services/homelab
1
1
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity

organize folders and MVP wireguard mesh

Browse Source
This commit is contained in:
Reese Wells
2024-06-22 13:07:39 -04:00
parent 45c58aeba7
commit 44e484f22e
42 changed files with 243 additions and 708 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
README.md
View File

@@ -1,17 +1,19 @@
# Containers
# Homelab
A project to store container-based hosting stuff.
A project to store homelab stuff.
## Table of Contents
- [Containers](#containers)
- [Homelab](#homelab)
- [Table of Contents](#table-of-contents)
- [Platform](#platform)
- [Platforms](#platforms)
- [Reverse Proxy](#reverse-proxy)
- [Storage](#storage)
- [Components](#components)
- [CoreDNS](#coredns)
- [Metal LB](#metal-lb)
- [Nginx Ingress](#nginx-ingress)
- [Storage](#storage)
- [Storage](#storage-1)
- [Apps](#apps)
- [Dashboard](#dashboard)
- [Nextcloud](#nextcloud)
@@ -52,10 +54,19 @@ A project to store container-based hosting stuff.
- [Help](#help)
- [Troubleshooting](#troubleshooting)
## Platform
## Platforms
Before you being be sure to take a look at the [Fedora Server Config](FedoraServer.md) readme
which explains how to set up a basic fedora server hosting platform with certbot.
### Reverse Proxy
We will use a reverse proxy / load balancer as our single point of entry for all services.
This helps control inbound and outbound traffic and TLS certificate termination. This will
be installed on bare metal machine(s) via ansible to ensure max performance and ipv6 compatibility.
Each machine that acts as a reverse proxy will add its public ipv4 and ipv6 address(es) to
the public domains used for external and internal access (*.reeseapps.com).
### Storage
All servers will use ISCSI
## Components

4
ansible/inventory.yaml
View File

@@ -26,3 +26,7 @@ hardware:
hass:
hosts:
homeassistant:
truenas:
hosts:
driveripper:

0
certsigner.yaml → certmanager/certsigner.yaml
View File

0
letsencrypt-issuer.yaml → certmanager/letsencrypt-issuer.yaml
View File

0
coredns-values.yaml → coredns/coredns-values.yaml
View File

0
generic-nfs-enc1.yaml → democratic-csi/generic-nfs-enc1.yaml
View File

0
truenas-iscsi-enc0.yaml → democratic-csi/truenas-iscsi-enc0.yaml
View File

0
truenas-iscsi-enc1.yaml → democratic-csi/truenas-iscsi-enc1.yaml
View File

0
truenas-nfs-enc1.yaml → democratic-csi/truenas-nfs-enc1.yaml
View File

0
gitea-staging-values.yaml → gitea/gitea-staging-values.yaml
View File

0
gitea-values.yaml → gitea/gitea-values.yaml
View File

12
hass_trackers/README.md
View File

@@ -1,12 +0,0 @@
# HASS Trackers Ansible
## Installation
You'll need to ssh into home assistant and run `apk add python3`
Check vars.yaml to edit your trackers.
```bash
ansible-playbook -i ansible/inventory.yaml hass_trackers/install_trackers.yaml
ansible-playbook -i ansible/inventory.yaml hass_trackers/create_dashboards.yaml
```

