playbook_provision_backbone: configure backbone for ffl-ans-gw-core01

files/ospfd.conf

@@ -28,4 +28,7 @@ area 0.0.0.0 {
 	interface wg0 {
 		type p2p
 	}
+	interface wg2 {
+		type p2p
+	}
 }

files/pf.wg2.conf

@@ -0,0 +1,8 @@
+# allow incoming udp packets for wg2
+pass in proto udp from any to self port 51822
+
+# allow ospf on wg2
+pass on wg2 proto ospf
+
+# allow prometheus on wg2
+pass on wg2 proto tcp from any to self port 9100

playbook_provision_backbone.yml

@@ -2,26 +2,32 @@
 - name: configure tunnel on eae-adp-jump01
   hosts: eae-adp-jump01
   tasks:
-    - name: create wg0 interface file
+    - name: create wgX interface files
       template:
-        src: templates/hostname.wg0
-        dest: /etc/hostname.wg0
+        src: "{{ item }}"
+        dest: /etc/
         mode: 0600
+      with_fileglob:
+        - "templates/hostname.wg*"
       notify:
         - reload interfaces
 
-    - name: create pf.wg0.conf file
+    - name: create pf.wgX.conf files
       copy:
-        src: files/pf.wg0.conf
-        dest: /etc/pf.wg0.conf
+        src: "{{ item }}"
+        dest: /etc/
         mode: 0600
+      with_fileglob:
+        - "files/pf.wg*.conf"
       notify:
         - reload firewall
 
-    - name: include pf.wg0.conf in pf.include.conf
+    - name: include pf.wgX.conf in pf.include.conf
       lineinfile:
         path: /etc/pf.include.conf
-        line: 'include "/etc/pf.wg0.conf"'
+        line: 'include "/etc/{{ item | basename }}"'
+      with_fileglob:
+        - "files/pf.wg*.conf"
       notify:
         - reload firewall
 
@@ -50,4 +56,4 @@
     - name: restart ospfd
       service:
         name: ospfd
-        state: restart
+        state: restarted

templates/hostname.wg2

@@ -0,0 +1,5 @@
+inet 10.85.254.0/31
+mtu 1350
+wgport 51820
+wgkey {{ lookup('passwordstore', 'wg/wg2/eae-adp-jump01') }}
+wgpeer {{ lookup('passwordstore', 'wg/wg2/ffl-ans-gw-core01.pub') }} wgpsk {{ lookup('passwordstore', 'wg/wg2/psk') }} wgaip 0.0.0.0/0