=" priv: "{{ vault_wireguard_priv_keys.elemedia }}" + emc: + pub: "xgBLLDTRrVxUG0BEr0gNQ6ofkXSRDQR7OXilxCCwtxs=" + priv: "{{ vault_wireguard_priv_keys.elemedia }}" wireguard_gateway_tunnels: wg-elemedia: @@ -52,7 +55,26 @@ wireguard_gateway_tunnels: tcp_ports: 80: 192.168.254.2:80 443: 192.168.254.2:443 + 322: 192.168.254.2:222 peers: - pub_key: "{{ hostvars['ele-media'].wireguard_keys.gwhetzner.pub }}" allowed_ips: - 192.168.254.2/32 + wg-emc: + description: Elevate Media Channel + priv_key: "{{ wireguard_keys.emc.priv }}" + listen_port: 51821 + addresses: + - 192.168.254.5/30 + ip_snat: + interface: "{{ network.primary.interface }}" + to: "{{ network.primary.overlay }}" + port_forwardings: + - dest: "{{ network.primary.overlay }}" + tcp_ports: + 422: 192.168.254.6:222 + peers: + - pub_key: "{{ hostvars['ele-router'].wireguard_keys.gwhetzner.pub }}" + allowed_ips: + - 192.168.254.6/32 + - 192.168.20.0/24 diff --git a/inventory/host_vars/ele-router.yml b/inventory/host_vars/ele-router.yml index 4a552d7f..72cb2b14 100644 --- a/inventory/host_vars/ele-router.yml +++ b/inventory/host_vars/ele-router.yml @@ -1,4 +1,10 @@ --- +wireguard_keys: + gwhetzner: + pub: "fqaKDJbSj6V0H98d78d/lnFLolefgp6zDPH9bN4+zUY=" + priv: "{{ vault_wireguard_priv_keys.gwhetzner }}" + + network_mgmt_zone: "{{ network_zones.mgmt }}" network_internal_zone_names: - lan @@ -12,7 +18,7 @@ openwrt_network_external: options: device: 'switch0' ## for some reason vlan-id 502 does not work. why?? - vlan: '{{ network_zones.forum_a1.vlan }}' + #vlan: '{{ network_zones.forum_a1.vlan }}' vlan: '1' ports: '4 6t' @@ -49,7 +55,7 @@ openwrt_network_external: - name: interface 'wanff' options: ## for some reason vlan-id 502 does not work. why?? - #fname: 'eth0.{{ network_zones.funkfeuer.vlan }}' + #ifname: 'eth0.{{ network_zones.funkfeuer.vlan }}' ifname: 'eth0.2' proto: static ipaddr: "{{ network_zones.funkfeuer.prefix | ipaddr(network_zones.funkfeuer.offsets[inventory_hostname]) | ipaddr('address') }}" |