300
hass_trackers/dashboard.yaml
View File

@@ -1,300 +0,0 @@
type: grid
square: false
columns: 1
cards:
- type: markdown
content: >
{% set trackers = [
{
"counter": states("counter.days_since_fridge_water_filter") | int,
"threshold": state_attr("binary_sensor.threshold_for_days_since_fridge_water_filter", "upper"),
"percent": (int(states("counter.days_since_fridge_water_filter")) / state_attr("binary_sensor.threshold_for_days_since_fridge_water_filter", "upper")),
"name": "Fridge Water Filter Replaced"
},
{
"counter": states("counter.days_since_litter_boxes_cleaned") | int,
"threshold": state_attr("binary_sensor.threshold_for_days_since_litter_boxes_cleaned", "upper"),
"percent": (int(states("counter.days_since_litter_boxes_cleaned")) / state_attr("binary_sensor.threshold_for_days_since_litter_boxes_cleaned", "upper")),
"name": "Litter Boxes Cleaned"
},
{
"counter": states("counter.days_since_cat_water_fountain_cleaned") | int,
"threshold": state_attr("binary_sensor.threshold_for_days_since_cat_water_fountain_cleaned", "upper"),
"percent": (int(states("counter.days_since_cat_water_fountain_cleaned")) / state_attr("binary_sensor.threshold_for_days_since_cat_water_fountain_cleaned", "upper")),
"name": "Cat Water Fountain Cleaned"
},
{
"counter": states("counter.days_since_kitchen_cleaned") | int,
"threshold": state_attr("binary_sensor.threshold_for_days_since_kitchen_cleaned", "upper"),
"percent": (int(states("counter.days_since_kitchen_cleaned")) / state_attr("binary_sensor.threshold_for_days_since_kitchen_cleaned", "upper")),
"name": "Kitchen Cleaned"
},
{
"counter": states("counter.days_since_kitchen_counters_cleaned") | int,
"threshold": state_attr("binary_sensor.threshold_for_days_since_kitchen_counters_cleaned", "upper"),
"percent": (int(states("counter.days_since_kitchen_counters_cleaned")) / state_attr("binary_sensor.threshold_for_days_since_kitchen_counters_cleaned", "upper")),
"name": "Kitchen Counters Cleaned"
},
{
"counter": states("counter.days_since_living_room_cleaned") | int,
"threshold": state_attr("binary_sensor.threshold_for_days_since_living_room_cleaned", "upper"),
"percent": (int(states("counter.days_since_living_room_cleaned")) / state_attr("binary_sensor.threshold_for_days_since_living_room_cleaned", "upper")),
"name": "Living Room Cleaned"
},
{
"counter": states("counter.days_since_upstairs_vacuumed") | int,
"threshold": state_attr("binary_sensor.threshold_for_days_since_upstairs_vacuumed", "upper"),
"percent": (int(states("counter.days_since_upstairs_vacuumed")) / state_attr("binary_sensor.threshold_for_days_since_upstairs_vacuumed", "upper")),
"name": "Upstairs Vacuumed"
},
{
"counter": states("counter.days_since_bathroom_counters_cleaned") | int,
"threshold": state_attr("binary_sensor.threshold_for_days_since_bathroom_counters_cleaned", "upper"),
"percent": (int(states("counter.days_since_bathroom_counters_cleaned")) / state_attr("binary_sensor.threshold_for_days_since_bathroom_counters_cleaned", "upper")),
"name": "Bathroom Counters Cleaned"
},
{
"counter": states("counter.days_since_bedroom_vacuumed") | int,
"threshold": state_attr("binary_sensor.threshold_for_days_since_bedroom_vacuumed", "upper"),
"percent": (int(states("counter.days_since_bedroom_vacuumed")) / state_attr("binary_sensor.threshold_for_days_since_bedroom_vacuumed", "upper")),
"name": "Bedroom Vacuumed"
},
{
"counter": states("counter.days_since_toilets_cleaned") | int,
"threshold": state_attr("binary_sensor.threshold_for_days_since_toilets_cleaned", "upper"),
"percent": (int(states("counter.days_since_toilets_cleaned")) / state_attr("binary_sensor.threshold_for_days_since_toilets_cleaned", "upper")),
"name": "Toilets Cleaned"
},
]%}
{% for tracker in (trackers | sort(reverse=true, attribute='percent')) %}
{% set days_left = ((tracker.threshold - tracker.counter) | int | string) %}
{% set message = tracker.name + " completed " + tracker.counter | string + " days ago. Due again in " + days_left + " days." %}
{% if tracker.percent > 1 %}
<ha-alert alert-type="error">{{ message }}</ha-alert>
{% elif tracker.percent > 0.8 %}
<ha-alert alert-type="warning">{{ message }}</ha-alert>
{% else %}
<ha-alert alert-type="success">{{ message }}</ha-alert>
{% endif %}
{% endfor %}
- type: grid
square: false
columns: 2
title: Days Since Fridge Water Filter Replaced
cards:
- type: button
name: Reset
entity: input_button.reset_days_since_fridge_water_filter
tap_action:
action: toggle
- type: button
entity: input_button.undo_reset_days_since_fridge_water_filter
name: Undo
tap_action:
action: toggle
- type: entity
