Support IPv6 bridges
This commit is contained in:
parent
3dcad38d0b
commit
d6b56ec5ed
@ -8,6 +8,11 @@ system_var_home_directory: "{{ system_var_root_directory }}/home"
|
||||
system_var_data_directory: "{{ system_var_root_directory }}/data"
|
||||
system_var_containers_directory: "{{ system_var_root_directory }}/containers"
|
||||
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# vpn
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
vpn_global_inet6_prefix: "fd6f:1af7:ce35"
|
||||
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# vpn:wireguard
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
@ -19,15 +24,24 @@ vpn_wireguard_subnet: "10.66.0.0/30"
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# vpn:bridge
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
vpn_bridge_prefix: "10.66.{{ vpn_subnet_id }}"
|
||||
vpn_bridge_address: "{{ vpn_bridge_prefix }}.1"
|
||||
vpn_bridge_broadcast: "{{ vpn_bridge_prefix }}.255"
|
||||
vpn_bridge_prefixlen: "24"
|
||||
vpn_bridge_subnet: "{{ vpn_bridge_prefix }}.0/{{ vpn_bridge_prefixlen }}"
|
||||
vpn_bridge_inet_prefix: "10.66.{{ vpn_subnet_id }}"
|
||||
vpn_bridge_inet_address: "{{ vpn_bridge_inet_prefix }}.1"
|
||||
vpn_bridge_inet_prefixlen: "24"
|
||||
vpn_bridge_inet_subnet: "{{ vpn_bridge_inet_prefix }}.0/{{ vpn_bridge_inet_prefixlen }}"
|
||||
|
||||
vpn_bridge_inet6_prefix: "{{ vpn_global_inet6_prefix }}:{{ '%04x' % (0x6600 + vpn_subnet_id) }}"
|
||||
vpn_bridge_inet6_address: "{{ vpn_bridge_inet6_prefix }}::1"
|
||||
vpn_bridge_inet6_prefixlen: "64"
|
||||
vpn_bridge_inet6_subnet: "{{ vpn_bridge_inet6_prefix }}::/{{ vpn_bridge_inet6_prefixlen }}"
|
||||
|
||||
vpn_bridge_dnat: "\
|
||||
{% set vpn_bridge_dnat = [] %}\
|
||||
{% for properties in ( services_host_services.values() | selectattr('tcp', 'defined') ) %}\
|
||||
{{ vpn_bridge_dnat.append({ 'address': properties.address, 'ports': properties.tcp }) }}\
|
||||
{{ vpn_bridge_dnat.append({
|
||||
'inet_address': properties.inet_address,
|
||||
'inet6_address': properties.inet6_address,
|
||||
'ports': properties.tcp
|
||||
}) }}\
|
||||
{% endfor %}\
|
||||
{{ vpn_bridge_dnat }}"
|
||||
|
||||
|
@ -2,11 +2,15 @@
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# network
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
local_network_address: "192.168.0.0"
|
||||
local_network_masklen: 16
|
||||
local_network: "{{ local_network_address }}/{{ local_network_masklen }}"
|
||||
local_inet_network_address: "192.168.0.0"
|
||||
local_inet_network_prefixlen: 16
|
||||
local_inet_network: "{{ local_inet_network_address }}/{{ local_inet_network_prefixlen }}"
|
||||
|
||||
local_inet6_network_address: "2001:1c00:161e:7900::"
|
||||
local_inet6_network_prefixlen: 64
|
||||
local_inet6_network: "{{ local_inet6_network_address }}/{{ local_inet6_network_prefixlen }}"
|
||||
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# system:base
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
system_base_fail2ban_ignoreip: "{{ local_network }}"
|
||||
system_base_fail2ban_ignoreip: "{{ local_inet_network }} {{ local_inet6_network }}"
|
||||
|
@ -28,16 +28,18 @@ vpn_wireguard_interface_private_key: "{{ vault_vpn_wireguard_interface_private_k
