prepare wireguard tunnel for emc

author: Christian Pointner <equinox@spreadspace.org> 2020-02-29 04:55:38 +0100
committer: Christian Pointner <equinox@spreadspace.org> 2020-02-29 04:55:38 +0100
commit: b399a54c2363ff717b1a92732e42e82f73cd958d (patch)
tree: 74bbcc77e0e14277f3bcbfe6ee6a5bb4413df8a0 /inventory
parent: ele-media fix firewall rules (ssh port) (diff)
3 files changed, 55 insertions, 5 deletions
diff --git a/inventory/group_vars/elevate-festival/main.yml b/inventory/group_vars/elevate-festival/main.yml
index 013aef69..30d9ee4a 100644
--- a/inventory/group_vars/elevate-festival/main.yml
+++ b/inventory/group_vars/elevate-festival/main.yml
@@ -20,11 +20,26 @@ network_zones:
       datacop: 249
       equinox-t450s: 250
       ele-laptop: 251
+      ele-router: 254
     wifi:
       ssid: "elevate Staff"
       encryption: "psk2"
       key: "{{ vault_wifi_keys.lan }}"
 
+  emc:
+    vlan: 20
+    prefix: 192.168.20.0/24
+    gateway: 192.168.20.254
+    dns:
+      - 192.168.20.254
+    dhcp:
+      start: 1
+      limit: 199
+    offsets:
+      equinox-t450s: 250
+      ele-laptop: 251
+      ele-router: 254
+
   guest:
     vlan: 23
     prefix: 192.168.23.0/24
@@ -35,6 +50,9 @@ network_zones:
       start: 1
       limit: 250
       leasetime: 2h
+    offsets:
+      equinox-t450s: 250
+      ele-router: 254
     wifi:
       ssid: "elevate Public"
       encryption: "psk2"
@@ -107,6 +125,9 @@ network_zones:
   mixer:
     vlan: 48
     prefix: 192.168.48.0/24
+    gateway: 192.168.48.254
+    dns:
+      - 192.168.48.254
     offsets:
       kuschelbaer: 48
       atem-datacop: 90
@@ -121,9 +142,7 @@ network_zones:
       x32core: 216
       datacop: 249
       equinox-t450s: 250
-    gateway: 192.168.48.254
-    dns:
-      - 192.168.48.254
+      ele-router: 254
 
   infoscreens:
     vlan: 73
@@ -134,6 +153,9 @@ network_zones:
     dhcp:
       start: 100
       limit: 199
+    offsets:
+      equinox-t450s: 250
+      ele-router: 254
     wifi:
       ssid: "elevate Infoscreens"
       encryption: "psk2"
diff --git a/inventory/host_vars/ele-gwhetzner.yml b/inventory/host_vars/ele-gwhetzner.yml
index f68ff783..3575c943 100644
--- a/inventory/host_vars/ele-gwhetzner.yml
+++ b/inventory/host_vars/ele-gwhetzner.yml
@@ -37,6 +37,9 @@ wireguard_keys:
   elemedia:
     pub: "1GdTR5ehIcSVvwdWWsKitRjzcm1gY3Z9ASzJAuN7VH0="
     priv: "{{ vault_wireguard_priv_keys.elemedia }}"
+  emc:
+    pub: "xgBLLDTRrVxUG0BEr0gNQ6ofkXSRDQR7OXilxCCwtxs="
+    priv: "{{ vault_wireguard_priv_keys.elemedia }}"
 
 wireguard_gateway_tunnels:
   wg-elemedia:
@@ -52,7 +55,26 @@ wireguard_gateway_tunnels:
       tcp_ports:
         80: 192.168.254.2:80
         443: 192.168.254.2:443
+        322: 192.168.254.2:222
     peers:
     - pub_key: "{{ hostvars['ele-media'].wireguard_keys.gwhetzner.pub }}"
       allowed_ips:
         - 192.168.254.2/32
+  wg-emc:
+    description: Elevate Media Channel
+    priv_key: "{{ wireguard_keys.emc.priv }}"
+    listen_port: 51821
+    addresses:
+    - 192.168.254.5/30
+    ip_snat:
+      interface: "{{ network.primary.interface }}"
+      to: "{{ network.primary.overlay }}"
+    port_forwardings:
+    - dest: "{{ network.primary.overlay }}"
+      tcp_ports:
+        422: 192.168.254.6:222
+    peers:
+    - pub_key: "{{ hostvars['ele-router'].wireguard_keys.gwhetzner.pub }}"
+      allowed_ips:
+        - 192.168.254.6/32
+        - 192.168.20.0/24
diff --git a/inventory/host_vars/ele-router.yml b/inventory/host_vars/ele-router.yml
index 4a552d7f..72cb2b14 100644
--- a/inventory/host_vars/ele-router.yml
+++ b/inventory/host_vars/ele-router.yml
@@ -1,4 +1,10 @@
 ---
+wireguard_keys:
+  gwhetzner:
+    pub: "fqaKDJbSj6V0H98d78d/lnFLolefgp6zDPH9bN4+zUY="
+    priv: "{{ vault_wireguard_priv_keys.gwhetzner }}"
+
+
 network_mgmt_zone: "{{ network_zones.mgmt }}"
 network_internal_zone_names:
   - lan
@@ -12,7 +18,7 @@ openwrt_network_external:
     options:
       device: 'switch0'
       ## for some reason vlan-id 502 does not work. why??
-      vlan: '{{ network_zones.forum_a1.vlan }}'
+      #vlan: '{{ network_zones.forum_a1.vlan }}'
       vlan: '1'
       ports: '4 6t'
 
@@ -49,7 +55,7 @@ openwrt_network_external:
   - name: interface 'wanff'
     options:
       ## for some reason vlan-id 502 does not work. why??
-      #fname: 'eth0.{{ network_zones.funkfeuer.vlan }}'
+      #ifname: 'eth0.{{ network_zones.funkfeuer.vlan }}'
       ifname: 'eth0.2'
       proto: static
       ipaddr: "{{ network_zones.funkfeuer.prefix | ipaddr(network_zones.funkfeuer.offsets[inventory_hostname]) | ipaddr('address') }}"
author	Christian Pointner <equinox@spreadspace.org>	2020-02-29 04:55:38 +0100
committer	Christian Pointner <equinox@spreadspace.org>	2020-02-29 04:55:38 +0100
commit	b399a54c2363ff717b1a92732e42e82f73cd958d (patch)
tree	74bbcc77e0e14277f3bcbfe6ee6a5bb4413df8a0 /inventory
parent	ele-media fix firewall rules (ssh port) (diff)