diff options
author | Trygve Laugstøl <trygvis@inamo.no> | 2024-06-05 22:29:43 +0200 |
---|---|---|
committer | Trygve Laugstøl <trygvis@inamo.no> | 2024-06-05 22:29:43 +0200 |
commit | 26d3c13131177f28ef8a853cb59a5cbb4c952cee (patch) | |
tree | 1958f59480435eef3536b315b32f15ce9a830c03 /tnet | |
parent | 0dc5ffd01cfd621b4cb6830d5ab77a9031c802b0 (diff) | |
download | infra-26d3c13131177f28ef8a853cb59a5cbb4c952cee.tar.gz infra-26d3c13131177f28ef8a853cb59a5cbb4c952cee.tar.bz2 infra-26d3c13131177f28ef8a853cb59a5cbb4c952cee.tar.xz infra-26d3c13131177f28ef8a853cb59a5cbb4c952cee.zip |
tnet
Diffstat (limited to 'tnet')
26 files changed, 357 insertions, 0 deletions
diff --git a/tnet/bird-install.yml b/tnet/bird-install.yml new file mode 100644 index 0000000..c52ce50 --- /dev/null +++ b/tnet/bird-install.yml @@ -0,0 +1,11 @@ +- hosts: + - bgp + tasks: + - name: Install bird2 + become: yes + vars: + items: + - bird2 + apt: + install_recommends: no + name: "{{ items }}" diff --git a/tnet/host_vars/akili/tnet.yml b/tnet/host_vars/akili/tnet.yml new file mode 100644 index 0000000..56dce60 --- /dev/null +++ b/tnet/host_vars/akili/tnet.yml @@ -0,0 +1,3 @@ +tnet_links: + hash: + knot: diff --git a/tnet/host_vars/hash/tnet.yml b/tnet/host_vars/hash/tnet.yml new file mode 100644 index 0000000..d7e1e32 --- /dev/null +++ b/tnet/host_vars/hash/tnet.yml @@ -0,0 +1,5 @@ +tnet_links: + knot: + port: 51001 + address: fdb1:4242:3538:ffff:410b:dabe:1a0d:6843 + remote: knot.trygvis.io:51001 diff --git a/tnet/host_vars/knot/tnet.yml b/tnet/host_vars/knot/tnet.yml new file mode 100644 index 0000000..a7cca59 --- /dev/null +++ b/tnet/host_vars/knot/tnet.yml @@ -0,0 +1,11 @@ +tnet_links: + hash: + port: 51001 + address: fdb1:4242:3538:ffff:410b:dabe:1a0d:6842 + remote: hash.trygvis.io:51001 + lhn2ix: + port: 51002 + address: fdb1:4242:3538:ffff:18b7:d3ec:5608:db9a + kv24ix: + port: 51003 + address: fdb1:4242:3538:ffff:ea4:11cb:863:5252 diff --git a/tnet/host_vars/kv24ix/tnet.yml b/tnet/host_vars/kv24ix/tnet.yml new file mode 100644 index 0000000..93b8e5e --- /dev/null +++ b/tnet/host_vars/kv24ix/tnet.yml @@ -0,0 +1,2 @@ +tnet_links: + knot: diff --git a/tnet/host_vars/lhn2ix/tnet.yml b/tnet/host_vars/lhn2ix/tnet.yml new file mode 100644 index 0000000..93b8e5e --- /dev/null +++ b/tnet/host_vars/lhn2ix/tnet.yml @@ -0,0 +1,2 @@ +tnet_links: + knot: diff --git a/tnet/keys/wg-akili-hash.pub b/tnet/keys/wg-akili-hash.pub new file mode 100644 index 0000000..2b641c1 --- /dev/null +++ b/tnet/keys/wg-akili-hash.pub @@ -0,0 +1 @@ +rLRkJ7S4/QchoIochAQdJHAbkX0WGt6ySsO6DLngByc=
\ No newline at end of file diff --git a/tnet/keys/wg-akili-hash.sops.key b/tnet/keys/wg-akili-hash.sops.key new file mode 100644 index 0000000..b5cc50d --- /dev/null +++ b/tnet/keys/wg-akili-hash.sops.key @@ -0,0 +1,28 @@ +{ + "data": "ENC[AES256_GCM,data:yso3Z/v36F3wA5Z0SKjhnzGR18GU1sFhyT4gJ0a1jD0XvOu5te1aGthKnCs=,iv:AyIU4zLgbHPU22nEHCEuTP5MJD1jyWmNKzl8ZYxr9Bs=,tag:gowrN3rJznfRxdh4uMkjAA==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age13wv3rp0varlg4nvt3tca48fq8u9q3mc6yfdekjeapcmc7kaq4dysrzcmv3", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFemdKYmZKTXJ3ZWV4M0Yz\nOVZtMTdTTGxrSVNyMXFpUDJmdDg4QjRUVlQwCkx4Tnd2cDNhcmcvaEcxMTMraC9R\nWGNxUnRJYUlVaTFmZlZJUGcvV1hhWE0KLS0tIHorcWlVWVBEZmlGV1IyQklNcnp2\nYXh6anc4dThnRmVOUE1MeExYaW82bXcKOozJqoWwuaBgr4Lgt5swzhOg4bwLpOkf\nBuCE4rhNdjnKX7vmF4xTErMOX8fRZMmHjKcqU4W818biMGezlhV1Hw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mvh832crygenu5tu5njtraraet656rzwnawuasjggvs999dc9ueqj9qclw", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4ZFNrMEZlcEttSUkwSU16\nR1Z1cnVEZFFySEFUVWNLS0JWTTJWaEgxcndnCklHVWpnQkQzOUgrUm4xVThRZ0RJ\nQjNjeVJXWlFOSWVRLzJ6WlBwYitwdE0KLS0tIHFpU1ZIeTNwdDhrRlZSTzA2WWZ0\nemJtNVE2Zkx2RGNuTmlkUCtZd0F3SGcKS5hVPEEW0/e+SO4p8C08C03bhuwjNCXl\nKOmVW34/yEexu2cCwUgqFKtc7lB9mxPjL0uLEuMTdpDdb2FiT49gGw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1teasctdpkatekpsa47q58d3ugwyyqcuj5v9udtusk7ca9sfv694sw057a5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSTTUzQWZOVlNPWmhKd0o4\nWjJFTjY4cXJxbGErRmhrRHdORUgvT2dpK25RCktMTWY0RHByZGVxTlRhUlBwczhM\nNDhpd3k4YXpDVTNmZmY3bndONWU2VzAKLS0tIDlFWHFBekQ5RWpKcGRJUXhNOUw5\nWUNPcEVYamQ3QlZZMkRpdThjR0E1azQKdx/6O8+XpCzCcAGfT1XaEeFP9MBugTps\n7LkSmgt6Ulj+PlnVI99cl5Izu1lNM2F7y+1NxWEI5tRWM/VQ1KIG1Q==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-06-05T19:47:25Z", + "mac": "ENC[AES256_GCM,data:FKhypHPNj1HnYOEYQONGvVzHT2o4fFORhJsoJZZ+hi/9dnPzSOu6tG8B1KcFqbytyg3lAcBj/CqNKzZaxA4ykI/gqB/Yt6vHYXYPX4GTWYzaq4N+I9NkhHvVmS/r2kYkbyTBNQijcrbd7MQ48WMWNz3gEEzm5ZPMyqI3TJCG348=,iv:CFwsEm4iahyeTxyqyY2F5smzMaK0ZX9vD63vPyQFFeo=,tag:3B26DYLQaK32bGYIDq/dow==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.7.3" + } +}
\ No newline at end of file diff --git a/tnet/keys/wg-akili-knot.pub b/tnet/keys/wg-akili-knot.pub new file mode 100644 index 0000000..4c6dff9 --- /dev/null +++ b/tnet/keys/wg-akili-knot.pub @@ -0,0 +1 @@ +2p6XvWveJv40TMW5nGvDkz98KGgRLH6w4SbcMVhqqXI=
\ No newline at end of file diff --git a/tnet/keys/wg-akili-knot.sops.key b/tnet/keys/wg-akili-knot.sops.key new file mode 100644 index 0000000..e5a3204 --- /dev/null +++ b/tnet/keys/wg-akili-knot.sops.key @@ -0,0 +1,28 @@ +{ + "data": "ENC[AES256_GCM,data:8Ci5SUCa+eHIx246stwBmY7nPFNxD5VaZHprMuh8+SVDMRvDB6+qrgbiHiU=,iv:HTxWfyDVEvz7RISMI4QT9Xqzo1ju+pv2Re837M4+Q8k=,tag:Q2zP9J4pZp1Ixp12JNF+RA==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age13wv3rp0varlg4nvt3tca48fq8u9q3mc6yfdekjeapcmc7kaq4dysrzcmv3", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArbE93M0E5NTR6elVoVngv\nczVldHJjZlZaSXp5NHYrOGNaRW51cEk2YWhvClJtNWt0WnE4MXdRNzY5SzBNbWxq\nY2w3VTB1Q3d1Tng1czdFM3Juc3NxV00KLS0tIFFEaEdKUndMRy9RZ1dQUTRUa3Yy\naFVpNWc1TkNZM0FoM3FOMlhuVWVvbjAK+ZfM3N0UqkUHVnOR2GeCgm30W1sPrDfc\n7TmiR+bCTjcQhsEIKPp8/yJRdH9njTb5gefd/TB4B9u8Dtq+JZC5tw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mvh832crygenu5tu5njtraraet656rzwnawuasjggvs999dc9ueqj9qclw", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHL1FDOUxZWm1iWU54K2xt\nYTYwTHJCM1F1WVZDMDZpaDZ1UGtaeVVqeHlRCnNsTnh2SytiY2RpTVBXZUFGb0VZ\nMk9Sd0hyL1c4eHJMN0paL0xNWklPZTAKLS0tIEY5Zmk5VlcrQWxLYnBFdmt4Nnla\nZ2dJZkVCQjJablVnRWFxNVpyMHBBbVkK+/3vZNUMjTSUzNG2D8ZIZ0ag1L3ybZkw\n5nu3uPFNb0Fu60DCsCl4NJISc4uCXbiGsWVi4jRTSWhTXYPi4gok3g==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1teasctdpkatekpsa47q58d3ugwyyqcuj5v9udtusk7ca9sfv694sw057a5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRYmdSS29SVzdGdXdhZGE2\nSmZDUjRGMXNzbUUwYkRoQUt0Q0dFNlY3dWxBCkw0YXFOdDVqalRMM3hOT3ltOEda\ncjBORWhmUHlzNWVjb2lGNEVhUHAxMk0KLS0tIFVzbkRUZGdwNWhseWxGSHVyT2pr\nNEMxcXBZeWRLQVVrdFFleGtkL2hPR0kKRsqgjfcy2FL7zhQM4oiIniObXWnzjVb3\nTLoxsRQ+XNJ++Up3ksu2sskWvl2THswAS3PvqWnhFHdR1P+J4mbdqw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-06-05T19:47:27Z", + "mac": "ENC[AES256_GCM,data:GHmrc3hb9lZMeQO4Duf1p+g2J8c6EV+a3YuN+oi20oZrQSh3JwFFdjrp6rKOQQvSeajaR3zr26/6rWu+t6B/tS5iGauBTImxKordjKfW60JoPgjJ4lpCjEiaBp6ptO6cfIvvIvlJWyehmTw2CWeBaVc1/GofW8xFzMu1osfP6Mg=,iv:YPKC1geNi1q05UpY52Uzm1A5tgKXDmmY8OWUWQU2HNA=,tag:1O7D94LU0ZsH5Qg2FvP1Yg==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.7.3" + } +}
\ No newline at end of file diff --git a/tnet/keys/wg-hash-knot.pub b/tnet/keys/wg-hash-knot.pub new file mode 100644 index 0000000..c335281 --- /dev/null +++ b/tnet/keys/wg-hash-knot.pub @@ -0,0 +1 @@ +o2Sd8hYsjNjZzu0ZceI0DQN3kprqBZhI7++RZvALOjs=
\ No newline at end of file diff --git a/tnet/keys/wg-hash-knot.sops.key b/tnet/keys/wg-hash-knot.sops.key new file mode 100644 index 0000000..2f3e303 --- /dev/null +++ b/tnet/keys/wg-hash-knot.sops.key @@ -0,0 +1,28 @@ +{ + "data": "ENC[AES256_GCM,data:mnf7NKfDpxPxXgdjDpD95Cu4033Tix8t/1PQZ5OiAf2hDz4Bt+8RVxLfzpk=,iv:UCbBghUvEcZ7G02puSPG+JzQpj/ptk9NmRVgnRZTioQ=,tag:gr0QSJreqtygFArS7Awjag==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age13wv3rp0varlg4nvt3tca48fq8u9q3mc6yfdekjeapcmc7kaq4dysrzcmv3", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByY3gycTVqbC9rMjRPZjI4\nM2tkRHExZXhFUHNHSDFqWExQYjd3T21La1FrCit6K3RNdXRGUjA4V24xYk9YQ2RR\nQUlMRW5vUEFBTHRZNEgrSkUyV0tFS2cKLS0tIDlsY1FYUThIblNXZURNNmpCQnNa\nTWZuaXRQbkRIaHBuYVIvMnFHWUhDelEKINqzPypfaqFslJtwTvCw8BvAJX+cjbVz\nnG2veTKodry+wb9SFCTnsa5a7b3cCoClaxaPTntr7oNNH8/YUAjkMw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mvh832crygenu5tu5njtraraet656rzwnawuasjggvs999dc9ueqj9qclw", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBSm1NNkdvNmhLQ20wd0E0\nNkhSSURSUzFqeXVLWlJmUmY2eGtOdjRPRUFNCmMvTW9XNi8ySHJUVlJocy9XTEUx\ncUJuLzhxWnBhNDh6d3lqcUdkVzNMdncKLS0tIFR2a3BxRm92dVQ1cFA4bEo0SnhW\nM3lXZUdhRU5IK0hpbmZIQlAycVl4TkEK1CNX0qD0pWBWceBlMA08JIw22I+qmDTM\nBTW38Wqw/iZJFnpre7lvO80w/5YooIc9VPlanB0JnMpuXXXDftkm8Q==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1teasctdpkatekpsa47q58d3ugwyyqcuj5v9udtusk7ca9sfv694sw057a5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3ZmcrSXlrL1piOXo1MUp4\nczFXTFlNMGlWY01PSS9zMEtCY3ZwTnE2OXdjClQ0Q3RXK0dhb2Z5UzBvRlRJWE96\nYndaVUk3ZjZGbjdiTUtDdUdKTU00Y3cKLS0tIFFtYXVVbGJaekdtYVh3aXB1Qkht\nK0lNd0haZ2ZkZXllOXNRT2hKaThsRmcKOW5NjQIgJwzeNysy54M08SiH26P2rhld\nIF9LgAtm0PqLycsPqfIZb4xvAdgmGtF/Y6nFtB3Y5K88BarwwP2rjA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-06-05T19:47:27Z", + "mac": "ENC[AES256_GCM,data:xSFXtUCQ5gAtT642727t9qg+q9KL25u1Q3viux/zCVORpPSkTeu3E8sB0EhieibjkxV9BFVGjues4RMOR0ZR5BlG6u0K/vY3S6liNvrDq8mXyiwzNccZPSe5pfhPPFTm5aoec09KcDmrT7PJLiEcIzQ8ohj1eR81/ImAjCRVxLU=,iv:QFuMmlprq6eMw86VAv5TVcFnOJxEUYWhgr0KnkqTrYc=,tag:sHzUvITqKHGuQdmnCB5TUQ==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.7.3" + } +}
\ No newline at end of file diff --git a/tnet/keys/wg-knot-hash.pub b/tnet/keys/wg-knot-hash.pub new file mode 100644 index 0000000..f45d6e5 --- /dev/null +++ b/tnet/keys/wg-knot-hash.pub @@ -0,0 +1 @@ +BXwzEhXje5q6I6KaW5K5hw9r1VIg5aTX2C69QHXclAM=
\ No newline at end of file diff --git a/tnet/keys/wg-knot-hash.sops.key b/tnet/keys/wg-knot-hash.sops.key new file mode 100644 index 0000000..a16d2a4 --- /dev/null +++ b/tnet/keys/wg-knot-hash.sops.key @@ -0,0 +1,28 @@ +{ + "data": "ENC[AES256_GCM,data:JoTKd/50zDFXaSNLX77GIUX3mICPU5i00PfGls0mhW/l6nxSwH/pNk5mHd4=,iv:N+veTN0KtS/1+xLVYw5uiR5eu6iD3TyVwhunJ2sHKVI=,tag:0DeTbaNJefz9xJETFNXMbA==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age13wv3rp0varlg4nvt3tca48fq8u9q3mc6yfdekjeapcmc7kaq4dysrzcmv3", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1UzNxYUVPaEpYcU5LVzFr\nQS81Y2FCZm5aeTRPa1dMamdyWFFGaVM2MEM4CnVjRjlPTC9ZZFVDNDBGbzM4cEJz\nUGhOR1lKd2QwMVFXT3BoblBjc0ljdVkKLS0tIElvVkFvV2toYkQ5V29YamFKd0ha\nMTFkTGhtV0QzaE1GcGNZODBzTWxxY0UKaoArs4gGtPCUgwSG+gjzWiG75BaOct0E\nYZ12bHoBrHzgWvhKT3aFTa9JPrimry1Ycc3b/bsOtst/RCZoLkWisg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mvh832crygenu5tu5njtraraet656rzwnawuasjggvs999dc9ueqj9qclw", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRMkpsd3BQaWVnWk1malFz\nMGFCYlhRRDNlZ3V5U3FkQjZETk5NZDhhUVVFCnk5TnlHVHdHMjVCL1pKRTVpT0U1\nTDhNS2MyRlNOS3BPRVMvb1k0a1NHWUEKLS0tIGVzRzRIOEF1cDQ0eDRhOEtnOXFy\ndXpEWjBZWXhHbzVBdC9RWHR1WlRwcjgKtEFv/8FUGlO6Xc+dxAJxdYV7U5AvW0i1\n/z7Hel0tVqq5hTyZYwYWBm0/tj1bCPIhPisxu+6Eb1T4WuPGeylCpA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1teasctdpkatekpsa47q58d3ugwyyqcuj5v9udtusk7ca9sfv694sw057a5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTUFBDY3lkTC9rajdYLzhO\ncldBNnVDNldBcGcya2dNNGZoVW5uNW1IOXl3CmU5MXZ3YUtwVDFyL2lTbCtHaytn\nUGYrYnVQOFU2YWlsejBZQ0hlZlNCK0UKLS0tIGRrRmlFbkJWMnRRZ2o5V28vSDV4\nSU9hNU1tdFJza2FqdjY1T0RCdHkxWFUKVRBnS2OCCfNko5E0qn1Iu28FKQJlR7oV\npP6k1npvtsCGMej37WANxoQt/zu0DM725nqYtxSnSzW73+3t6BbnXA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-06-05T19:47:28Z", + "mac": "ENC[AES256_GCM,data:WRl6YpdJnJDGMnW2K09259uK3viVuVW2A2RaLs/NF3mVFIs+tTwUyQl5CN0b+9ajv28zjolrlzlKLR3eGsEtOmWXz/edrsOjjAif0k6G4mHdfYYgFbrSDo6zPZ1WGxMBFXY1UEnfW9QrObZnrQuCJu6NzsAsSXdxrCrkcVc82TY=,iv:OK8aZIgDI7mXcCtV8IqUca2kn3wtGd7K2xdJTL3ADEo=,tag:bCGVhQCotE5YbBY35Z5J9Q==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.7.3" + } +}
\ No newline at end of file diff --git a/tnet/keys/wg-knot-kv24ix.pub b/tnet/keys/wg-knot-kv24ix.pub new file mode 100644 index 0000000..6a2c4a5 --- /dev/null +++ b/tnet/keys/wg-knot-kv24ix.pub @@ -0,0 +1 @@ +eF8DIAyneOlhEzyriFB528IUsnYqy/b5398i0SW06g4=
