WIP
This commit is contained in:
parent
1eb6b53042
commit
c7cf070fb9
|
@ -0,0 +1,32 @@
|
||||||
|
BATMAN_BRIDGE_IPV4=172.29.0.1/24
|
||||||
|
BATMAN_BRIDGE_IPV6=fc00:1234:5678::1/24
|
||||||
|
BATMAN_BRIDGE=br-batman0
|
||||||
|
BATMAN_FORWARD_GATEWAY4=172.28.0.2
|
||||||
|
BATMAN_FORWARD_GATEWAY6=fc00:172:28::2
|
||||||
|
BATMAN_LIMIT_DOWNLOAD=1000
|
||||||
|
BATMAN_LIMIT_UPLOAD=1000
|
||||||
|
|
||||||
|
WIREGUARD_CONFIG=/wireguard.conf
|
||||||
|
|
||||||
|
FASTD_ON_UP_MASTER_INTERFACE=
|
||||||
|
FASTD_BATMAN_INTERFACE=bat0
|
||||||
|
FASTD_SECRET_KEY=90f0637239cdf4c27dc80ee8a755ae4922769d045c86cc2086a96a3a281ed04a
|
||||||
|
FASTD_LOG_LEVEL=debug
|
||||||
|
FASTD_DONT_VERIFY_PEERS=1
|
||||||
|
FASTD_INTERFACE=
|
||||||
|
FASTD_PEER_LIMIT=10
|
||||||
|
FASTD_MTU=1300
|
||||||
|
|
||||||
|
DHCPD_V4_NET=172.29.0.0
|
||||||
|
DHCPD_V4_RANGE=172.29.0.16 172.29.0.32
|
||||||
|
DHCPD_V4_GATEWAY=172.29.0.1
|
||||||
|
DHCPD_V6_NET=fc00:1234:5678::/64
|
||||||
|
DHCPD_V6_RANGE=fc00:1234:5678::1000 fc00:1234:5678::1fff
|
||||||
|
DHCPD_INTERFACE=br-batman0
|
||||||
|
|
||||||
|
RADVD_INTERFACE=br-batman0
|
||||||
|
RADVD_PREFIX=fc00:1234:5678::/64
|
||||||
|
RADVD_SOURCE_LL_ADDRESS=on
|
||||||
|
RADVD_ADV_MANAGEMENT_FLAG=on
|
||||||
|
RADVD_OTHER_CONFIG_FLAG=on
|
||||||
|
RADVD_MTU=1300
|
|
@ -0,0 +1,2 @@
|
||||||
|
# vagrant environment
|
||||||
|
/.vagrant
|
|
@ -0,0 +1,152 @@
|
||||||
|
# -*- mode: ruby -*-
|
||||||
|
# vi: set ft=ruby :
|
||||||
|
|
||||||
|
def configure_node(config, name, ip, vpn_server)
|
||||||
|
config.vm.define name do |node|
|
||||||
|
node.vm.guest = "linux"
|
||||||
|
node.vm.box = "freifunk-leipzig/openwrt"
|
||||||
|
node.vm.boot_timeout = 60
|
||||||
|
node.ssh.shell = "/bin/ash"
|
||||||
|
node.vm.network "private_network", ip: ip, auto_config: false
|
||||||
|
|
||||||
|
node.vm.provider "virtualbox" do |vb|
|
||||||
|
vb.memory = "256"
|
||||||
|
vb.linked_clone = true
|
||||||
|
vb.customize ["modifyvm", :id, "--nic3", "intnet", "--intnet3", "gluon-supernode-wan", "--nictype3", "virtio"]
|
||||||
|
end
|
||||||
|
|
||||||
|
node.vm.synced_folder './', '/vagrant', disabled: true
|
||||||
|
|
||||||
|
node.vm.provision "shell", inline: <<-SHELL
|
||||||
|
opkg update
|
||||||
|
opkg install fastd kmod-batman-adv batctl-full vim
|
||||||
|
|
||||||
|
cat >/etc/config/fastd <<EOF
|
||||||
|
config fastd 'vpn'
|
||||||
|
list method 'salsa2012+umac'
|
||||||
|
list method 'salsa2012+gmac'
|
||||||
|
list method 'null+salsa2012+umac'
|
||||||
|
option mtu 1300
|
||||||
|
option status_socket '/var/run/fastd.mesh_vpn.socket'
|
||||||
|
option packet_mark 1
|
||||||
|
option mode 'tap'
|
||||||
|
option secure_handshakes '1'
