ansible-ffibk/roles/service-fastd-backbone/templates/fastd-backbone.conf.j2

44 lines
1.2 KiB
Text
Raw Permalink Normal View History

#
# {{ ansible_managed }}
#
{% if debug_fastd %}
log level debug;
{% else %}
log level warn;
{% endif %}
hide ip addresses no;
hide mac addresses no;
method "aes128-ctr+umac";
2017-11-06 21:24:56 +01:00
interface "{{ item.0.id }}igvpn-{{ item.1.mtu }}";
2019-03-02 18:10:48 +01:00
bind {{ ansible_default_ipv4.address | ipaddr('public') }}:11{{ item.1.id }}{{ '%02d' % item.0.domain_number }};
bind {{ ansible_default_ipv6.address | ipaddr('public') | ipwrap }}:11{{ item.1.id }}{{ '%02d' % item.0.domain_number }};
include "secret.conf";
mtu {{ item.1.mtu }};
peer group "servers" {
2019-03-02 18:10:48 +01:00
{% if item.0.legacy is defined %}
include peers from "peers/gates";
include peers from "peers/services";
2019-03-02 18:10:48 +01:00
{% else %}
{% for group in fastd_groups %}
{% for host in groups[group] %}
{% set peer = host.rsplit('.')[0] %}
{% if host != inventory_hostname %}
peer "{{ peer }}" {
key "{{ lookup('passwordstore', item.1.pass + '/' + peer + ' subkey=public') }}";
remote ipv6 "{{ host }}" port 11{{ item.1.id }}{{ '%02d' % item.0.domain_number }};
}
{% endif %}
{% endfor %}
{% endfor %}
{% endif %}
}
on up "/bin/systemctl reload networking";
2017-11-06 21:24:56 +01:00
status socket "/var/run/fastd-{{ item.0.id }}igvpn-{{ item.1.mtu }}.status";