\ No newline at end of file diff --git a/tnet/keys/wg-knot-kv24ix.sops.key b/tnet/keys/wg-knot-kv24ix.sops.key new file mode 100644 index 0000000..d016498 --- /dev/null +++ b/tnet/keys/wg-knot-kv24ix.sops.key @@ -0,0 +1,28 @@ +{ + "data": "ENC[AES256_GCM,data:VxjIdJCQwGls2p5Jf+fzAbddlloSO0aE9O/4+Ppnt2bAOupWeJoJXyjVRrk=,iv:WCsLtYlHuMl7r5eiMSEG53QC+fhRavBcFsWX7m8AyJY=,tag:xHiF4qexD870jV8L+cMVxw==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age13wv3rp0varlg4nvt3tca48fq8u9q3mc6yfdekjeapcmc7kaq4dysrzcmv3", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsdFVDc0JuRVBJTHRYbDRr\ncWtmb2FiTVNWeHNBQ01SNXRsY0hvbHBYT3hJClRmREVMTWJBRWFFSWcxN3k3Zjh3\nWjZrU1B6N1IzVTBremxKVUlsU1piazgKLS0tIE0weXNvRUVoWHdzdEdNZFlmMFgy\nLzNBQWlBM3lrVWFnSlVXa09DNGwyaDAKK47W4d9/T8oDStAWosS7/hcLY1mbem2I\nqS0ucoZ4TMks89i0VjACQb3JQhPu0y+AYgcQPReubIJ4Dzmor1jBqA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mvh832crygenu5tu5njtraraet656rzwnawuasjggvs999dc9ueqj9qclw", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjVXMrY0FheHdNOGxpbCtl\nVmtjMmlsTnlsejFhSnFtMjNTNTJZMWcwRW4wCmVVTnVDRGxxQVNiMGRuVVh4aWVh\nc2ZCUTFpT3hFMGZ2MTRaM2htU1NES3cKLS0tIHhRdDQybjRzclVDUXZVb2s5dWRG\naXVBTWN2Ri9pRVZGWkprYmI5WHNoYTgKX0m8jpah18hOXoADUmkFGJLJOubfIeF2\nmF1Zrn4X5oBbdx2btsS+hF87v0kAfud0PxAJ88RKLaaTKH1m8mWmUw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1teasctdpkatekpsa47q58d3ugwyyqcuj5v9udtusk7ca9sfv694sw057a5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSY1NrR3JaVjVQTDdRMmZY\nTXhMR0hyVk1SY3MxS3RVYjN4S0ZFNTliMlhRCjkwSmN0ZUZTc2JkK2JEQTk0cmVl\nb3NtUmVQSnB4anFkd3MyMzJEcnlEVEEKLS0tIGRFdDBJcDVvN1VYQ3VLck9MSndO\nNFFUbUhGVmJyK2w1MVlUMkI0eUtxc2MKshnjp8+4hmsMb2PWyRkm0qCSEwAsTDsJ\ndkg3+OcYgQbAgWClduqixOperyrFXq56em9Zqzp4U6PtsiOAXdJb0w==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-06-05T19:47:31Z", + "mac": "ENC[AES256_GCM,data:8EU4lmMji15AiqgWq3lcO0BFsJLTNag6mYnhzif2PgW3wdSOdS0h2LUuK6xmJT6shoxWesZJAJr52t1ZmbBkg/m3bLGmKqO1Sn/NwvCkMbusJQ3UT4eqjgFPXPHr/ANGdbjweqXiSRMUxv4VPFBBdC5q4B1yuLOxW2jrfW+4GqY=,iv:nsm4PtyVYvmSmBOFh3FEsEKrDIKA4DZly6oKWp2qD8U=,tag:GfM/qNtyJHCXWNV4L9ijjg==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.7.3" + } +}
\ No newline at end of file diff --git a/tnet/keys/wg-knot-lhn2ix.pub b/tnet/keys/wg-knot-lhn2ix.pub new file mode 100644 index 0000000..aa9e6c3 --- /dev/null +++ b/tnet/keys/wg-knot-lhn2ix.pub @@ -0,0 +1 @@ +Up8+DhBlMp+/fpaxyGDQBnH/4tZnHojcAKZWCr5sSAk=
\ No newline at end of file diff --git a/tnet/keys/wg-knot-lhn2ix.sops.key b/tnet/keys/wg-knot-lhn2ix.sops.key new file mode 100644 index 0000000..b1e94ae --- /dev/null +++ b/tnet/keys/wg-knot-lhn2ix.sops.key @@ -0,0 +1,28 @@ +{ + "data": "ENC[AES256_GCM,data:urDBiYxF67OouS2m+Ic0UwCr3ixjgLa5qQ/erLi3KNwE5bpQzBIWm/qJ0vk=,iv:CIshvfp8SB/hJSOc2usNLbkF8fZxG+hBBIbAZ6E/8Go=,tag:yxp28B7we/TOO5LPfs6rCQ==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age13wv3rp0varlg4nvt3tca48fq8u9q3mc6yfdekjeapcmc7kaq4dysrzcmv3", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4b2dGUmxFRGpSWitNOE5M\nbG95Q2xXUC9BOHBCdEgyZkRsNFR5T3oySENvClV5cGlocEVUZFFHRkY4MmJ6eldw\nTTdybzgwTHFrQXZkMGQ4YURQYlNHN3cKLS0tIDY0OWRoRVJuRVZQaFVhVTNTOHUy\nd29XaU9BVXF1Qk5aWHpHdVhIQnJaZFUKv51CGt19sYjlxvjHlDxA8xMEWqUnZLt7\nSNPwYJmU/M+RnzC275mf6r3Oir9MyJ/lRKk+f+3E5KGUXfJ4uMUYVA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mvh832crygenu5tu5njtraraet656rzwnawuasjggvs999dc9ueqj9qclw", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4aG1MeC9DamQrYzJpZEhL\nK1NmNWtHLzFKSHRBdXdSM1pCV21XaFN0bEJFCnU5ZXNWSHA5U1Y4Znd5bjR1bVY0\nZGVDZUdZcnZIdG01Q05yUTNUbk1kQTQKLS0tIFVobGhWbyt4UU9DVU9TdWpWYzdC\nWjJjOFpRU1pnS1A1ZW4wSWJ6T094UEEKrZW1Xu2ksUKbVoEZ8jmGidqG1/KL/30h\nZcMyWksLEqsSjIgFNk2sijLm1SRu5b95aSRUdVwjz399XvGvOmOq8w==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1teasctdpkatekpsa47q58d3ugwyyqcuj5v9udtusk7ca9sfv694sw057a5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYZ1Zpc0xPaUlna1NpZStj\nTXJHUmh4am9OaG1LUEc3SFRiY3FuL3ZsQ2gwCnQySVhQMFROZWU2Z0VyRmJvejRv\nTEtTRlBveUNJcXZQbHJQeER0N3dxT1EKLS0tIGVsWk8xeENkTEljbTVZcHl0c3Bi\nTXNQeW9UUGxaS21iTDluVno1cGpmLzAKqj/RqwN1wMV6w5jze7XN+eyJRFl5PgcV\n0Sjgvafd4ZLo0Z68eWiZhlFJjinZZRhRCeJkWoiyDF5OAYued4vgdQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-06-05T19:47:30Z", + "mac": "ENC[AES256_GCM,data:nIAGqjXRHc2+uetcePOujQ4ozRaWUnNg2PiUdvYsqy2ZNrwVNv1Ztg2Kq+PHRSeS8lVNFFCfX5e4XM855Rtxc+h39pvY+di6SGNwmegw0nwr0kiiTRgAJQ/eDzYDRa3HysMDQ/+bGsMcVIyQSbO6NAkbXpgP8YhfLSCmXHBhXL8=,iv:W8IpX4COziuawD9bD41/O7cLkP+WEo69UH18/s/idhk=,tag:6OFdJaTA95u5hoxDYRnqMw==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.7.3" + } +}
\ No newline at end of file diff --git a/tnet/keys/wg-kv24ix-knot.pub b/tnet/keys/wg-kv24ix-knot.pub new file mode 100644 index 0000000..a284de0 --- /dev/null +++ b/tnet/keys/wg-kv24ix-knot.pub @@ -0,0 +1 @@ +NwSTfO3BMPW/td3XH3Gmdqp67AK342XpoBeytPvwFHE=
\ No newline at end of file diff --git a/tnet/keys/wg-kv24ix-knot.sops.key b/tnet/keys/wg-kv24ix-knot.sops.key new file mode 100644 index 0000000..be0f038 --- /dev/null +++ b/tnet/keys/wg-kv24ix-knot.sops.key @@ -0,0 +1,28 @@ +{ + "data": "ENC[AES256_GCM,data:4DNUBxKEICekLRDvs3lY01lg5jZzgXz8UODrnJdfKjeMfj0ga3mXrhnDd8g=,iv:gty+DdxQrrryx0ubslGhmbKdgIOhrPIvQPbljKnxGaU=,tag:s/DyEiQOuPD5f9ZR5Or/3A==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age13wv3rp0varlg4nvt3tca48fq8u9q3mc6yfdekjeapcmc7kaq4dysrzcmv3", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrRERlZEFTdnd4K3o3VjZr\neEpjeFZqU1VZRVJpeDBjczU1Y0FZMS9RdUdVCjJtVmx5YXNUUklYVWR2NktyMmtx\nT1BQVGNGY1VaRStIQ2RkZ0MwdE1YVE0KLS0tIEkrVDhpZFM2TGFaQlphanNXOXlV\nR1owNWtuTUh3cUNORzNESE1ZeWxPZ00KZgGhMQWRSWLxs4ckqZY7F2k9uOIO3yxm\nPIp/M7id+FWaDiIO3WbHxy3i5WJHZjGDc92gekXDmkHkqOElb/aSeA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mvh832crygenu5tu5njtraraet656rzwnawuasjggvs999dc9ueqj9qclw", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5d0FGNVR0djV6U3BCdWRC\ndFBid2xxYVpjdEpRR3NCcHBPN0o1TTRxNVRjCmQ0NmY0Wk9FYUxlNEhWQmNMalhO\nOTFPNVkyQnAyU2NtY0JsZTBtYks0QTQKLS0tIE0wTUtNOHVSM3NwcG42cGwxYnZV\nNE91M3lJWVkrbFRlOGQzTlArWmQ4cWMKJHQV7bB+X4iViLB6abufC0fSEAeffVYb\nbIdmT5At0cEQ8KC/6q0nzs/l9Slq2BuctZU9+ilBolX30WOU0X5E7Q==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1teasctdpkatekpsa47q58d3ugwyyqcuj5v9udtusk7ca9sfv694sw057a5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGWEU0QlRXN01nOUovV0U4\nUlA0cUllSTk3U0VRenp0LzRxQU45cU9HZVM0CmF2b2JWclg3cWFLWUswQlJ3SkxV\nQ0FQNTNJSjduekNZQVBPcWlBOHh0c1EKLS0tIGgxNkZLK0FQeFV1a0s0VkNRTzgv\nQys1MTA4Lzg3a0p3cDlXaGlNK3o5dm8K6evHsM38eJLrEwrxIFyhjZaStZ46K7eC\nabU1kSru8yi43sHCtvhAQIK6fiZsu2xpMV+3bPHJvWuzLL3M1enh4A==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-06-05T19:47:27Z", + "mac": "ENC[AES256_GCM,data:XrcylVlNHLGdsnTMBIDKO8WXX6ztkyPT3Nv9WeR2Oz7J1m5AZlO/q4NXzC+hxqau/Vm86xn1Ll5dURr8/s6sVK8osWNzCGXxDH6hwIpZ6phScWI7QYSmvcZ3qNNZPntRFhlCyGIk/Wq6hqJ/kDPUR8FF7nDA21Kxtgscyjm3vv8=,iv:KRuTisD2tK1qUP1bwCul5iLOsfhI+duPK+9w7xn784g=,tag:OmSv1HOpV4wgH97CaRfeZg==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.7.3" + } +}
\ No newline at end of file diff --git a/tnet/keys/wg-lhn2ix-knot.pub b/tnet/keys/wg-lhn2ix-knot.pub new file mode 100644 index 0000000..951ddac --- /dev/null +++ b/tnet/keys/wg-lhn2ix-knot.pub @@ -0,0 +1 @@ +0sz6r24KNFm8s/9Io6Ka+aUQ4h3iGI1qy/1dwmKnOVw=
\ No newline at end of file diff --git a/tnet/keys/wg-lhn2ix-knot.sops.key b/tnet/keys/wg-lhn2ix-knot.sops.key new file mode 100644 index 0000000..6ea2be8 --- /dev/null +++ b/tnet/keys/wg-lhn2ix-knot.sops.key @@ -0,0 +1,28 @@ +{ + "data": "ENC[AES256_GCM,data:crqcXEK5kZj4YBUwAFtt/q+bYsFyb+FW4/zEJ8j5BQ2+xvK4cZ2mtTol8Mc=,iv:xO8oqi+yFcE4+FDooEsJpzqACSHvcQhNBlM++Ck27PE=,tag:WwGXdriikzCSQ00vwJVuCw==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age13wv3rp0varlg4nvt3tca48fq8u9q3mc6yfdekjeapcmc7kaq4dysrzcmv3", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByWkxHR2QyOXM2Q25NYjBa\nRTlMTHh0d010ZUlHUjJBcVNucFR2VUVFUjJJCmVxQkMzVmdHZXZ6OVV6bWo1Nytp\nenpzTXFYbjVRcXFCOC93VHFhT3ZHTk0KLS0tIG5hZEFyUE9jV0IrR25td1BWeUxE\ncDJ4ZUhEMHdqRGkzeE5RTk5ncFRjVmsKmZJND7ylqLsjaewSUHGcHe6IJi6rNzui\nj3fUgF/brRzmYEGS2Rvd8EAhKHCpCS5+qSvHvEp5bvAxBV7aq3Mh5A==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1mvh832crygenu5tu5njtraraet656rzwnawuasjggvs999dc9ueqj9qclw", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmRnUzNTlQK1BveUdtZFVw\nYSs4TkcyemZ6eTlzNDdhTlJwYjA2ZzBTc2lVCnoweVcyWWZEaUV0UmxBY1k3Tll2\nNXVPQjZnV2tsQjh1Z29ubUEwSUR2WGMKLS0tIGpDSWt2dWxiWjZ3NUtPTEhDWUkw\nK0MxSXJrU3EzVUpLYU9yVWV2Wld5Tm8KaRrV7MfKe/1LedQc87ofKqxeg7Hs04mh\n/7Auhl38u4vQCtJOHUUmOtBSgHpaVRjtUlE6Ol+2D/rStY5iVPsFiw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1teasctdpkatekpsa47q58d3ugwyyqcuj5v9udtusk7ca9sfv694sw057a5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqRmVBaGY5K3RFbXVRRitO\nYXFudllvdDcra293bVhkd2IybWxWZjNXVmp3CmF2d2RJYkVadEFodFFBUTE4SVYw\nSnpEVFVvSVEvakZJOGl6eTJxYUxFblkKLS0tIDVXUWo5SEFVUDJ2dmFNdXVsN2dF\nZmYweXNXTXFBOXphUkxKZGk0TTdKeUEKAmjd41phXBPVOgUbM+JaTluO8P+dNGOX\nqjN5bEoRCrl1epNpbtFUXYk9+Iec+S5kJwHVpXEomMyaCK5ECOItzw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-06-05T19:47:27Z", + "mac": "ENC[AES256_GCM,data:2kYeUfjzMAkDmzkK+lrghCX9z2UgfXo4oUaPOs+TFhzXMszJbio/mMhc2aQ1IhEKodp4XV0c17vyrluvD/kXd5qQe2tUae638PC4irAUdNMwHnXUVWPfnvKYxK9YLXJIawO53i4aeGZjyjz+9+Dc56Dde6X2J5jPG1z6AEo1XZg=,iv:ZwykExxOoG1zhIwKz+okw18P4G0+E/m3n93Lfc6RMos=,tag:mgiZBii8LdU3NAVA+W6Wrw==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.7.3" + } +}