|
||||||
|
option interface 'fastd-vpn'
|
||||||
|
option enabled '1'
|
||||||
|
option secret 'f80481c9d3c4567549d0769011d0442172070c033818f487dcb535a77823514a'
|
||||||
|
|
||||||
|
config peer_group 'mesh_vpn_backbone'
|
||||||
|
option enabled '1'
|
||||||
|
option peer_limit '2'
|
||||||
|
option net 'vpn'
|
||||||
|
|
||||||
|
config peer vpn_server
|
||||||
|
option enabled 1
|
||||||
|
option key '5d7046023a57481415378c430d71d6603e47e45760722bfa7dd5d35e160a62c4'
|
||||||
|
option net 'vpn'
|
||||||
|
list remote '#{vpn_server}:10000'
|
||||||
|
option group 'mesh_vpn_backbone'
|
||||||
|
EOF
|
||||||
|
|
||||||
|
cat >/etc/config/network << EOF
|
||||||
|
config interface 'loopback'
|
||||||
|
option ifname 'lo'
|
||||||
|
option proto 'static'
|
||||||
|
option ipaddr '127.0.0.1'
|
||||||
|
option netmask '255.0.0.0'
|
||||||
|
|
||||||
|
config globals 'globals'
|
||||||
|
option ula_prefix 'fdec:4589:e690::/48'
|
||||||
|
|
||||||
|
config interface 'vagrant'
|
||||||
|
option ifname 'eth0'
|
||||||
|
option proto 'static'
|
||||||
|
option ipaddr '10.0.2.15'
|
||||||
|
option netmask '255.255.255.0'
|
||||||
|
|
||||||
|
config interface 'private'
|
||||||
|
option ifname 'eth1'
|
||||||
|
option proto 'static'
|
||||||
|
option ipaddr '#{ip}'
|
||||||
|
option netmask '255.255.255.0'
|
||||||
|
|
||||||
|
config interface 'bat0'
|
||||||
|
option auto '1'
|
||||||
|
option proto 'batadv'
|
||||||
|
option routing_algo 'BATMAN_IV'
|
||||||
|
option ap_isolation 0
|
||||||
|
option fragmentation 1
|
||||||
|
option gw_mode 'client'
|
||||||
|
option multicast_mode 1
|
||||||
|
option mtu '1426'
|
||||||
|
option fixed_mtu '1'
|
||||||
|
|
||||||
|
config interface 'vpn'
|
||||||
|
option auto '1'
|
||||||
|
option ifname 'fastd-vpn'
|
||||||
|
option proto 'batadv_hardif'
|
||||||
|
option master 'bat0'
|
||||||
|
|
||||||
|
config interface 'mesh'
|
||||||
|
option auto '1'
|
||||||
|
option ifname 'bat0'
|
||||||
|
option proto 'dhcp'
|
||||||
|
|
||||||
|
config interface 'mesh6'
|
||||||
|
option auto '1'
|
||||||
|
option ifname 'bat0'
|
||||||
|
option proto 'dhcpv6'
|
||||||
|
|
||||||
|
EOF
|
||||||
|
|
||||||
|
/etc/init.d/fastd restart
|
||||||
|
/etc/init.d/network restart
|
||||||
|
#sleep 3
|
||||||
|
#ip route del default dev eth0 || true
|
||||||
|
SHELL
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def configure_supernode(config, name, ip)
|
||||||
|
config.vm.define name do |node|
|
||||||
|
node.vm.hostname = name
|
||||||
|
node.vm.box = "generic/debian11"
|
||||||
|
node.vm.synced_folder ".", "/vagrant_data"
|
||||||
|
node.vm.network "forwarded_port", guest: 10000, host: 10000, protocol: "udp"
