commit 7960b93bfac97d79b7c80d0570847974b74f7e48
parent 65b7207eb9b1c3c404d975fcd60a7f8a54720719
Author: Leah (ctucx) <leah@ctu.cx>
Date: Wed, 13 Jan 2021 00:38:05 +0100
parent 65b7207eb9b1c3c404d975fcd60a7f8a54720719
Author: Leah (ctucx) <leah@ctu.cx>
Date: Wed, 13 Jan 2021 00:38:05 +0100
router-playbook: fix up stuff
1 file changed, 68 insertions(+), 42 deletions(-)
M
|
110
+++++++++++++++++++++++++++++++++++++++++++++++++------------------------------
diff --git a/playbook-router.yml b/playbook-router.yml @@ -77,10 +77,10 @@ - Name: wg-pbb - Kind: wireguard - WireGuard: - - PrivateKey: "{{ lookup('diskcache', 'community.general.passwordstore', 'server/lollo/wireguard.privkey returnall=true') }}" + - PrivateKey: "{{ lookup('diskcache', 'community.general.passwordstore', 'Server/lollo/wireguard.privkey returnall=true') }}" - FirewallMark: 51820 - WireGuardPeer: - - PublicKey: "{{ lookup('diskcache', 'community.general.passwordstore', 'server/desastro/wireguard.pubkey returnall=true') }}" + - PublicKey: "{{ lookup('diskcache', 'community.general.passwordstore', 'Server/desastro/wireguard.pubkey returnall=true') }}" - AllowedIPs: "0.0.0.0/0, ::/0" - Endpoint: "195.39.247.172:51820" - PersistentKeepalive: 10 @@ -113,9 +113,6 @@ - Name: wg-pbb - Link: - MTUBytes: 1472 - - Network: - - Address: 195.39.246.32/32 - - Address: 2a0f:4ac0:acab::1/128 - Route: - Destination: 0.0.0.0/0 - Table: 1234 @@ -130,7 +127,7 @@ - Driver: bridge - Network: - DHCP: no - - Address: 195.39.246.32/28 + - Address: 195.39.246.33/28 - Address: 10.0.0.1/24 - Address: 2a0f:4ac0:acab::1/48 - RoutingPolicyRule: @@ -173,6 +170,16 @@ - lollo.ctu.cx renew_tasks: - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/lollo.ctu.cx + home.ctu.cx: + dns_names: + - home.ctu.cx + renew_tasks: + - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/home.ctu.cx + home.flauschekatze.space: + dns_names: + - home.flauschekatze.space + renew_tasks: + - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/home.flauschekatze.space syncthing.lollo.ctu.cx: dns_names: - syncthing.lollo.ctu.cx @@ -185,6 +192,14 @@ vhosts: lollo.ctu.cx: defaultserver: true + ssl: + enable: true + cert: "/var/lib/acme-redirect/live/lollo.ctu.cx/fullchain" + privkey: "/var/lib/acme-redirect/live/lollo.ctu.cx/privkey" + locations: + - path: /node-exporter + proxy: http://127.0.0.1:9100/metrics + home.ctu.cx: root: /var/lib/websites/lollo.ctu.cx extraConfig: " index index.html index.php; @@ -192,11 +207,26 @@ " ssl: enable: true - cert: "/var/lib/acme-redirect/live/lollo.ctu.cx/fullchain" - privkey: "/var/lib/acme-redirect/live/lollo.ctu.cx/privkey" + cert: "/var/lib/acme-redirect/live/home.ctu.cx/fullchain" + privkey: "/var/lib/acme-redirect/live/home.ctu.cx/privkey" + locations: + - path: ~ \.php$ + extraConfig: " + fastcgi_pass unix:/run/php-fpm/php-fpm.sock; + fastcgi_index index.php; + include fastcgi_params; + " + home.flauschekatze.space: + root: /var/lib/websites/lollo.ctu.cx + extraConfig: " + index index.html index.php; + try_files $uri $uri/ / index.php?