wip

ffddorf · Aug 24, 2024 · b0c0767 · b0c0767
1 parent 2c872b9
commit b0c0767
Show file tree

Hide file tree

Showing 20 changed files with 239 additions and 157 deletions.
diff --git a/group_vars/all.yaml b/group_vars/all.yaml
@@ -18,3 +18,24 @@ gateway_ipv4_address: >-
       ansible.utils.ipaddr(client_ipv4_container) |
       first
   }}
+gateway_ipv6_address: >-
+  {{ client_bridge_interface.ip_addresses |
+      map(attribute='address') |
+      ansible.utils.ipv6 |
+      ansible.utils.ipaddr('public') |
+      first
+  }}
+
+wan_interface: "{{ interfaces | selectattr('name', 'equalto', 'eth0') | first }}"
+service_ipv4_address: >-
+  {{ wan_interface.ip_addresses |
+      map(attribute='address') |
+      ansible.utils.ipv4 |
+      ansible.utils.ipaddr('public') |
+      first
+  }}
+
+loopback_interface: "{{ interfaces | selectattr('name', 'equalto', 'lo') | first }}"
+service_ipv6_address: "{{ gateway_ipv6_address }}"
+
+domain_ipv6_subnet: "{{ gateway_ipv6_address | ipaddr('net') }}"
diff --git a/netbox_inventory.yml b/netbox_inventory.yml
@@ -2,8 +2,8 @@ plugin: netbox.netbox.nb_inventory
 api_endpoint: https://netbox.freifunk-duesseldorf.de/
 validate_certs: True
 config_context: True
-flatten_config_context: True
 interfaces: True
+fetch_all: False
 
 query_filters:
   - role: supernode-v2

diff --git a/roles/gateway/templates/client-bridge.network.j2 b/roles/gateway/templates/client-bridge.network.j2
@@ -5,7 +5,9 @@ Name=br0
 RequiredForOnline=no
 
 [Address]
-Address={{ gateway_ipv4_address }}
+{%- for addr in client_bridge_interface.ip_addresses %}
+Address={{ addr }}
+{%- endfor %}
 
 [Network]
 DHCPServer=yes
@@ -14,4 +16,5 @@ DHCPServer=yes
 PoolOffset=10
 PoolSize=64000
 EmitDNS=yes
+ServerAddress=10.12.255.254/16
 DNS={{ service_ipv4_address | ipaddr('address') }}
diff --git a/roles/gateway/templates/dnsmasq.conf.j2 b/roles/gateway/templates/dnsmasq.conf.j2
@@ -1,7 +1,7 @@
 interface=br0
 except-interface=lo
-listen-address={{ service_ipv4_address | ipaddr('address') }}
-listen-address={{ service_ipv6_address | ipaddr('address') }}
+listen-address={{ gateway_ipv4_address | ipaddr('address') }}
+listen-address={{ gateway_ipv6_address | ipaddr('address') }}
 bind-interfaces
 
 cache-size=10000

diff --git a/roles/kernel-full/tasks/main.yml b/roles/kernel-full/tasks/main.yml
@@ -1,4 +1,8 @@
 ---
+- name: Refresh package sources
+  apt:
+    update_cache: true
+
 - name: Ensure full kernel
   package:
     name: linux-image-amd64
@@ -12,3 +16,6 @@
       - linux-image-*-cloud-amd64
     state: absent
   notify: reboot
+
+- name: Flush handlers
+  meta: flush_handlers
diff --git a/roles/service-ip/templates/bird.conf.j2 b/roles/service-ip/templates/bird.conf.j2
@@ -1,5 +1,4 @@
-# TODO: use stable address
-router id {{ ansible_default_ipv4.address }};
+router id {{ service_ipv4_address }};
 
 log syslog all;
 
@@ -12,7 +11,7 @@ protocol static service_v4 {
 protocol static service_v6 {
   ipv6;
 
-  route {{ service_ipv6_address }} blackhole;
+  route {{ domain_ipv6_subnet }} blackhole;
 }
 
 define ffddorf_asn = 207871;
@@ -33,14 +32,14 @@ template bgp ffddorf {
 
 filter service {
   if net ~ {{ service_ipv4_address }} then accept;
-  if net ~ {{ service_ipv6_address }} then accept;
+  if net ~ {{ domain_ipv6_subnet }} then accept;
   reject;
 }
 
 {% for router in routers %}
 protocol bgp service_v4_{{ router.name | lower }} from ffddorf {
 	description "Service Address Announcement IPv4 to {{ router.name }}";
-	local {{ ansible_default_ipv4.address }};
+	local {{ service_ipv4_address }};
 	neighbor {{ router.bgp_peer_ipv4_address }} as ffddorf_asn;
 
 	ipv4 {

diff --git a/roles/service-ip/templates/service.network.j2 b/roles/service-ip/templates/service.network.j2
@@ -2,5 +2,6 @@
 Name=lo
 