|
||||||
|
node.vm.network "private_network", ip: ip
|
||||||
|
|
||||||
|
node.vm.provider "virtualbox" do |vb|
|
||||||
|
vb.memory = "512"
|
||||||
|
vb.linked_clone = true
|
||||||
|
vb.customize ["modifyvm", :id, "--nic1", "nat", "--nictype1", "virtio"]
|
||||||
|
# the pseudo wan net without any ip configuration
|
||||||
|
vb.customize ["modifyvm", :id, "--nic2", "intnet", "--intnet2", "gluon-supernode-wan", "--nictype2", "virtio"]
|
||||||
|
end
|
||||||
|
|
||||||
|
node.vm.provision "shell", inline: <<-SHELL
|
||||||
|
# reactivate ipv6 which disable per default in the vagrant box
|
||||||
|
sed 's/^net.ipv6.conf.all.disable_ipv6 = 1//' -i /etc/sysctl.conf
|
||||||
|
sysctl -w net.ipv6.conf.all.disable_ipv6=0
|
||||||
|
|
||||||
|
export DEBIAN_FRONTEND=noninteractive
|
||||||
|
apt-get update
|
||||||
|
apt-get install -y docker.io docker-compose
|
||||||
|
|
||||||
|
adduser vagrant docker || true
|
||||||
|
|
||||||
|
# give docker daemon some time
|
||||||
|
sleep 3
|
||||||
|
SHELL
|
||||||
|
|
||||||
|
node.vm.provision "shell", privileged: false, inline: <<-SHELL
|
||||||
|
cd /vagrant_data
|
||||||
|
docker-compose up -d batman_network fastd_server dhcpd_v4 dhcpd_v6 radvd wireguard
|
||||||
|
SHELL
|
||||||
|
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
Vagrant.configure("2") do |config|
|
||||||
|
configure_supernode(config, "supernode", "192.168.56.1")
|
||||||
|
configure_node(config, "node", "192.168.56.2", "192.168.56.1")
|
||||||
|
end
|
|
@ -1,6 +1,26 @@
|
||||||
FROM docker.io/library/debian:bullseye
|
FROM docker.io/library/debian:bullseye
|
||||||
|
|
||||||
ARG DEBIAN_FRONTEND=noninteractive
|
ARG DEBIAN_FRONTEND=noninteractive
|
||||||
|
|
||||||
|
|
||||||
|
RUN apt-get update \
|
||||||
|
&& apt-get install -y --no-install-recommends \
|
||||||
|
batctl \
|
||||||
|
iproute2 \
|
||||||
|
nftables \
|
||||||
|
inetutils-ping \
|
||||||
|
inetutils-traceroute \
|
||||||
|
curl \
|
||||||
|
wireguard-tools \
|
||||||
|
radvd \
|
||||||
|
&& rm -rf /var/lib/apt/lists /var/cache/apt/archives
|
||||||
|
|
||||||
|
RUN mv /usr/bin/wg-quick /usr/bin/wg-quick.org && \
|
||||||
|
egrep -v 'sysctl -q net.ipv4.conf.all.src_valid_mark=1' /usr/bin/wg-quick.org >/usr/bin/wg-quick && \
|
||||||
|
chmod +x /usr/bin/wg-quick
|
||||||
|
|
||||||
|
COPY entry-point.sh /entry-point.sh
|
||||||
|
|
||||||
ENV BATMAN_INTERFACE=bat0
|
ENV BATMAN_INTERFACE=bat0
|
||||||
ENV BATMAN_BRIDGE=br-batman0
|
ENV BATMAN_BRIDGE=br-batman0
|
||||||
ENV BATMAN_BRIDGE_IPV4=
|
ENV BATMAN_BRIDGE_IPV4=
|
||||||
|
@ -8,11 +28,11 @@ ENV BATMAN_BRIDGE_IPV6=
|
||||||
ENV BATMAN_FORWARD_GATEWAY4=
|
ENV BATMAN_FORWARD_GATEWAY4=
|
||||||
ENV BATMAN_FORWARD_GATEWAY6=
|
ENV BATMAN_FORWARD_GATEWAY6=
|
||||||
ENV BATMAN_FORWARD_TABLE=5000
|
ENV BATMAN_FORWARD_TABLE=5000
|
||||||
|
ENV RADVD_INTERFACE=
|
||||||
RUN apt-get update && \
|
ENV RADVD_ADV_MANAGEMENT_FLAG=off
|
||||||
apt-get install -y batctl iproute2 nftables inetutils-ping inetutils-traceroute curl && \
|
ENV RADVD_MTU=1500
|
||||||
rm -rf /var/lib/apt/lists /var/cache/apt/archives
|
ENV RADVD_ADV_MANAGEMENT_FLAG=
|
||||||
|
ENV RADVD_SOURCE_LL_ADDRESS=
|
||||||
COPY entry-point.sh /entry-point.sh
|
ENV RADVD_PREFIX=
|
||||||
|
ENV WIREGUARD_INTERFACE=wg0
|
||||||
ENTRYPOINT ["/bin/bash", "/entry-point.sh"]
|
ENTRYPOINT ["/bin/bash", "/entry-point.sh"]
|
||||||
|
|
|
@ -2,36 +2,58 @@
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
batctl meshif ${BATMAN_INTERFACE} interface create
|
batctl meshif ${BATMAN_INTERFACE} interface create
|
||||||
ip link add ${BATMAN_BRIDGE} type bridge
|
|
||||||
ip link set ${BATMAN_INTERFACE} master ${BATMAN_BRIDGE}
|
|
||||||
ip link set ${BATMAN_INTERFACE} up
|
ip link set ${BATMAN_INTERFACE} up
|
||||||
ip link set ${BATMAN_BRIDGE} up
|
|
||||||
|
|
||||||
# setup ips
|
# setup ips
|
||||||
if [ "${BATMAN_BRIDGE_IPV4}" ] ; then
|
if [ "${BATMAN_BRIDGE_IPV4}" ] ; then
|
||||||
ip -4 addr add ${BATMAN_BRIDGE_IPV4} dev ${BATMAN_BRIDGE}
|
ip -4 addr add ${BATMAN_BRIDGE_IPV4} dev ${BATMAN_INTERFACE}
|
||||||
fi
|
fi
|
||||||
if [ "${BATMAN_BRIDGE_IPV6}" ] ; then
|
if [ "${BATMAN_BRIDGE_IPV6}" ] ; then
|
||||||
ip -6 addr add ${BATMAN_BRIDGE_IPV6} dev ${BATMAN_BRIDGE}
|
ip -6 addr add ${BATMAN_BRIDGE_IPV6} dev ${BATMAN_INTERFACE}
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# mark node as dhcp server
|
# mark node as dhcp server
|
||||||
batctl meshif ${BATMAN_INTERFACE} gw server ${BATMAN_LIMIT_DOWNLOAD}Mbit/${BATMAN_LIMIT_UPLOAD}Mbit
|
batctl meshif ${BATMAN_INTERFACE} gw server ${BATMAN_LIMIT_DOWNLOAD}Mbit/${BATMAN_LIMIT_UPLOAD}Mbit
|
||||||
|
|
||||||
# configure routing
|
|
||||||
ip rule add iif ${BATMAN_BRIDGE} table ${BATMAN_FORWARD_TABLE}
|
|
||||||
[ "${BATMAN_FORWARD_GATEWAY4}" ] && \
|
|
||||||
ip -4 route add table ${BATMAN_FORWARD_TABLE} default via ${BATMAN_FORWARD_GATEWAY4}
|
|
||||||
[ "${BATMAN_FORWARD_GATEWAY6}" ] && \
|
|
||||||
ip -6 route add table ${BATMAN_FORWARD_TABLE} default via ${BATMAN_FORWARD_GATEWAY6}
|
|
||||||
|
|
||||||
nft add table ip nat || true
|
nft add table ip nat || true
|
||||||
nft add chain 'ip nat POSTROUTING { type nat hook postrouting priority srcnat; policy accept; }' || true
|
nft add chain 'ip nat POSTROUTING { type nat hook postrouting priority srcnat; policy accept; }' || true
|
||||||
nft add rule nat POSTROUTING counter masquerade || true
|
nft add rule nat POSTROUTING counter masquerade || true
|
||||||
nft add table ip6 nat || true
|
nft add table ip6 nat || true
|
||||||
nft add chain 'ip6 nat POSTROUTING { type nat hook postrouting priority srcnat; policy accept; }' || true
|
nft add chain 'ip6 nat POSTROUTING { type nat hook postrouting priority srcnat; policy accept; }' || true
|
||||||
nft add rule ip6 nat counter masquerade || true
|
nft add rule ip6 nat POSTROUTING counter masquerade || true
|
||||||
|
|
||||||
|
# remove dns defintion, because resolv.conf is write protected in the container
|
||||||
|
if [ "${WIREGUARD_CONFIG}" ] ; then \
|
||||||
|
egrep -v '^\s*DNS\s*=' ${WIREGUARD_CONFIG} >/etc/wireguard/${WIREGUARD_INTERFACE}.conf
|
||||||
|
wg-quick up ${WIREGUARD_INTERFACE}
|
||||||
|
ip rule add iif br-batman0 table 5000
|
||||||
|
fi
|
||||||
|
|
||||||
|
cat >/etc/radvd.conf <<EOF
|
||||||
|
interface ${RADVD_INTERFACE} {
|
||||||
|
AdvSendAdvert on;
|
||||||
|
IgnoreIfMissing on;
|
||||||
|
EOF
|
||||||
|
|
||||||
|
[ "${RADVD_ADV_MANAGEMENT_FLAG}" ] && \
|
||||||
|
echo " AdvManagedFlag ${RADVD_ADV_MANAGEMENT_FLAG};" >>/etc/radvd.conf
|
||||||
|
[ "${RADVD_MTU}" ] && \
|
||||||
|
echo " AdvLinkMTU ${RADVD_MTU};" >>/etc/radvd.conf
|
||||||
|
[ "${RADVD_SOURCE_LL_ADDRESS}" ] && \
|
||||||
|
echo " AdvSourceLLAddress ${RADVD_SOURCE_LL_ADDRESS};" >>/etc/radvd.conf
|
||||||
|
[ "${RADVD_OTHER_CONFIG_FLAG}" ] && \
|
||||||
|
echo " AdvOtherConfigFlag ${RADVD_OTHER_CONFIG_FLAG};" >>/etc/radvd.conf
|
||||||
|
|
||||||
|
cat >>/etc/radvd.conf <<EOF
|
||||||
|
prefix ${RADVD_PREFIX}
|
||||||
|
{
|
||||||
|
AdvOnLink on;
|
||||||
|
AdvAutonomous on;
|
||||||
|
AdvRouterAddr on;
|
||||||
|
DeprecatePrefix on;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
EOF
|
||||||
|
|
||||||
|
/usr/sbin/radvd --config=/etc/radvd.conf --logmethod=stderr --nodaemon
|
||||||
|
|
||||||
while true ; do
|
|
||||||
sleep 1
|
|
||||||
done
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
version: '2.4'
|
version: '2.4'
|
||||||
|
|
||||||
services:
|
services:
|
||||||
batman_network:
|
batman:
|
||||||
build: batman/
|
build: batman/
|
||||||
env_file: .env
|
env_file: .env
|
||||||
cap_add:
|
cap_add:
|
||||||
|
@ -11,10 +11,12 @@ services:
|
||||||
- net.ipv4.ip_forward=1
|
- net.ipv4.ip_forward=1
|
||||||
- net.ipv4.conf.all.forwarding=1
|
- net.ipv4.conf.all.forwarding=1
|
||||||
- net.ipv6.conf.all.forwarding=1
|
- net.ipv6.conf.all.forwarding=1
|
||||||
networks:
|
- net.ipv4.conf.all.src_valid_mark=1
|
||||||
vpn_frontend:
|
volumes:
|
||||||
ipv4_address: 172.28.0.3
|
- type: bind
|
||||||
ipv6_address: fc00:172:28::3
|
source: ./wg0.conf