|
||||
vpn_wireguard_clients:
|
||||
- public_key: "{{ vault_vpn_wireguard_clients_0_public_key }}"
|
||||
preshared_key: "{{ vault_vpn_wireguard_clients_0_preshared_key }}"
|
||||
subnet: "{{ hostvars.yggdrasil.vpn_bridge_prefix }}.0/24"
|
||||
subnet: "{{ hostvars.yggdrasil.vpn_bridge_inet_prefix }}.0/24"
|
||||
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# services
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
services_host_services:
|
||||
rproxy:
|
||||
address: "{{ vpn_bridge_prefix }}.2"
|
||||
inet_address: "{{ vpn_bridge_inet_prefix }}.2"
|
||||
inet6_address: "{{ vpn_bridge_inet6_prefix }}::2"
|
||||
tcp: [80, 443]
|
||||
restic: true
|
||||
www:
|
||||
address: "{{ vpn_bridge_prefix }}.3"
|
||||
inet_address: "{{ vpn_bridge_inet_prefix }}.3"
|
||||
inet6_address: "{{ vpn_bridge_inet6_prefix }}::3"
|
||||
restic: false
|
||||
|
@ -75,8 +75,10 @@ vpn_wireguard_routing_table: 66
|
||||
# vpn:bridge
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
vpn_bridge_routing_table: "{{ vpn_wireguard_routing_table }}"
|
||||
vpn_bridge_local_only_daddr:
|
||||
- "{{ services_host_services.database.address }}"
|
||||
vpn_bridge_local_only_inet_daddr:
|
||||
- "{{ services_host_services.database.inet_address }}"
|
||||
vpn_bridge_local_only_inet6_daddr:
|
||||
- "{{ services_host_services.database.inet6_address }}"
|
||||
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# backups:snapshots
|
||||
@ -142,26 +144,32 @@ services_containers_dataset: "{{ system_var_containers_dataset }}"
|
||||
|
||||
services_host_services:
|
||||
lrproxy:
|
||||
address: "{{ vpn_bridge_prefix }}.2"
|
||||
inet_address: "{{ vpn_bridge_inet_prefix }}.2"
|
||||
inet6_address: "{{ vpn_bridge_inet6_prefix }}::2"
|
||||
tcp: [80, 443]
|
||||
restic: true
|
||||
database:
|
||||
address: "{{ vpn_bridge_prefix }}.3"
|
||||
inet_address: "{{ vpn_bridge_inet_prefix }}.3"
|
||||
inet6_address: "{{ vpn_bridge_inet6_prefix }}::3"
|
||||
restic: true
|
||||
cloud:
|
||||
address: "{{ vpn_bridge_prefix }}.4"
|
||||
inet_address: "{{ vpn_bridge_inet_prefix }}.4"
|
||||
inet6_address: "{{ vpn_bridge_inet6_prefix }}::4"
|
||||
restic: true
|
||||
restic_exclude:
|
||||
- "external"
|
||||
git:
|
||||
address: "{{ vpn_bridge_prefix }}.5"
|
||||
inet_address: "{{ vpn_bridge_inet_prefix }}.5"
|
||||
inet6_address: "{{ vpn_bridge_inet6_prefix }}::5"
|
||||
tcp: ["{{ services.git.ssh_port }}"]
|
||||
restic: true
|
||||
notes:
|
||||
address: "{{ vpn_bridge_prefix }}.6"
|
||||
inet_address: "{{ vpn_bridge_inet_prefix }}.6"
|
||||
inet6_address: "{{ vpn_bridge_inet6_prefix }}::6"
|
||||
restic: true
|
||||
music:
|
||||
address: "{{ vpn_bridge_prefix }}.7"
|
||||
inet_address: "{{ vpn_bridge_inet_prefix }}.7"
|
||||
inet6_address: "{{ vpn_bridge_inet6_prefix }}::7"
|
||||
collection_path: "{{ music_user_data_collection_directory }}"
|
||||
archive_path: "{{ music_user_data_archive_directory }}"
|
||||
restic: true
|
||||
|
2
roles
2
roles
@ -1 +1 @@
|
||||
Subproject commit f944dae2fe14a5bf9319c8c1e822f380716d8bb4
|
||||
Subproject commit 18ee9c7a242c612d5661607ead478794e757ef03
|
Loading…
Reference in New Issue
Block a user