misc

16 files changed, 52 insertions, 24 deletions

diff --git a/ansible/all.yml b/ansible/all.yml
index ecbf83e..1404155 100644
--- a/ansible/all.yml
+++ b/ansible/all.yml
@@ -11,7 +11,7 @@
 - import_playbook: plays/apt-repos.yml
 
 - hosts:
-    - linode-dns-update
+    - linode_dns_update
   roles:
     - linode-dns-update
 
@@ -25,5 +25,5 @@
 - import_playbook: plays/postfix-satellite.yml
 - import_playbook: nftables.yml
 - import_playbook: lxc-host.yml
-- import_playbook: wireguard.yml
+- import_playbook: plays/wireguard.yml
 - import_playbook: unifi.yml
diff --git a/ansible/conflatorio.yml b/ansible/conflatorio.yml
index 9d3a832..3179792 100644
--- a/ansible/conflatorio.yml
+++ b/ansible/conflatorio.yml
@@ -1,5 +1,5 @@
 - hosts:
-    - conflatorio-lxc
+    - conflatorio_lxc
   roles:
     - lusers
     - superusers
diff --git a/ansible/elasticsearch.yml b/ansible/elasticsearch.yml
index 6b05ce7..59f34b5 100644
--- a/ansible/elasticsearch.yml
+++ b/ansible/elasticsearch.yml
@@ -1,5 +1,5 @@
 - hosts:
-    - elasticsearch-servers
+    - elasticsearch_servers
   tasks:
     - name: Create elasticsearch user
       become: yes
@@ -29,7 +29,7 @@
         regexp: "ES_PATH_CONF"
 
 - hosts:
-    - elasticsearch-servers
+    - elasticsearch_servers
   roles:
     - ansible-elasticsearch
   vars:
diff --git a/ansible/group_vars/all/users.yml b/ansible/group_vars/all/users.yml
index 951eab5..e44001c 100644
--- a/ansible/group_vars/all/users.yml
+++ b/ansible/group_vars/all/users.yml
@@ -10,6 +10,10 @@ users:
 
     authorized_keys_absent:
       - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGpWssvnarp8O/oN86VDlLxUHAYHSKbdhXpe1s0hWkX5 trygvis@fuckaduck
+  pi:
+    authorized_keys: ""
+  tingo:
+    authorized_keys: ""
 
 lusers:
   - trygvis
diff --git a/ansible/group_vars/all/wireguard_wg0.yml b/ansible/group_vars/all/wireguard_wg0.yml
index 872c432..ab6c845 100644
--- a/ansible/group_vars/all/wireguard_wg0.yml
+++ b/ansible/group_vars/all/wireguard_wg0.yml
@@ -1,4 +1,4 @@
-wireguard-wg0:
+wireguard_wg0:
   if: wg0
   ipv4_prefix: 24
   ipv6_prefix: 64
@@ -25,3 +25,9 @@ wireguard-wg0:
     malabaricus:
       state: present
       ipv6: fdf3:aad9:a885:0b3a::8
+    sweetzpot-mobile:
+      state: present
+      ipv6: fdf3:aad9:a885:0b3a::9
+    astyanax:
+      state: present
+      ipv6: fdf3:aad9:a885:0b3a::10
diff --git a/ansible/group_vars/all/wireguard_wg1.yml b/ansible/group_vars/all/wireguard_wg1.yml
index 3d00701..c8324d5 100644
--- a/ansible/group_vars/all/wireguard_wg1.yml
+++ b/ansible/group_vars/all/wireguard_wg1.yml
@@ -1,4 +1,4 @@
-wireguard-wg1:
+wireguard_wg1:
   if: wg1
   ipv4_prefix: 24
   ipv6_prefix: 64
diff --git a/ansible/host_vars/knot/wireguard.yml b/ansible/host_vars/knot/wireguard.yml
deleted file mode 100644
index a921af1..0000000
--- a/ansible/host_vars/knot/wireguard.yml
+++ /dev/null
@@ -1 +0,0 @@
-wireguard__role: server
diff --git a/ansible/host_vars/sweetzpot-mobile/users.yml b/ansible/host_vars/sweetzpot-mobile/users.yml
new file mode 100644
index 0000000..b1abb66
--- /dev/null
+++ b/ansible/host_vars/sweetzpot-mobile/users.yml
@@ -0,0 +1,9 @@
+lusers:
+  - trygvis
+  - tingo
+  - pi
+
+superusers:
+  - trygvis
+  - tingo
+  - pi
diff --git a/ansible/inventory b/ansible/inventory
index bd24e44..248b4b8 100644
--- a/ansible/inventory
+++ b/ansible/inventory
@@ -24,6 +24,8 @@ all:
       ansible_host: 192.168.10.202
     astyanax:
       ansible_host: 2a01:79d:4698:96bc:d804:e55d:ee18:b7ba
+    sweetzpot-mobile:
+      ansible_host: 192.168.10.123
     conflatorio-test1:
       ansible_host: "fd56:1ae9:097d:3ddd:6c53:1011:3bad:9498"
     conflatorio-test2:
@@ -51,7 +53,7 @@ all:
       hosts:
         homepi:
         malabaricus:
-    elasticsearch-servers:
+    elasticsearch_servers:
       hosts:
         conflatorio-test1:
         arius-test1:
@@ -65,20 +67,20 @@ all:
         numquam:
         unifi:
       children:
-        conflatorio-lxc:
-    lxc-hosts:
+        conflatorio_lxc:
+    lxc_hosts:
       hosts:
         arius:
         birgitte:
 #        conflatorio:
-    conflatorio-lxc:
+    conflatorio_lxc:
       hosts:
         conflatorio-test1:
         conflatorio-test2:
         conflatorio-test3:
         conflatorio-test4:
         conflatorio-test5:
-    linode-dns-update:
+    linode_dns_update:
       hosts:
         akysis:
         arius:
@@ -123,7 +125,7 @@ all:
           ansible_ssh_extra_args: sz-test
 