|
||||||
|
target: /wireguard.conf
|
||||||
|
read_only: true
|
||||||
ports:
|
ports:
|
||||||
- 10000:10000/udp
|
- 10000:10000/udp
|
||||||
#privileged: true
|
#privileged: true
|
||||||
|
@ -47,9 +49,9 @@ services:
|
||||||
- NET_ADMIN
|
- NET_ADMIN
|
||||||
devices:
|
devices:
|
||||||
- /dev/net/tun:/dev/net/tun
|
- /dev/net/tun:/dev/net/tun
|
||||||
network_mode: service:batman_network
|
network_mode: service:batman
|
||||||
depends_on:
|
depends_on:
|
||||||
- batman_network
|
- batman
|
||||||
|
|
||||||
dhcpd_v4:
|
dhcpd_v4:
|
||||||
build: dhcpd/
|
build: dhcpd/
|
||||||
|
@ -58,11 +60,11 @@ services:
|
||||||
DHCPD_MODE: 4
|
DHCPD_MODE: 4
|
||||||
cap_add:
|
cap_add:
|
||||||
- NET_ADMIN
|
- NET_ADMIN
|
||||||
network_mode: service:batman_network
|
network_mode: service:batman
|
||||||
volumes:
|
volumes:
|
||||||
- dhcpd_v4_leases:/var/lib/dhcp
|
- dhcpd_v4_leases:/var/lib/dhcp
|
||||||
depends_on:
|
depends_on:
|
||||||
- batman_network
|
- batman
|
||||||
|
|
||||||
dhcpd_v6:
|
dhcpd_v6:
|
||||||
build: dhcpd/
|
build: dhcpd/
|
||||||
|
@ -71,22 +73,24 @@ services:
|
||||||
DHCPD_MODE: 6
|
DHCPD_MODE: 6
|
||||||
cap_add:
|
cap_add:
|
||||||
- NET_ADMIN
|
- NET_ADMIN
|
||||||
network_mode: service:batman_network
|
network_mode: service:batman
|
||||||
volumes:
|
volumes:
|
||||||
- dhcpd_v6_leases:/var/lib/dhcp
|
- dhcpd_v6_leases:/var/lib/dhcp
|
||||||
|
depends_on:
|
||||||
|
- batman
|
||||||
|
|
||||||
radvd:
|
radvd:
|
||||||
build: radvd/
|
build: radvd/
|
||||||
env_file: .env
|
env_file: .env
|
||||||
cap_add:
|
cap_add:
|
||||||
- NET_ADMIN
|
- NET_ADMIN
|
||||||
network_mode: service:batman_network
|
network_mode: service:batman
|
||||||
|
|
||||||
debug:
|
debug:
|
||||||
build: debug/
|
build: debug/
|
||||||
cap_add:
|
cap_add:
|
||||||
- NET_ADMIN
|
- NET_ADMIN
|
||||||
network_mode: service:batman_network
|
network_mode: service:batman
|
||||||
|
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
|
|
|
@ -0,0 +1,179 @@
|
||||||
|
- hosts: supernode
|
||||||
|
vars:
|
||||||
|
docker_ipv6_net: fcff:ffff:ffff:ffff::/64
|
||||||
|
become: yes
|
||||||
|
collections:
|
||||||
|
- ansible.posix
|
||||||
|
handlers:
|
||||||
|
- name: Reload kernel modules
|
||||||
|
service:
|
||||||
|
name: systemd-modules-load
|
||||||
|
state: restarted
|
||||||
|
listen: reload modules
|
||||||
|
- name: Reload docker daemon
|
||||||
|
service:
|
||||||
|
name: docker
|
||||||
|
state: restarted
|
||||||
|
listen: reload docker
|
||||||
|
tasks:
|
||||||
|
- name: install programs
|
||||||
|
package:
|
||||||
|
name:
|
||||||
|
- docker.io
|
||||||
|
- docker-compose
|
||||||
|
- wireguard-dkms
|
||||||
|
|
||||||
|
- name: ensure kernel modules are loaded
|
||||||
|
blockinfile:
|
||||||
|
path: /etc/modules
|
||||||
|
block:
|
||||||
|
wireguard
|
||||||
|
tap
|
||||||
|
marker: "# {mark} ANSIBLE MANAGED BLOCK"
|
||||||
|
notify: reload modules
|
||||||
|
|
||||||
|
- name: Configure docker
|
||||||
|
copy:
|
||||||
|
content: |
|
||||||
|
{
|
||||||
|
"log-driver": "json-file",
|
||||||
|
"log-opts": {
|
||||||
|
"max-size": "1m",
|
||||||
|
"max-file": "3"
|
||||||
|
},
|
||||||
|
"ipv6": true,
|
||||||
|
"fixed-cidr-v6": "{{ docker_ipv6_net }}"
|
||||||
|
}
|
||||||
|
dest: /etc/docker/daemon.json
|
||||||
|
mode: u=rw,g=r,o=r
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
notify: reload docker
|
||||||
|
|
||||||
|
- name: Start docker daemon
|
||||||
|
service:
|
||||||
|
name: docker
|
||||||
|
state: started
|
||||||
|
|
||||||
|
- hosts: supernode
|
||||||
|
vars:
|
||||||
|
env_file: /home/vagrant/supernode.env
|
||||||
|
supernode_v4_ip: 172.29.0.1/24
|
||||||
|
supernode_v4_range_start: 172.29.0.16
|
||||||
|
supernode_v4_range_end: 172.29.0.31
|
||||||
|
supernode_v6_ip: fc00:1234:5678::1/64
|
||||||
|
supernode_v6_range_start: fc00:1234:5678::1000
|
||||||
|
supernode_v6_range_end: fc00:1234:5678::1fff
|
||||||
|
fastd_secret_key: 90f0637239cdf4c27dc80ee8a755ae4922769d045c86cc2086a96a3a281ed04a
|
||||||
|
fastd_port: 10000
|
||||||
|
wireguard_key: tbd
|
||||||
|
collections:
|
||||||
|
- community.docker
|
||||||
|
tasks:
|
||||||
|
- name: Create vpn frontend network
|
||||||
|
community.docker.docker_network:
|
||||||
|
name: vpn_frontend
|
||||||
|
enable_ipv6: yes
|
||||||
|
ipam_config:
|
||||||
|
- subnet: "{{ supernode_v4_ip |ipaddr('network/prefix') }}"
|
||||||
|
- subnet: "{{ supernode_v6_ip |ipaddr('network/prefix') }}"
|
||||||
|
|
||||||
|
- name: Build docker images
|
||||||
|
docker_image:
|
||||||
|
build:
|
||||||
|
path: "/vagrant_data/{{ item }}"
|
||||||
|
name: "{{ item }}"
|
||||||
|
source: build
|
||||||
|
with_items:
|
||||||
|
- batman
|
||||||
|
- dhcpd
|
||||||
|
- fastd
|
||||||
|
- wireguard
|
||||||
|
|
||||||
|
- name: place env config
|
||||||
|
copy:
|
||||||
|
content: |
|
||||||
|
# ansible managed
|
||||||
|
BATMAN_BRIDGE=br-batman0
|
||||||
|
BATMAN_BRIDGE_IPV4={{ supernode_v4_ip }}
|
||||||
|
BATMAN_BRIDGE_IPV6={{ supernode_v6_ip }}
|
||||||
|
BATMAN_FORWARD_GATEWAY=172.28.0.2
|
||||||
|
BATMAN_LIMIT_DOWNLOAD=1000
|
||||||
|
BATMAN_LIMIT_UPLOAD=1000
|
||||||
|
|
||||||
|
FASTD_BATMAN_INTERFACE=bat0
|
||||||
|
FASTD_DONT_VERIFY_PEERS=1
|
||||||
|
FASTD_LOG_LEVEL=debug
|
||||||
|
FASTD_PEER_LIMIT=10
|
||||||
|
FASTD_SECRET_KEY={{ fastd_secret_key }}
|
||||||
|
|
||||||
|