\ No newline at end of file diff --git a/tnet/wg-keys-genkey.yml b/tnet/wg-keys-genkey.yml new file mode 100644 index 0000000..fe0e976 --- /dev/null +++ b/tnet/wg-keys-genkey.yml @@ -0,0 +1,26 @@ +- set_fact: + priv: "{{ lookup('community.sops.sops', 'keys/wg-{{ inventory_hostname }}-{{ item.key }}.sops.key', empty_on_not_exist=true) }}" +- when: priv == "" + block: + - name: wg genkey + shell: wg genkey + register: new_priv + + - name: wg pubkey + shell: + cmd: wg pubkey + stdin: "{{ new_priv.stdout }}" + register: new_pub + + - debug: + msg: "{{ new_pub.stdout }}" + + - name: Save Wireguard key + community.sops.sops_encrypt: + path: "keys/wg-{{ inventory_hostname }}-{{ item.key }}.sops.key" + content_text: "{{ new_priv.stdout }}" + + - name: Save Wireguard public key + copy: + dest: "keys/wg-{{ inventory_hostname }}-{{ item.key }}.pub" + content: "{{ new_pub.stdout }}" diff --git a/tnet/wg-keys.yml b/tnet/wg-keys.yml new file mode 100644 index 0000000..0d0fd23 --- /dev/null +++ b/tnet/wg-keys.yml @@ -0,0 +1,13 @@ +--- +- name: Generate Wireguard keys + hosts: tnet + connection: local + gather_facts: False + tasks: +# - debug: +# msg: | +# ansible_host={{ ansible_host }} +# inventory_hostname={{ inventory_hostname }} + - name: Create Wireguard keys + loop: "{{ tnet_links|default([])|dict2items }}" + include_tasks: wg-keys-genkey.yml diff --git a/tnet/wg-links-link.yml b/tnet/wg-links-link.yml new file mode 100644 index 0000000..4b8729f --- /dev/null +++ b/tnet/wg-links-link.yml @@ -0,0 +1,41 @@ +- name: "Make netdev for {{ inventory_hostname }} -> {{ item.key }}" +# notify: systemctl restart systemd-networkd + become: yes + copy: + dest: "/etc/systemd/network/50-tnet-{{ item.key }}.netdev" + owner: systemd-network + group: adm + mode: 0640 + content: | + [NetDev] + Name=tnet-{{ item.key }} + Kind=wireguard + Description=tnet link to {{ item.key }} + + [WireGuard] + PrivateKey={{ lookup('community.sops.sops', 'keys/wg-{{ inventory_hostname }}-{{ item.key }}.sops.key') }} + {% if item.value.port is defined %} + ListenPort={{ item.value.port }} + {% endif %} + + [WireGuardPeer] + PublicKey={{ lookup('file', 'keys/wg-{{ item.key }}-{{ inventory_hostname }}.pub') }} + AllowedIPs=::/0 + {% if item.value.remote is defined %} + Endpoint={{ item.value.remote }} + PersistentKeepalive=60 + {% endif %} + +- name: "Make network for {{ inventory_hostname }} -> {{ item.key }}" +# notify: systemctl restart systemd-networkd + become: yes + copy: + dest: "/etc/systemd/network/50-tnet-{{ item.key }}.network" + owner: systemd-network + group: adm + content: | + [Match] + Name=tnet-{{ item.key }} + + [Network] + Address={{ item.value.address }}/127 diff --git a/tnet/wg-links.yml b/tnet/wg-links.yml new file mode 100644 index 0000000..8c8b83f --- /dev/null +++ b/tnet/wg-links.yml @@ -0,0 +1,11 @@ +- name: Install Wireguard links + hosts: tnet + tasks: + - loop: "{{ tnet_links|default([])|dict2items }}" + include_tasks: wg-links-link.yml + +#- name: systemctl restart systemd-networkd +# become: yes +# systemd: +# name: systemd-networkd +# state: restarted |