$query_string; + " + ssl: + enable: true + cert: "/var/lib/acme-redirect/live/home.flauschekatze.space/fullchain" + privkey: "/var/lib/acme-redirect/live/home.flauschekatze.space/privkey" locations: - - path: /node-exporter - proxy: http://127.0.0.1:9100/metrics - path: ~ \.php$ extraConfig: " fastcgi_pass unix:/run/php-fpm/php-fpm.sock; @@ -205,7 +235,7 @@ " hostapd: - enable: true + enable: false interface: wlp3s0 bridge: brlan channel: 1 @@ -223,9 +253,11 @@ enable_ra: true quiet_ra: true domain: home.ctu.cx - auth_zone: - - home.ctu.cx, 10.0.0.1/24, 195.39.246.33/28, 2a0f:4ac0:acab::1/64 - - home.flauschekatze.space, 10.0.0.1/24, 195.39.246.33/28, 2a0f:4ac0:acab::1/64 + auth_ttl: 600 + auth_server: home.ctu.cx, wg-pbb + auth_zones: + - home.ctu.cx, 10.0.0.1/24, 195.39.246.32/28, 2a0f:4ac0:acab::1/64 + - home.flauschekatze.space, 10.0.0.1/24, 195.39.246.32/28, 2a0f:4ac0:acab::1/64 local_addresses: - /fritz.box/192.168.178.1 - /intel-nuc/192.168.178.21 @@ -233,12 +265,9 @@ - /repo-vm/192.168.178.24 - /mastodon-backup/192.168.178.25 - /foo-nuc/192.168.178.23 - - /lollo.ctu.cx/10.0.0.1 - - /home.ctu.cx/10.0.0.1 - - /home.flauschekatze.space/10.0.0.1 addresses: - - home.ctu.cx, 195.39.246.32 - - home.flauschekatze.space, 195.39.246.32 + - home.ctu.cx, 195.39.246.33, 2a0f:4ac0:acab::1 + - home.flauschekatze.space, 195.39.246.33, 2a0f:4ac0:acab::1 dns_servers: - 1.1.1.1 - 1.0.0.1 @@ -249,35 +278,32 @@ rapid_commit: true sequential_ip: true options: - - option6:information-refresh-time,6h - - option6:dns-server,[2a0f:4ac0:acab::1] - - option:dns-server,10.0.0.1 - - option:router,10.0.0.1 + - option6:information-refresh-time, 6h + - option6:dns-server, [2a0f:4ac0:acab::1] + - public, option:router, 195.39.246.33 + - public, option:dns-server, 195.39.246.33 + - private, option:router, 10.0.0.1 + - private, option:dns-server, 10.0.0.1 ranges: - - 195.39.246.33, 195.39.246.42, 255.255.255.240, 48h - - 10.0.0.32, 10.0.0.160, 255.255.255.0, 48h - - 2a0f:4ac0:acab::100, 2a0f:4ac0:acab::01ff, ra-names,slaac, 64, 48h + - public, 195.39.246.34, 195.39.246.42, 255.255.255.240, 195.39.246.47, 48h + - private, 10.0.0.32, 10.0.0.160, 255.255.255.0, 48h + - 2a0f:4ac0:acab::100, 2a0f:4ac0:acab::01ff, ra-names,slaac, 64, 48h hosts: # ctucx macbook - - id:00:01:00:01:27:51:55:30:80:e6:50:21:e0:6a, toaster, [2a0f:4ac0:acab::33] - - 80:e6:50:21:e0:6a, toaster, 195.39.246.33 + - id:00:01:00:01:27:51:55:30:80:e6:50:21:e0:6a, toaster, [2a0f:4ac0:acab::34] + - 80:e6:50:21:e0:6a, toaster, 195.39.246.34 # ctucx thinkcentre - - id:00:01:00:01:27:60:18:8c:e8:6a:64:f4:49:e7, stasicontainer, [2a0f:4ac0:acab::39] - - e8:6a:64:f4:49:e7, stasicontainer, 195.39.246.39 - # ctucx thinkpad (mac: wlan, eth) - - id:00:04:37:8e:fd:cc:26:b8:11:b2:a8:5c:b8:77:0b:6e:a2:e6, coladose, [2a0f:4ac0:acab::35] - - 7c:2a:31:fb:e6:b8, 8c:16:45:da:61:8e, coladose, 195.39.246.35 + - id:00:01:00:01:27:60:18:8c:e8:6a:64:f4:49:e7, stasicontainer, [2a0f:4ac0:acab::39] + - e8:6a:64:f4:49:e7, stasicontainer, 195.39.246.39 + # ctucx thinkpad t470 (mac: wlan, eth) + - id:00:04:37:8e:fd:cc:26:b8:11:b2:a8:5c:b8:77:0b:6e:a2:e6, coladose, [2a0f:4ac0:acab::35] + - 7c:2a:31:fb:e6:b8, 8c:16:45:da:61:8e, coladose, 195.39.246.35 # isa macbook - - id:00:01:00:01:23:53:5d:7e:6c:40:08:af:2e:9c, isabelles-mbp, [2a0f:4ac0:acab::38] - - 6c:40:08:af:2e:9c, isabelles-mbp, 195.39.246.38 + - id:00:01:00:01:23:53:5d:7e:6c:40:08:af:2e:9c, isabelles-mbp, [2a0f:4ac0:acab::38] + - 6c:40:08:af:2e:9c, isabelles-mbp, 195.39.246.38 # isa thinkpad (x230) - - id:00:04:e8:51:c5:1d:f6:53:58:4a:9b:c0:28:59:a4:c7:76:32, isa-x230, [2a0f:4ac0:acab::36] - - 64:80:99:75:c5:5c, isa-x230, 195.39.246.36 - extraConfig: " - auth-ttl=600\n - auth-server=home.ctu.cx,wg-pbb - auth-server=home.flauschekatze.space,wg-pbb - " + - id:00:04:e8:51:c5:1d:f6:53:58:4a:9b:c0:28:59:a4:c7:76:32, isa-x230, [2a0f:4ac0:acab::36] + - 64:80:99:75:c5:5c, isa-x230, 195.39.246.36 syncthing: enable: true