DHCPD_INTERFACE=br-batman0
|
||||||
|
DHCPD_V4_NET={{ supernode_v4_ip |ipaddr('network') }}
|
||||||
|
DHCPD_V4_SUBNET={{ supernode_v4_ip |ipaddr('netmask') }}
|
||||||
|
DHCPD_V4_RANGE={{ supernode_v4_range_start }} {{ supernode_v4_range_end }}
|
||||||
|
DHCPD_V6_NET={{ supernode_v6_ip |ipaddr('network/prefix') }}
|
||||||
|
DHCPD_V6_RANGE={{ supernode_v6_range_start }} {{ supernode_v6_range_end }}
|
||||||
|
DHCPD_V6_TEMPORARY_NET={{ supernode_v6_ip |ipaddr('network/prefix') }}
|
||||||
|
dest: "{{ env_file }}"
|
||||||
|
mode: u=rw,g=,o=
|
||||||
|
register: __env_file
|
||||||
|
|
||||||
|
- name: Remove old containers
|
||||||
|
docker_container:
|
||||||
|
name: "{{ item }}"
|
||||||
|
state: absent
|
||||||
|
stop_timeout: 0
|
||||||
|
with_items:
|
||||||
|
- batman_network
|
||||||
|
- fastd_server
|
||||||
|
- dhcp_v4
|
||||||
|
- dhcp_v6
|
||||||
|
when: __env_file.changed
|
||||||
|
|
||||||
|
- name: Start batman network
|
||||||
|
docker_container:
|
||||||
|
name: batman_network
|
||||||
|
image: batman
|
||||||
|
env_file: "{{ env_file }}"
|
||||||
|
capabilities:
|
||||||
|
- NET_ADMIN
|
||||||
|
published_ports:
|
||||||
|
- "{{ fastd_port }}:10000/udp"
|
||||||
|
- "{{ fastd_port }}:10000/tcp"
|
||||||
|
networks:
|
||||||
|
- name: vpn_frontend
|
||||||
|
sysctls:
|
||||||
|
net.ipv6.conf.all.disable_ipv6: 0
|
||||||
|
|
||||||
|
- name: Start fastd
|
||||||
|
docker_container:
|
||||||
|
name: fastd_server
|
||||||
|
image: fastd
|
||||||
|
env_file: "{{ env_file }}"
|
||||||
|
capabilities:
|
||||||
|
- NET_ADMIN
|
||||||
|
devices:
|
||||||
|
- /dev/net/tun:/dev/net/tun
|
||||||
|
network_mode: container:batman_network
|
||||||
|
|
||||||
|
- name: Start dhcp server for ipv4
|
||||||
|
docker_container:
|
||||||
|
name: dhcp_v4
|
||||||
|
image: dhcpd
|
||||||
|
env_file: "{{ env_file }}"
|
||||||
|
env:
|
||||||
|
DHCPD_MODE: "4"
|
||||||
|
capabilities:
|
||||||
|
- NET_ADMIN
|
||||||
|
network_mode: container:batman_network
|
||||||
|
|
||||||
|
- name: Start dhcp server for ipv6
|
||||||
|
docker_container:
|
||||||
|
name: dhcp_v6
|
||||||
|
image: dhcpd
|
||||||
|
env_file: "{{ env_file }}"
|
||||||
|
env:
|
||||||
|
DHCPD_MODE: "6"
|
||||||
|
capabilities:
|
||||||
|
- NET_ADMIN
|
||||||
|
network_mode: container:batman_network
|
|
@ -0,0 +1,3 @@
|
||||||
|
collections:
|
||||||
|
- name: community.general
|
||||||
|
- name: community.docker
|
|
@ -0,0 +1,5 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
docker-compose down -t 0
|
||||||
|
docker-compose build batman fastd_server dhcpd_v4 dhcpd_v6 debug
|
||||||
|
docker-compose --env-file .env up -d batman fastd_server dhcpd_v4 dhcpd_v6
|
Reference in New Issue