180 lines
4.8 KiB
YAML
180 lines
4.8 KiB
YAML
|
- hosts: supernode
|
||
|
vars:
|
||
|
docker_ipv6_net: fcff:ffff:ffff:ffff::/64
|
||
|
become: yes
|
||
|
collections:
|
||
|
- ansible.posix
|
||
|
handlers:
|
||
|
- name: Reload kernel modules
|
||
|
service:
|
||
|
name: systemd-modules-load
|
||
|
state: restarted
|
||
|
listen: reload modules
|
||
|
- name: Reload docker daemon
|
||
|
service:
|
||
|
name: docker
|
||
|
state: restarted
|
||
|
listen: reload docker
|
||
|
tasks:
|
||
|
- name: install programs
|
||
|
package:
|
||
|
name:
|
||
|
- docker.io
|
||
|
- docker-compose
|
||
|
- wireguard-dkms
|
||
|
|
||
|
- name: ensure kernel modules are loaded
|
||
|
blockinfile:
|
||
|
path: /etc/modules
|
||
|
block:
|
||
|
wireguard
|
||
|
tap
|
||
|
marker: "# {mark} ANSIBLE MANAGED BLOCK"
|
||
|
notify: reload modules
|
||
|
|
||
|
- name: Configure docker
|
||
|
copy:
|
||
|
content: |
|
||
|
{
|
||
|
"log-driver": "json-file",
|
||
|
"log-opts": {
|
||
|
"max-size": "1m",
|
||
|
"max-file": "3"
|
||
|
},
|
||
|
"ipv6": true,
|
||
|
"fixed-cidr-v6": "{{ docker_ipv6_net }}"
|
||
|
}
|
||
|
dest: /etc/docker/daemon.json
|
||
|
mode: u=rw,g=r,o=r
|
||
|
owner: root
|
||
|
group: root
|
||
|
notify: reload docker
|
||
|
|
||
|
- name: Start docker daemon
|
||
|
service:
|
||
|
name: docker
|
||
|
state: started
|
||
|
|
||
|
- hosts: supernode
|
||
|
vars:
|
||
|
env_file: /home/vagrant/supernode.env
|
||
|
supernode_v4_ip: 172.29.0.1/24
|
||
|
supernode_v4_range_start: 172.29.0.16
|
||
|
supernode_v4_range_end: 172.29.0.31
|
||
|
supernode_v6_ip: fc00:1234:5678::1/64
|
||
|
supernode_v6_range_start: fc00:1234:5678::1000
|
||
|
supernode_v6_range_end: fc00:1234:5678::1fff
|
||
|
fastd_secret_key: 90f0637239cdf4c27dc80ee8a755ae4922769d045c86cc2086a96a3a281ed04a
|
||
|
fastd_port: 10000
|
||
|
wireguard_key: tbd
|
||
|
collections:
|
||
|
- community.docker
|
||
|
tasks:
|
||
|
- name: Create vpn frontend network
|
||
|
community.docker.docker_network:
|
||
|
name: vpn_frontend
|
||
|
enable_ipv6: yes
|
||
|
ipam_config:
|
||
|
- subnet: "{{ supernode_v4_ip |ipaddr('network/prefix') }}"
|
||
|
- subnet: "{{ supernode_v6_ip |ipaddr('network/prefix') }}"
|
||
|
|
||
|
- name: Build docker images
|
||
|
docker_image:
|
||
|
build:
|
||
|
path: "/vagrant_data/{{ item }}"
|
||
|
name: "{{ item }}"
|
||
|
source: build
|
||
|
with_items:
|
||
|
- batman
|
||
|
- dhcpd
|
||
|
- fastd
|
||
|
- wireguard
|
||
|
|
||
|
- name: place env config
|
||
|
copy:
|
||
|
content: |
|
||
|
# ansible managed
|
||
|
BATMAN_BRIDGE=br-batman0
|
||
|
BATMAN_BRIDGE_IPV4={{ supernode_v4_ip }}
|
||
|
BATMAN_BRIDGE_IPV6={{ supernode_v6_ip }}
|
||
|
BATMAN_FORWARD_GATEWAY=172.28.0.2
|
||
|
BATMAN_LIMIT_DOWNLOAD=1000
|
||
|
BATMAN_LIMIT_UPLOAD=1000
|
||
|
|
||
|
FASTD_BATMAN_INTERFACE=bat0
|
||
|
FASTD_DONT_VERIFY_PEERS=1
|
||
|
FASTD_LOG_LEVEL=debug
|
||
|
FASTD_PEER_LIMIT=10
|
||
|
FASTD_SECRET_KEY={{ fastd_secret_key }}
|
||
|
|
||
|
DHCPD_INTERFACE=br-batman0
|
||
|
DHCPD_V4_NET={{ supernode_v4_ip |ipaddr('network') }}
|
||
|
DHCPD_V4_SUBNET={{ supernode_v4_ip |ipaddr('netmask') }}
|
||
|
DHCPD_V4_RANGE={{ supernode_v4_range_start }} {{ supernode_v4_range_end }}
|
||
|
DHCPD_V6_NET={{ supernode_v6_ip |ipaddr('network/prefix') }}
|
||
|
DHCPD_V6_RANGE={{ supernode_v6_range_start }} {{ supernode_v6_range_end }}
|
||
|
DHCPD_V6_TEMPORARY_NET={{ supernode_v6_ip |ipaddr('network/prefix') }}
|
||
|
dest: "{{ env_file }}"
|
||
|
mode: u=rw,g=,o=
|
||
|
register: __env_file
|
||
|
|
||
|
- name: Remove old containers
|
||
|
docker_container:
|
||
|
name: "{{ item }}"
|
||
|
state: absent
|
||
|
stop_timeout: 0
|
||
|
with_items:
|
||
|
- batman_network
|
||
|
- fastd_server
|
||
|
- dhcp_v4
|
||
|
- dhcp_v6
|
||
|
when: __env_file.changed
|
||
|
|
||
|
- name: Start batman network
|
||
|
docker_container:
|
||
|
name: batman_network
|
||
|
image: batman
|
||
|
env_file: "{{ env_file }}"
|
||
|
capabilities:
|
||
|
- NET_ADMIN
|
||
|
published_ports:
|
||
|
- "{{ fastd_port }}:10000/udp"
|
||
|
- "{{ fastd_port }}:10000/tcp"
|
||
|
networks:
|
||
|
- name: vpn_frontend
|
||
|
sysctls:
|
||
|
net.ipv6.conf.all.disable_ipv6: 0
|
||
|
|
||
|
- name: Start fastd
|
||
|
docker_container:
|
||
|
name: fastd_server
|
||
|
image: fastd
|
||
|
env_file: "{{ env_file }}"
|
||
|
capabilities:
|
||
|
- NET_ADMIN
|
||
|
devices:
|
||
|
- /dev/net/tun:/dev/net/tun
|
||
|
network_mode: container:batman_network
|
||
|
|
||
|
- name: Start dhcp server for ipv4
|
||
|
docker_container:
|
||
|
name: dhcp_v4
|
||
|
image: dhcpd
|
||
|
env_file: "{{ env_file }}"
|
||
|
env:
|
||
|
DHCPD_MODE: "4"
|
||
|
capabilities:
|
||
|
- NET_ADMIN
|
||
|
network_mode: container:batman_network
|
||
|
|
||
|
- name: Start dhcp server for ipv6
|
||
|
docker_container:
|
||
|
name: dhcp_v6
|
||
|
image: dhcpd
|
||
|
env_file: "{{ env_file }}"
|
||
|
env:
|
||
|
DHCPD_MODE: "6"
|
||
|
capabilities:
|
||
|
- NET_ADMIN
|
||
|
network_mode: container:batman_network
|