 [Network]
-Address={{ service_ipv4_address }}
-Address={{ service_ipv6_address }}
+{%- for addr in loopback_interface.ip_addresses %}
+Address={{ addr }}
+{%- endfor %}
diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl
diff --git a/terraform/domains/dev.tfvars b/terraform/domains/dev.tfvars
@@ -0,0 +1,2 @@
+domain_name = "dev"
+domain_id   = 12
diff --git a/terraform/main.tf b/terraform/main.tf
@@ -1,16 +1,14 @@
-resource "null_resource" "test" {
-}
-
 module "supernode" {
   count = var.supernode_count
 
   source = "./modules/supernode"
 
   supernode_name = "${var.domain_name}-${count.index}"
 
-  prefix_ipv4_id          = data.netbox_prefix.primary_ipv4.id
-  prefix_ipv6_id          = netbox_available_prefix.domain_ipv6.id
-  loopback_prefix_ipv6_id = netbox_prefix.loopback_ipv6.id
+  public_ipv4_prefix_id = data.netbox_prefix.primary_ipv4.id
+  domain_ipv4_id        = netbox_prefix.domain_ipv4.id
+  domain_ipv6_id        = netbox_prefix.domain_ipv6.id
+  domain_vrf_id         = data.netbox_vrf.mesh.id
 
   vm_ssh_keys = local.ssh_keys
 }
diff --git a/terraform/modules/supernode/interfaces.tf b/terraform/modules/supernode/interfaces.tf
@@ -0,0 +1,26 @@
+resource "macaddress" "eth0" {}
+
+resource "netbox_interface" "eth0" {
+  virtual_machine_id = netbox_virtual_machine.supernode.id
+
+  name        = "eth0"
+  mac_address = macaddress.eth0.address
+
+  tags = toset(var.tags)
+}
+
+resource "netbox_interface" "lo" {
+  virtual_machine_id = netbox_virtual_machine.supernode.id
+  name               = "lo"
+
+  tags = toset(var.tags)
+}
+
+resource "netbox_interface" "br0" {
+  virtual_machine_id = netbox_virtual_machine.supernode.id
+
+  name        = "br0"
+  description = "client bridge"
+
+  tags = toset(var.tags)
+}
diff --git a/terraform/modules/supernode/management-ipv6.tf b/terraform/modules/supernode/management-ipv6.tf
@@ -3,7 +3,7 @@ data "netbox_prefix" "management_net" {
 }
 
 data "iphelpers_eui64_address" "supernode_management" {
-  mac_address = proxmox_vm_qemu.supernode.network[0].macaddr
+  mac_address = macaddress.eth0.address
   prefix      = trimsuffix(data.netbox_prefix.management_net.prefix, "/64")
 }
 

diff --git a/terraform/modules/supernode/primary-ipv4.tf b/terraform/modules/supernode/primary-ipv4.tf
@@ -2,7 +2,7 @@ resource "netbox_available_prefix" "primary_ipv4" {
   description = "Primary Address ${var.supernode_name}"
   status      = "active"
 
-  parent_prefix_id = var.prefix_ipv4_id
+  parent_prefix_id = var.public_ipv4_prefix_id
   prefix_length    = 32
 
   tags = toset(var.tags)
@@ -14,7 +14,23 @@ resource "netbox_available_ip_address" "primary_ipv4" {
   description = "Primary Address ${var.supernode_name}"
 
   prefix_id = netbox_available_prefix.primary_ipv4.id
-  // TODO: set interface_id
+
+  object_type  = "virtualization.vminterface"
+  interface_id = netbox_interface.eth0.id
+
+  tags = toset(var.tags)
+}
+
+resource "netbox_available_ip_address" "lan_ipv4" {
+  status = "active"
+
+  description = "LAN Address ${var.supernode_name}"
+
+  prefix_id = var.domain_ipv4_id
+  vrf_id    = var.domain_vrf_id
+
+  object_type  = "virtualization.vminterface"
+  interface_id = netbox_interface.br0.id
 
   tags = toset(var.tags)
 }
diff --git a/terraform/modules/supernode/primary-ipv6.tf b/terraform/modules/supernode/primary-ipv6.tf
@@ -1,20 +1,12 @@
-resource "netbox_available_prefix" "primary_ipv6" {
-  description = "Primary Address ${var.supernode_name}"
-  status      = "active"
-
-  parent_prefix_id = var.loopback_prefix_ipv6_id
-  prefix_length    = 128
-
-  tags = toset(var.tags)
-}
-
 resource "netbox_available_ip_address" "primary_ipv6" {
   status = "active"
 
   description = "Primary Address ${var.supernode_name}"
 
-  prefix_id = netbox_available_prefix.primary_ipv6.id
-  // TODO: set interface_id
+  prefix_id = var.domain_ipv6_id
+
+  object_type  = "virtualization.vminterface"
+  interface_id = netbox_interface.br0.id
 
   tags = toset(var.tags)
 }