Configure bird daemons on VPNs

2021-02-24 22:11:50 +01:00 · 2021-02-24 22:11:50 +01:00 · 9954c9e7d5
commit 9954c9e7d5
parent 259c2afeab
4 changed files with 42 additions and 29 deletions
--- a/host_vars/vpn-ng-backup.adm.auro.re.yml
+++ b/host_vars/vpn-ng-backup.adm.auro.re.yml
@ -6,16 +6,20 @@ wireguard_endpoints:
    peer:
      public_key: "{{ vault_wireguard_secrets.ovh_edc.public }}"
      allowed_addrs:
-        - 192.168.0.3/32
-        - 10.132.0.0/16
+        - 0.0.0.0/0
+        - ::/0
      keepalive: 5
      endpoint: 92.222.211.198:5413

-nftables_basic_input_rules:
-  - proto: tcp
-    port: 22
-    verdict: accept 
-  - proto: udp
-    port: 5412
-    verdict: accept
+bird_router_id: 10.128.0.124
+bird_router_prefsrc: 10.128.0.124
+bird_ospf_ifaces:
+  ens18:
+    stub: true
+  ovh:
+    type: pointopoint
+    cost: 4000
+  ens19:
+    type: broadcast
+    cost: 1000
 ...
--- a/host_vars/vpn-ng.adm.auro.re.yml
+++ b/host_vars/vpn-ng.adm.auro.re.yml
@ -6,16 +6,20 @@ wireguard_endpoints:
    peer:
      public_key: "{{ vault_wireguard_secrets.ovh_gs.public }}"
      allowed_addrs:
-        - 192.168.0.1/32
-        - 10.132.0.0/16
+        - 0.0.0.0/0
+        - ::/0
      keepalive: 5
      endpoint: 92.222.211.198:5412

-nftables_basic_input_rules:
-  - proto: tcp
-    port: 22
-    verdict: accept 
-  - proto: udp
-    port: 5412
-    verdict: accept
+bird_router_id: 10.128.0.224
+bird_router_prefsrc: 10.128.0.224
+bird_ospf_ifaces:
+  ens18:
+    stub: true
+  ovh:
+    type: pointopoint
+    cost: 2000
+  ens19:
+    type: broadcast
+    cost: 1000
 ...
--- a/host_vars/vpn-ovh-ng.auro.re.yml
+++ b/host_vars/vpn-ovh-ng.auro.re.yml
@ -7,8 +7,8 @@ wireguard_endpoints:
    peer:
      public_key: "{{ vault_wireguard_secrets.gs.public }}"
      allowed_addrs:
-        - 192.168.0.0/32
-        - 10.128.0.0/16
+        - 0.0.0.0/0
+        - ::/0
      keepalive: 5
  - name: edc
    addr: 192.168.0.3/31
@ -17,15 +17,19 @@ wireguard_endpoints:
    peer:
      public_key: "{{ vault_wireguard_secrets.edc.public }}"
      allowed_addrs:
-        - 192.168.0.2/32
-        - 10.128.0.0/16
+        - 0.0.0.0/0
+        - ::/0
      keepalive: 5

-nftables_basic_input_rules:
-  - proto: tcp
-    port: 22
-    verdict: accept 
-  - proto: udp
-    port: 5412
-    verdict: accept
+bird_router_id: 10.132.0.254
+bird_router_prefsrc: 10.132.0.254
+bird_ospf_ifaces:
+  ens19:
+    stub: true
+  gs:
+    type: pointopoint
+    cost: 2000
+  edc:
+    type: pointopoint
+    cost: 4000
 ...
--- a/vpn.yml
+++ b/vpn.yml
@ -6,4 +6,5 @@
    - vpn-ng-backup.adm.auro.re
  roles:
    - wireguard-endpoint
+    - bird
 ...