 # Borg
-    borg-malabaricus:
+    borg_malabaricus:
       hosts:
         birgitte:
         conflatorio:
@@ -133,7 +135,7 @@ all:
       children:
         borg_nas:
 
-    wireguard_wg-net1:
+    wireguard_wg_net1:
       hosts:
         akili:
         arius:
@@ -150,6 +152,7 @@ all:
         conflatorio:
         knot:
         malabaricus:
+        sweetzpot-mobile:
 
     wireguard_wg1:
       hosts:
diff --git a/ansible/lxc-host.yml b/ansible/lxc-host.yml
index d1c0346..28bd7c7 100644
--- a/ansible/lxc-host.yml
+++ b/ansible/lxc-host.yml
@@ -1,4 +1,4 @@
 - hosts:
-    - lxc-hosts
+    - lxc_hosts
   roles:
     - lxc-host
diff --git a/ansible/plays/files/astyanax/etc/wireguard/public-wg0.key b/ansible/plays/files/astyanax/etc/wireguard/public-wg0.key
new file mode 100644
index 0000000..62eb9b6
--- /dev/null
+++ b/ansible/plays/files/astyanax/etc/wireguard/public-wg0.key
@@ -0,0 +1 @@
+CnfTr3NGymPlOKzWeaUXutxaIFKRDpREx3XI40rUr2U=
diff --git a/ansible/plays/files/sweetzpot-mobile/etc/wireguard/public-wg0.key b/ansible/plays/files/sweetzpot-mobile/etc/wireguard/public-wg0.key
new file mode 100644
index 0000000..73c8ae8
--- /dev/null
+++ b/ansible/plays/files/sweetzpot-mobile/etc/wireguard/public-wg0.key
@@ -0,0 +1 @@
+EQhaAO3krXKwugH0gdWEd/VjtsxXVWg0osNi5Ia6KDs=
diff --git a/ansible/plays/malabaricus.yml b/ansible/plays/malabaricus.yml
index 8ed1ea8..6e6a9a4 100644
--- a/ansible/plays/malabaricus.yml
+++ b/ansible/plays/malabaricus.yml
@@ -39,6 +39,8 @@
           opcache.memory_consumption=128
           opcache.save_comments=1
           opcache.revalidate_freq=1
+
+          max_execution_time = 300
       notify: systemctl restart fpm
     - lineinfile:
         path: '/etc/php/{{ fpm_version }}/fpm/pool.d/www.conf'
diff --git a/ansible/plays/wireguard-wg0.yml b/ansible/plays/wireguard-wg0.yml
new file mode 100644
index 0000000..578fc81
--- /dev/null
+++ b/ansible/plays/wireguard-wg0.yml
@@ -0,0 +1,6 @@
+- hosts:
+    - wireguard_wg0
+  roles:
+    - role: wireguard
+      wireguard__name: wireguard_wg0
+
diff --git a/ansible/plays/wireguard.yml b/ansible/plays/wireguard.yml
index 26ee9ff..87ae59b 100644
--- a/ansible/plays/wireguard.yml
+++ b/ansible/plays/wireguard.yml
@@ -8,15 +8,8 @@
       wireguard__state: absent
       wireguard__name: wireguard_wg_net1
 
-- hosts:
-    - wireguard_wg0
+- import_playbook: wireguard-wg0.yml
   tags: wg0
-  roles:
-    - role: wireguard
-      wireguard__name: wireguard-wg0
-  vars:
-    wg_net: "{{ hostvars[ansible_hostname][wireguard__name] }}"
-    wg_host: "{{ wg_net.hosts[ansible_hostname] }}"
 
 - hosts:
     - wireguard_wg1
diff --git a/ansible/roles/wireguard/tasks/main.yml b/ansible/roles/wireguard/tasks/main.yml
index 62d64ce..6be02cc 100644
--- a/ansible/roles/wireguard/tasks/main.yml
+++ b/ansible/roles/wireguard/tasks/main.yml
@@ -9,6 +9,10 @@
     netdev_path: "/etc/systemd/network/60-{{ wg_net.if }}.netdev"
     network_path: "/etc/systemd/network/61-{{ wg_net.if }}.network"
   block:
+    - debug: var=wg_net
+    - debug: var=wg_host
+    - debug: var=all_peers
+
     - name: Install packages
       tags: packages
       apt: