- hosts: supernode vars: docker_ipv6_net: fcff:ffff:ffff:ffff::/64 become: yes collections: - ansible.posix handlers: - name: Reload kernel modules service: name: systemd-modules-load state: restarted listen: reload modules - name: Reload docker daemon service: name: docker state: restarted listen: reload docker tasks: - name: install programs package: name: - docker.io - docker-compose - wireguard-dkms - name: ensure kernel modules are loaded blockinfile: path: /etc/modules block: wireguard tap marker: "# {mark} ANSIBLE MANAGED BLOCK" notify: reload modules - name: Configure docker copy: content: | { "log-driver": "json-file", "log-opts": { "max-size": "1m", "max-file": "3" }, "ipv6": true, "fixed-cidr-v6": "{{ docker_ipv6_net }}" } dest: /etc/docker/daemon.json mode: u=rw,g=r,o=r owner: root group: root notify: reload docker - name: Start docker daemon service: name: docker state: started - hosts: supernode vars: env_file: /home/vagrant/supernode.env supernode_v4_ip: 172.29.0.1/24 supernode_v4_range_start: 172.29.0.16 supernode_v4_range_end: 172.29.0.31 supernode_v6_ip: fc00:1234:5678::1/64 supernode_v6_range_start: fc00:1234:5678::1000 supernode_v6_range_end: fc00:1234:5678::1fff fastd_secret_key: 90f0637239cdf4c27dc80ee8a755ae4922769d045c86cc2086a96a3a281ed04a fastd_port: 10000 wireguard_key: tbd collections: - community.docker tasks: - name: Create vpn frontend network community.docker.docker_network: name: vpn_frontend enable_ipv6: yes ipam_config: - subnet: "{{ supernode_v4_ip |ipaddr('network/prefix') }}" - subnet: "{{ supernode_v6_ip |ipaddr('network/prefix') }}" - name: Build docker images docker_image: build: path: "/vagrant_data/{{ item }}" name: "{{ item }}" source: build with_items: - batman - dhcpd - fastd - wireguard - name: place env config copy: content: | # ansible managed BATMAN_BRIDGE=br-batman0 BATMAN_BRIDGE_IPV4={{ supernode_v4_ip }} BATMAN_BRIDGE_IPV6={{ supernode_v6_ip }} BATMAN_FORWARD_GATEWAY=172.28.0.2 BATMAN_LIMIT_DOWNLOAD=1000 BATMAN_LIMIT_UPLOAD=1000 FASTD_BATMAN_INTERFACE=bat0 FASTD_DONT_VERIFY_PEERS=1 FASTD_LOG_LEVEL=debug FASTD_PEER_LIMIT=10 FASTD_SECRET_KEY={{ fastd_secret_key }} DHCPD_INTERFACE=br-batman0 DHCPD_V4_NET={{ supernode_v4_ip |ipaddr('network') }} DHCPD_V4_SUBNET={{ supernode_v4_ip |ipaddr('netmask') }} DHCPD_V4_RANGE={{ supernode_v4_range_start }} {{ supernode_v4_range_end }} DHCPD_V6_NET={{ supernode_v6_ip |ipaddr('network/prefix') }} DHCPD_V6_RANGE={{ supernode_v6_range_start }} {{ supernode_v6_range_end }} DHCPD_V6_TEMPORARY_NET={{ supernode_v6_ip |ipaddr('network/prefix') }} dest: "{{ env_file }}" mode: u=rw,g=,o= register: __env_file - name: Remove old containers docker_container: name: "{{ item }}" state: absent stop_timeout: 0 with_items: - batman_network - fastd_server - dhcp_v4 - dhcp_v6 when: __env_file.changed - name: Start batman network docker_container: name: batman_network image: batman env_file: "{{ env_file }}" capabilities: - NET_ADMIN published_ports: - "{{ fastd_port }}:10000/udp" - "{{ fastd_port }}:10000/tcp" networks: - name: vpn_frontend sysctls: net.ipv6.conf.all.disable_ipv6: 0 - name: Start fastd docker_container: name: fastd_server image: fastd env_file: "{{ env_file }}" capabilities: - NET_ADMIN devices: - /dev/net/tun:/dev/net/tun network_mode: container:batman_network - name: Start dhcp server for ipv4 docker_container: name: dhcp_v4 image: dhcpd env_file: "{{ env_file }}" env: DHCPD_MODE: "4" capabilities: - NET_ADMIN network_mode: container:batman_network - name: Start dhcp server for ipv6 docker_container: name: dhcp_v6 image: dhcpd env_file: "{{ env_file }}" env: DHCPD_MODE: "6" capabilities: - NET_ADMIN network_mode: container:batman_network