e4e8c0998f
* add jinja2 extension 'jinja2.ext.do' to ansible.cfg * add host kichererbse.freifunk-mwu.de * add new server_type 'mesh-service' and new host group 'ffmwu-mesh-services' * use new loopback and anycast networks * add role wireguard * add role wireguard as dependency for roles network-routing + service-bird * add playbook 'mesh-services'
83 lines
4.3 KiB
Django/Jinja
83 lines
4.3 KiB
Django/Jinja
#!/bin/sh
|
|
#
|
|
# {{ ansible_managed }}
|
|
#
|
|
|
|
{% for network in my_wireguard_networks %}
|
|
{% if magic < network.remote_magic %}
|
|
/sbin/ip -4 route add {{ network.ipv4 | ipaddr('network/prefix') }} dev wg-{{ network.remote[:11] }} scope link src {{ network.ipv4 | ipaddr('address') }} table mwu
|
|
/sbin/ip -6 route add {{ network.ipv6 | ipaddr('network/prefix') }} dev wg-{{ network.remote[:11] }} scope link src {{ network.ipv6 | ipaddr('network') }} table mwu
|
|
{% else %}
|
|
/sbin/ip -4 route add {{ network.ipv4 | ipaddr('network/prefix') }} dev wg-{{ network.remote[:11] }} scope link src {{ network.ipv4 | ipaddr('1') | ipaddr('address') }} table mwu
|
|
/sbin/ip -6 route add {{ network.ipv6 | ipaddr('network/prefix') }} dev wg-{{ network.remote[:11] }} scope link src {{ network.ipv6 | ipaddr('1') | ipaddr('address') }} table mwu
|
|
{% endif %}
|
|
{% endfor %}
|
|
{% if server_type == 'gateway' or server_type == 'monitoring' %}
|
|
{% for mesh in meshes %}
|
|
# static {{ mesh.domain_name }} routes for rt_table mwu
|
|
/sbin/ip -4 route add {{ mesh.ipv4_network }} proto static dev {{ mesh.id }}br table mwu
|
|
{% for ula in mesh.ipv6_ula %}
|
|
/sbin/ip -6 route add {{ ula | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu
|
|
{% endfor %}
|
|
{% for public in mesh.ipv6_public %}
|
|
/sbin/ip -6 route add {{ public | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu
|
|
{% endfor %}
|
|
{% if mesh_gw_prefixes is defined %}
|
|
{% for public in mesh_gw_prefixes[mesh.id].ipv6_public %}
|
|
/sbin/ip -6 route add {{ public | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}br table mwu
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% if not loop.last %}
|
|
|
|
{% endif %}
|
|
{% endfor %}
|
|
{% endif %}
|
|
|
|
{% if server_type == 'gateway' %}
|
|
# static blackhole routes for rt_table internet
|
|
/sbin/ip -4 route add blackhole 0.0.0.0/8 table internet
|
|
/sbin/ip -4 route add blackhole 10.0.0.0/8 table internet
|
|
/sbin/ip -4 route add blackhole 100.64.0.0/10 table internet
|
|
/sbin/ip -4 route add blackhole 127.0.0.0/8 table internet
|
|
/sbin/ip -4 route add blackhole 169.254.0.0/16 table internet
|
|
/sbin/ip -4 route add blackhole 172.16.0.0/12 table internet
|
|
/sbin/ip -4 route add blackhole 192.0.0.0/24 table internet
|
|
/sbin/ip -4 route add blackhole 192.0.2.0/24 table internet
|
|
/sbin/ip -4 route add blackhole 192.88.99.0/24 table internet
|
|
/sbin/ip -4 route add blackhole 192.168.0.0/16 table internet
|
|
/sbin/ip -4 route add blackhole 198.18.0.0/15 table internet
|
|
/sbin/ip -4 route add blackhole 198.51.100.0/24 table internet
|
|
/sbin/ip -4 route add blackhole 203.0.113.0/24 table internet
|
|
/sbin/ip -4 route add blackhole 224.0.0.0/4 table internet
|
|
/sbin/ip -4 route add blackhole 240.0.0.0/4 table internet
|
|
/sbin/ip -4 route add blackhole 255.255.255.255/32 table internet
|
|
/sbin/ip -6 route add blackhole fec0::/10 table internet
|
|
/sbin/ip -6 route add blackhole fc00::/7 table internet
|
|
/sbin/ip -6 route add blackhole ff00::/8 table internet
|
|
/sbin/ip -6 route add blackhole ::/96 table internet
|
|
/sbin/ip -6 route add blackhole 0:0:0:0:0:ffff::/96 table internet
|
|
|
|
# static blackhole routes for rt_table main
|
|
/sbin/ip -4 route add blackhole 0.0.0.0/8 table main
|
|
/sbin/ip -4 route add blackhole 10.0.0.0/8 table main
|
|
/sbin/ip -4 route add blackhole 100.64.0.0/10 table main
|
|
/sbin/ip -4 route add blackhole 127.0.0.0/8 table main
|
|
/sbin/ip -4 route add blackhole 169.254.0.0/16 table main
|
|
/sbin/ip -4 route add blackhole 172.16.0.0/12 table main
|
|
/sbin/ip -4 route add blackhole 192.0.0.0/24 table main
|
|
/sbin/ip -4 route add blackhole 192.0.2.0/24 table main
|
|
/sbin/ip -4 route add blackhole 192.88.99.0/24 table main
|
|
/sbin/ip -4 route add blackhole 192.168.0.0/16 table main
|
|
/sbin/ip -4 route add blackhole 198.18.0.0/15 table main
|
|
/sbin/ip -4 route add blackhole 198.51.100.0/24 table main
|
|
/sbin/ip -4 route add blackhole 203.0.113.0/24 table main
|
|
/sbin/ip -4 route add blackhole 224.0.0.0/4 table main
|
|
/sbin/ip -4 route add blackhole 240.0.0.0/4 table main
|
|
/sbin/ip -4 route add blackhole 255.255.255.255/32 table main
|
|
/sbin/ip -6 route add blackhole fec0::/10 table main
|
|
/sbin/ip -6 route add blackhole fc00::/7 table main
|
|
/sbin/ip -6 route add blackhole ff00::/8 table main
|
|
/sbin/ip -6 route add blackhole ::/96 table main
|
|
/sbin/ip -6 route add blackhole 0:0:0:0:0:ffff::/96 table main
|
|
/sbin/ip -6 route add blackhole ::/0 table main
|
|
{% endif %}
|