Freifunk-Leipzig
/
gluon-supernode-docker
13
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
gluon-supernode-docker/playbook.yml

180 lines
4.8 KiB
YAML
Raw Permalink Blame History

- hosts: supernode
vars:
docker_ipv6_net: fcff:ffff:ffff:ffff::/64
become: yes
collections:
- ansible.posix
handlers:
- name: Reload kernel modules
service:
name: systemd-modules-load
state: restarted
listen: reload modules
- name: Reload docker daemon
service:
name: docker
state: restarted
listen: reload docker
tasks:
- name: install programs
package:
name:
- docker.io
- docker-compose
- wireguard-dkms
- name: ensure kernel modules are loaded
blockinfile:
path: /etc/modules
block:
wireguard
tap
marker: "# {mark} ANSIBLE MANAGED BLOCK"
notify: reload modules
- name: Configure docker
copy:
content: |
{
"log-driver": "json-file",
"log-opts": {
"max-size": "1m",
"max-file": "3"
},
"ipv6": true,
"fixed-cidr-v6": "{{ docker_ipv6_net }}"
}
dest: /etc/docker/daemon.json
mode: u=rw,g=r,o=r
owner: root
group: root
notify: reload docker
- name: Start docker daemon
service:
name: docker
state: started
- hosts: supernode
vars:
env_file: /home/vagrant/supernode.env
supernode_v4_ip: 172.29.0.1/24
supernode_v4_range_start: 172.29.0.16
supernode_v4_range_end: 172.29.0.31
supernode_v6_ip: fc00:1234:5678::1/64
supernode_v6_range_start: fc00:1234:5678::1000
supernode_v6_range_end: fc00:1234:5678::1fff
fastd_secret_key: 90f0637239cdf4c27dc80ee8a755ae4922769d045c86cc2086a96a3a281ed04a
fastd_port: 10000
wireguard_key: tbd
collections:
- community.docker
tasks:
- name: Create vpn frontend network
community.docker.docker_network:
name: vpn_frontend
enable_ipv6: yes
ipam_config:
- subnet: "{{ supernode_v4_ip |ipaddr('network/prefix') }}"
- subnet: "{{ supernode_v6_ip |ipaddr('network/prefix') }}"
- name: Build docker images
docker_image:
build:
path: "/vagrant_data/{{ item }}"
name: "{{ item }}"
source: build
with_items:
- batman
- dhcpd
- fastd
- wireguard
- name: place env config
copy:
content: |
# ansible managed
BATMAN_BRIDGE=br-batman0
BATMAN_BRIDGE_IPV4={{ supernode_v4_ip }}
BATMAN_BRIDGE_IPV6={{ supernode_v6_ip }}
BATMAN_FORWARD_GATEWAY=172.28.0.2
BATMAN_LIMIT_DOWNLOAD=1000
BATMAN_LIMIT_UPLOAD=1000
FASTD_BATMAN_INTERFACE=bat0
FASTD_DONT_VERIFY_PEERS=1
FASTD_LOG_LEVEL=debug
FASTD_PEER_LIMIT=10
FASTD_SECRET_KEY={{ fastd_secret_key }}
DHCPD_INTERFACE=br-batman0
DHCPD_V4_NET={{ supernode_v4_ip |ipaddr('network') }}
DHCPD_V4_SUBNET={{ supernode_v4_ip |ipaddr('netmask') }}
DHCPD_V4_RANGE={{ supernode_v4_range_start }} {{ supernode_v4_range_end }}
DHCPD_V6_NET={{ supernode_v6_ip |ipaddr('network/prefix') }}
DHCPD_V6_RANGE={{ supernode_v6_range_start }} {{ supernode_v6_range_end }}
DHCPD_V6_TEMPORARY_NET={{ supernode_v6_ip |ipaddr('network/prefix') }}
dest: "{{ env_file }}"
mode: u=rw,g=,o=
register: __env_file
- name: Remove old containers
docker_container:
name: "{{ item }}"
state: absent
stop_timeout: 0
with_items:
- batman_network
- fastd_server
- dhcp_v4
- dhcp_v6
when: __env_file.changed
- name: Start batman network
docker_container:
name: batman_network
image: batman
env_file: "{{ env_file }}"
capabilities:
- NET_ADMIN
published_ports:
- "{{ fastd_port }}:10000/udp"
- "{{ fastd_port }}:10000/tcp"
networks:
- name: vpn_frontend
sysctls:
net.ipv6.conf.all.disable_ipv6: 0
- name: Start fastd
docker_container:
name: fastd_server
image: fastd
env_file: "{{ env_file }}"
capabilities:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
network_mode: container:batman_network
- name: Start dhcp server for ipv4
docker_container:
name: dhcp_v4
image: dhcpd
env_file: "{{ env_file }}"
env:
DHCPD_MODE: "4"
capabilities:
- NET_ADMIN
network_mode: container:batman_network
- name: Start dhcp server for ipv6
docker_container:
name: dhcp_v6
image: dhcpd
env_file: "{{ env_file }}"
env:
DHCPD_MODE: "6"
capabilities:
- NET_ADMIN
network_mode: container:batman_network
Reference in New Issue View Git Blame Copy Permalink