entity: counter.days_since_fridge_water_filter
name: Days Since
- type: entity
entity: counter.last_non_zero_days_since_fridge_water_filter
name: Last Non-Zero
- type: grid
square: false
columns: 2
title: Days Since Litter Boxes Cleaned
cards:
- type: button
name: Reset
entity: input_button.reset_days_since_litter_boxes_cleaned
tap_action:
action: toggle
- type: button
entity: input_button.undo_reset_days_since_litter_boxes_cleaned
name: Undo
tap_action:
action: toggle
- type: entity
entity: counter.days_since_litter_boxes_cleaned
name: Days Since
- type: entity
entity: counter.last_non_zero_days_since_litter_boxes_cleaned
name: Last Non-Zero
- type: grid
square: false
columns: 2
title: Days Since Cat Water Fountain Cleaned
cards:
- type: button
name: Reset
entity: input_button.reset_days_since_cat_water_fountain_cleaned
tap_action:
action: toggle
- type: button
entity: input_button.undo_reset_days_since_cat_water_fountain_cleaned
name: Undo
tap_action:
action: toggle
- type: entity
entity: counter.days_since_cat_water_fountain_cleaned
name: Days Since
- type: entity
entity: counter.last_non_zero_days_since_cat_water_fountain_cleaned
name: Last Non-Zero
- type: grid
square: false
columns: 2
title: Days Since Kitchen Cleaned
cards:
- type: button
name: Reset
entity: input_button.reset_days_since_kitchen_cleaned
tap_action:
action: toggle
- type: button
entity: input_button.undo_reset_days_since_kitchen_cleaned
name: Undo
tap_action:
action: toggle
- type: entity
entity: counter.days_since_kitchen_cleaned
name: Days Since
- type: entity
entity: counter.last_non_zero_days_since_kitchen_cleaned
name: Last Non-Zero
- type: grid
square: false
columns: 2
title: Days Since Kitchen Counters Cleaned
cards:
- type: button
name: Reset
entity: input_button.reset_days_since_kitchen_counters_cleaned
tap_action:
action: toggle
- type: button
entity: input_button.undo_reset_days_since_kitchen_counters_cleaned
name: Undo
tap_action:
action: toggle
- type: entity
entity: counter.days_since_kitchen_counters_cleaned
name: Days Since
- type: entity
entity: counter.last_non_zero_days_since_kitchen_counters_cleaned
name: Last Non-Zero
- type: grid
square: false
columns: 2
title: Days Since Living Room Cleaned
cards:
- type: button
name: Reset
entity: input_button.reset_days_since_living_room_cleaned
tap_action:
action: toggle
- type: button
entity: input_button.undo_reset_days_since_living_room_cleaned
name: Undo
tap_action:
action: toggle
- type: entity
entity: counter.days_since_living_room_cleaned
name: Days Since
- type: entity
entity: counter.last_non_zero_days_since_living_room_cleaned
name: Last Non-Zero
- type: grid
square: false
columns: 2
title: Days Since Upstairs Vacuumed
cards:
- type: button
name: Reset
entity: input_button.reset_days_since_upstairs_vacuumed
tap_action:
action: toggle
- type: button
entity: input_button.undo_reset_days_since_upstairs_vacuumed
name: Undo
tap_action:
action: toggle
- type: entity
entity: counter.days_since_upstairs_vacuumed
name: Days Since
- type: entity
entity: counter.last_non_zero_days_since_upstairs_vacuumed
name: Last Non-Zero
- type: grid
square: false
columns: 2
title: Days Since Bathroom Counters Cleaned
cards:
- type: button
name: Reset
entity: input_button.reset_days_since_bathroom_counters_cleaned
tap_action:
action: toggle
- type: button
entity: input_button.undo_reset_days_since_bathroom_counters_cleaned
name: Undo
tap_action:
action: toggle
- type: entity
entity: counter.days_since_bathroom_counters_cleaned
name: Days Since
- type: entity
entity: counter.last_non_zero_days_since_bathroom_counters_cleaned
name: Last Non-Zero
- type: grid
square: false
columns: 2
title: Days Since Bedroom Vacuumed
cards:
- type: button
name: Reset
entity: input_button.reset_days_since_bedroom_vacuumed
tap_action:
action: toggle
- type: button
entity: input_button.undo_reset_days_since_bedroom_vacuumed
name: Undo
tap_action:
action: toggle
- type: entity
entity: counter.days_since_bedroom_vacuumed
name: Days Since
- type: entity
entity: counter.last_non_zero_days_since_bedroom_vacuumed
name: Last Non-Zero
- type: grid
square: false
columns: 2
title: Days Since Toilets Cleaned
cards:
- type: button
name: Reset
entity: input_button.reset_days_since_toilets_cleaned
tap_action:
action: toggle
- type: button
entity: input_button.undo_reset_days_since_toilets_cleaned
name: Undo
tap_action:
action: toggle
- type: entity
entity: counter.days_since_toilets_cleaned
name: Days Since
- type: entity
entity: counter.last_non_zero_days_since_toilets_cleaned
name: Last Non-Zero

68
hass_trackers/install_trackers.yaml
View File

@@ -1,68 +0,0 @@
- name: Install HASS Trackers
hosts: hass
vars_files:
- vars.yaml
tasks:
- name: Create counters dir
ansible.builtin.file:
path: /root/config/counters
state: directory
mode: '0755'
- name: Create binary sensors dir
ansible.builtin.file:
path: /root/config/binary_sensors
state: directory
mode: '0755'
- name: Create input buttons dir
ansible.builtin.file:
path: /root/config/input_buttons
state: directory
mode: '0755'
- name: Create automations dir
ansible.builtin.file:
path: /root/config/automations
state: directory
mode: '0755'
- name: Template all counters
template:
src: templates/counter.yaml
dest: /root/config/counters/{{ item.id }}.yaml
owner: root
group: root
mode: '0644'
with_items: "{{ trackers }}"
- name: Template all thresholds
template:
src: templates/threshold.yaml
dest: /root/config/binary_sensors/{{ item.id }}.yaml
owner: root
group: root
mode: '0644'
with_items: "{{ trackers }}"
- name: Template all input buttons
template:
src: templates/input_button.yaml
dest: /root/config/input_buttons/{{ item.id }}.yaml
owner: root
group: root
mode: '0644'
with_items: "{{ trackers }}"
- name: Template all automations
template:
src: templates/automation.yaml
dest: /root/config/automations/{{ item.id }}.yaml
owner: root
group: root
mode: '0644'
with_items: "{{ trackers }}"
- name: Install HASS Trackers
hosts: localhost
vars_files:
- vars.yaml
tasks:
- name: Template Dashboard
template:
src: templates/dashboard.yaml
dest: "dashboard.yaml"

39
hass_trackers/markdown_dashboard.yaml
View File

@@ -1,39 +0,0 @@
{% set trackers = [
{
"counter": states("counter.days_since_fridge_water_filter") | int,
"threshold": state_attr("binary_sensor.threshold_for_days_since_fridge_water_filter", "upper"),
"percent": (int(states("counter.days_since_fridge_water_filter")) / state_attr("binary_sensor.threshold_for_days_since_fridge_water_filter", "upper")),
"name": "Fridge Water Filter Replaced"
},
{
"counter": states("counter.days_since_litter_boxes_cleaned") | int,
"threshold": state_attr("binary_sensor.threshold_for_days_since_litter_boxes_cleaned", "upper"),
"percent": (int(states("counter.days_since_litter_boxes_cleaned")) / state_attr("binary_sensor.threshold_for_days_since_litter_boxes_cleaned", "upper")),
"name": "Litter Boxes Cleaned"
},
{
"counter": states("counter.days_since_cat_water_fountain_cleaned") | int,
"threshold": state_attr("binary_sensor.threshold_for_days_since_cat_water_fountain_cleaned", "upper"),
"percent": (int(states("counter.days_since_cat_water_fountain_cleaned")) / state_attr("binary_sensor.threshold_for_days_since_cat_water_fountain_cleaned", "upper")),
"name": "Cat Water Fountain Cleaned"
},
{
"counter": states("counter.days_since_kitchen_cleaned") | int,
"threshold": state_attr("binary_sensor.threshold_for_days_since_kitchen_cleaned", "upper"),
"percent": (int(states("counter.days_since_kitchen_cleaned")) / state_attr("binary_sensor.threshold_for_days_since_kitchen_cleaned", "upper")),
"name": "Kitchen Cleaned"
},
]%}
{% for tracker in (trackers | sort(reverse=true, attribute='percent')) %}
{% set days_left = ((tracker.threshold - tracker.counter) | int | string) %}
{% set message = tracker.name + " completed " + tracker.counter | string + " days ago. Due again in " + days_left + " days." %}
{% if tracker.percent > 1 %}
<ha-alert alert-type="error">{{ message }}</ha-alert>
{% elif tracker.percent > 0.8 %}
<ha-alert alert-type="warning">{{ message }}</ha-alert>
{% else %}
<ha-alert alert-type="success">{{ message }}</ha-alert>
{% endif %}
{% endfor %}

88
hass_trackers/templates/automation.yaml
View File

@@ -1,88 +0,0 @@
- alias: 'Counter: Increment {{ item.id }}'
description: ''
trigger:
- platform: time
at: 00:00:00
condition: []
action:
- service: counter.increment
metadata: {}
data: {}
target:
entity_id: counter.days_since_{{ item.id }}
mode: single
- alias: 'Counter: Reset {{ item.id }}'
description: ''
trigger:
- platform: state
entity_id:
- input_button.reset_days_since_{{ item.id }}
condition: []
action:
- service: counter.reset
metadata: {}
data: {}
target:
entity_id: counter.days_since_{{ item.id }}
mode: single
- alias: 'Counter: Update last_non_zero_days_since_{{ item.id }}'
description: ''
trigger:
- platform: state
entity_id:
- counter.days_since_{{ item.id }}
condition:
- condition: numeric_state
entity_id: counter.days_since_{{ item.id }}
above: 0
action:
- service: counter.increment
metadata: {}
data: {}
target:
entity_id: counter.last_non_zero_days_since_{{ item.id }}
mode: single
- alias: 'Counter: Reset last_non_zero_days_since_{{ item.id }}'
description: ''
trigger:
- platform: numeric_state
entity_id:
- counter.days_since_{{ item.id }}
above: 0
below: 2
condition: []
action:
- service: counter.reset
metadata: {}
data: {}
target:
entity_id: counter.last_non_zero_days_since_{{ item.id }}
- service: counter.increment
metadata: {}
data: {}
target:
entity_id: counter.last_non_zero_days_since_{{ item.id }}
mode: single
- alias: 'Counter: Undo Reset {{ item.id }}'
description: ''
trigger:
- platform: state
entity_id:
- input_button.undo_reset_days_since_{{ item.id }}
condition:
- condition: numeric_state
entity_id: counter.days_since_{{ item.id }}
below: 1
action:
- service: counter.set_value
metadata: {}
data:
value: "{{ '{{' }} int(states('counter.last_non_zero_days_since_{{ item.id }}')) {{ '}}' }}"
target:
entity_id: counter.days_since_{{ item.id }}
- service: counter.decrement
metadata: {}
data: {}
target:
entity_id: counter.last_non_zero_days_since_{{ item.id }}
mode: single

12
hass_trackers/templates/counter.yaml
View File

@@ -1,12 +0,0 @@
days_since_{{ item.id }}:
name: Days Since {{ item.name }}
restore: true
initial: 0
step: 1
icon: {{ item.icon }}
last_non_zero_days_since_{{ item.id }}:
name: Last Non-Zero Days Since {{ item.name }}
restore: true
initial: 0
step: 1
icon: mdi:undo

54
hass_trackers/templates/dashboard.yaml
View File

@@ -1,54 +0,0 @@
type: grid
square: false
columns: 1
cards:
- type: markdown
content: >
{{ '{%' }} set trackers = [
{% for item in trackers -%}
{
"counter": states("counter.days_since_{{ item.id }}") | int,
"threshold": state_attr("binary_sensor.threshold_for_days_since_{{ item.id }}", "upper"),
"percent": (int(states("counter.days_since_{{ item.id }}")) / state_attr("binary_sensor.threshold_for_days_since_{{ item.id }}", "upper")),
"name": "{{ item.name }}"
},
{% endfor -%}
]{{ '%} ' }}
{% raw %}
{% for tracker in (trackers | sort(reverse=true, attribute='percent')) %}
{% set days_left = ((tracker.threshold - tracker.counter) | int | string) %}
{% set message = tracker.name + " completed " + tracker.counter | string + " days ago. Due again in " + days_left + " days." %}
{% if tracker.percent > 1 %}
<ha-alert alert-type="error">{{ message }}</ha-alert>
{% elif tracker.percent > 0.8 %}
<ha-alert alert-type="warning">{{ message }}</ha-alert>
{% else %}
<ha-alert alert-type="success">{{ message }}</ha-alert>
{% endif %}
{% endfor %}
{%- endraw %}
{% for item in trackers %}
- type: grid
square: false
columns: 2
title: Days Since {{ item.name }}
cards:
- type: button
name: Reset
entity: input_button.reset_days_since_{{ item.id }}
tap_action:
action: toggle
- type: button
entity: input_button.undo_reset_days_since_{{ item.id }}
name: Undo
tap_action:
action: toggle
- type: entity
entity: counter.days_since_{{ item.id }}
name: Days Since
- type: entity
entity: counter.last_non_zero_days_since_{{ item.id }}
name: Last Non-Zero
{% endfor %}

6
hass_trackers/templates/input_button.yaml
View File

@@ -1,6 +0,0 @@
reset_days_since_{{ item.id }}:
name: Reset {{ item.name }}
icon: {{ item.icon }}
undo_reset_days_since_{{ item.id }}:
name: Undo Reset {{ item.name }}
icon: mdi:undo

4
hass_trackers/templates/threshold.yaml
View File

@@ -1,4 +0,0 @@
- platform: threshold
entity_id: counter.days_since_{{ item.id }}
upper: {{ item.check_every }}
name: threshold_for_days_since_{{ item.id }}

41
hass_trackers/vars.yaml
View File

@@ -1,41 +0,0 @@
trackers:
- id: fridge_water_filter
name: Fridge Water Filter Replaced
check_every: 180
icon: mdi:fridge
- id: litter_boxes_cleaned
name: Litter Boxes Cleaned
check_every: 15
icon: mdi:cat
- id: cat_water_fountain_cleaned
name: Cat Water Fountain Cleaned
check_every: 7
icon: mdi:fountain
- id: kitchen_cleaned
name: Kitchen Cleaned
check_every: 7
icon: mdi:fridge
- id: kitchen_counters_cleaned
name: Kitchen Counters Cleaned
check_every: 7
icon: mdi:countertop
- id: living_room_cleaned
name: Living Room Cleaned
check_every: 7
icon: mdi:sofa
- id: upstairs_vacuumed
name: Upstairs Vacuumed
check_every: 14
icon: mdi:vacuum
- id: bathroom_counters_cleaned
name: Bathroom Counters Cleaned
check_every: 14
icon: mdi:bathtub
- id: bedroom_vacuumed
name: Bedroom Vacuumed
check_every: 14
icon: mdi:vacuum
- id: toilets_cleaned
name: Toilets Cleaned
check_every: 14
icon: mdi:toilet

0
home-assistant.md → home-assistant/README.md
View File

2
nodes/README.md → hosts/README.md
View File

@@ -1,5 +1,7 @@
# Kubernetes Node Ansible
Updates /etc/hosts on each kubernetes node with the correct IP for democratic-csi-server.reeselink.com
## Update Hosts
```bash

0
nodes/hosts → hosts/hosts
View File

0
nodes/update_hosts.yaml → hosts/update_hosts.yaml
View File

0
ingress-nginx-values.yaml → ingress-nginx/ingress-nginx-values.yaml
View File

0
FedoraServer.md → k3s/FedoraServer.md
View File

0
cluster-readonly.yaml → k3s/cluster-readonly.yaml
View File

0
clusterrole.yaml → k3s/clusterrole.yaml
View File

0
orange_yellow.md → k3s/orange_yellow.md
View File

0
scripts/removeuser.sh → k3s/scripts/removeuser.sh
View File

0
scripts/setup.sh → k3s/scripts/setup.sh
View File

0
scripts/upsertuser.sh → k3s/scripts/upsertuser.sh
View File

0
upgrade-plan.yaml → k3s/upgrade-plan.yaml
View File

0
metallb-addresspool.yaml → metallb/metallb-addresspool.yaml
View File

0
metallb-l2advertisement.yaml → metallb/metallb-l2advertisement.yaml
View File

77
wireguard/README.md
View File

@@ -0,0 +1,77 @@
# Wireguard
## Ansible
```bash
ansible-playbook -i ansible/inventory.yaml wireguard/keys.yaml
ansible-playbook -i ansible/inventory.yaml wireguard/wireguard.yaml
ansible-playbook -i ansible/inventory.yaml wireguard/peers.yaml
```
## CLI Setup
```bash
# Peer 1
wg genkey | tee /etc/wireguard/privatekey | wg pubkey > /etc/wireguard/publickey
ip link add dev wg0 type wireguard
ip address add dev wg0 10.10.10.1/24
wg set wg0 \
listen-port 51821 \
private-key /etc/wireguard/privatekey
wg set wg0 \
peer CQxNsdPgfzjvOszjn/UZHFdAY3k+D9J+vI8qKUjCYV0= \
allowed-ips '10.10.10.0/24' \
endpoint 10.1.200.253:51821
ip link set up dev wg0
touch /etc/wireguard/wg0.conf
wg-quick save wg0
# Peer 2
wg genkey | tee /etc/wireguard/privatekey | wg pubkey > /etc/wireguard/publickey
ip link add dev wg0 type wireguard
ip address add dev wg0 10.10.10.2/24
wg set wg0 \
listen-port 51821 \
private-key /etc/wireguard/privatekey \
peer kzbHUGzYk6Uyan/NFYY5mh3pxf2IX/WzWZtImeyp6Sw= \
allowed-ips '10.10.10.0/24' \
endpoint 10.1.203.197:51821
ip link set up dev wg0
touch /etc/wireguard/wg0.conf
wg-quick save wg0
# Peer 3
wg genkey | tee /etc/wireguard/privatekey | wg pubkey > /etc/wireguard/publickey
ip link add dev wg0 type wireguard
ip address add dev wg0 10.10.10.3/24
wg set wg0 \
listen-port 51821 \
private-key /etc/wireguard/privatekey \
peer kzbHUGzYk6Uyan/NFYY5mh3pxf2IX/WzWZtImeyp6Sw= \
allowed-ips '10.10.10.0/24' \
endpoint 10.1.203.197:51821
wg set wg0 \
peer 9/dBUlO9TGf0H9M3xwPiuIuz6Q/u7fSJVZaUxqAiqi8= \
allowed-ips '10.10.10.0/24' \
endpoint 10.1.2.10:51821
ip link set up dev wg0
touch /etc/wireguard/wg0.conf
wg-quick save wg0
# teardown
ip link delete wg0
```

38
wireguard/interface.yaml Normal file
View File

@@ -0,0 +1,38 @@
- name: Configure Wireguard Network Link
hosts:
- colors
- kubernetes
- localhost
- truenas
become: true
become_user: root
become_method: sudo
vars_files:
- vars.yaml
tasks:
- name: Delete wg0 link
shell: ip link del wg0
ignore_errors: yes
- name: Add wg0 link
shell: ip link add dev wg0 type wireguard
ignore_errors: yes
- name: Add wg0 addresses
shell: "ip address add dev wg0 {{ ip[inventory_hostname].address }}/64"
ignore_errors: yes
- name: wg set port/key
shell: >
wg set wg0
listen-port {{ wireguard.listen_port }}
private-key /etc/wireguard/privatekey
- name: Set link up
shell: ip link set up dev wg0
- name: Touch wg0.conf
ansible.builtin.file:
path: /etc/wireguard/wg0.conf
state: touch
- name: save wg config
shell: wg-quick save wg0
- name: Enable wg-quick@wg0
ansible.builtin.systemd_service:
name: wg-quick@wg0
enabled: true

26
wireguard/keys.yaml Normal file
View File

@@ -0,0 +1,26 @@
- name: Update nginx stream configuration
hosts:
- colors
- kubernetes
- localhost
become: true
become_user: root
become_method: sudo
tasks:
- name: Ensure wireguard directory exists
ansible.builtin.file:
path: /etc/wireguard
state: directory
mode: '0700'
- name: Check if privatekey exists
stat: path=/etc/wireguard/privatekey
register: key
- name: Generate pubkey and privatekey
shell: wg genkey | tee /etc/wireguard/privatekey | wg pubkey > /etc/wireguard/publickey
when: not key.stat.exists
- name: cat pubkey
command: cat /etc/wireguard/publickey
register: pubkey
- name: Print publickey to console
debug:
msg: "{{pubkey.stdout}}"

30
wireguard/peers.yaml Normal file
View File

@@ -0,0 +1,30 @@
- name: Add wireguard peers to each server
hosts:
- colors
- kubernetes
- localhost
- truenas
become: true
become_user: root
become_method: sudo
vars_files:
- vars.yaml
tasks:
- name: wg set peers
shell: >
wg set wg0
peer {{ item.public_key }}
allowed-ips '{{ ip[item.name].address }}'
{% if item.endpoint %}
endpoint '{{ item.endpoint }}'
{% endif %}
loop: "{{ peers }}"
- name: save wg config
shell: wg-quick save wg0
- name: Add IP address of all hosts to /etc/hosts
lineinfile:
dest: /etc/hosts
regexp: '.*{{ item.value.address }}$'
line: "{{ item.value.address }} {{ item.value.hostname }}"
state: present
loop: "{{ ip | dict2items }}"

47
wireguard/vars.yaml
View File

@@ -0,0 +1,47 @@
wireguard:
listen_port: 51821
allowed_ips: fd00:fd41:d0f1:1010::0/64
peers:
- name: yellow
public_key: kzbHUGzYk6Uyan/NFYY5mh3pxf2IX/WzWZtImeyp6Sw=
endpoint: yellow.reeselink.com:51821
- name: orange
public_key: CQxNsdPgfzjvOszjn/UZHFdAY3k+D9J+vI8qKUjCYV0=
endpoint: orange.reeselink.com:51821
- name: node1
public_key: 1K3CszRSSnUSWpgL7q57+LTgOEbIt8TonSK1gV/JnXE=
endpoint: node1.reeselink.com:51821
- name: node2
public_key: /7IGSgTEPh+lGYtkMUME2+0XlZEz1ILLd8J0oIxgnjA=
endpoint: node2.reeselink.com:51821
- name: node3
public_key: BwLY8W9nUCpF2xpLlvbkPkwQDV1Kqe+afCINXjEhQnY=
endpoint: node3.reeselink.com:51821
- name: driveripper
public_key: 9/dBUlO9TGf0H9M3xwPiuIuz6Q/u7fSJVZaUxqAiqi8=
endpoint: driveripper.reeselink.com:51821
- name: localhost
public_key: kZVVQ9gIoUb5Uo9DnlCduyLzuH7puc+hGQwvPRV4QQM=
endpoint: ""
ip:
yellow:
address: fd00:fd41:d0f1:1010::1
hostname: yellow
orange:
address: fd00:fd41:d0f1:1010::2
hostname: orange
node1:
address: fd00:fd41:d0f1:1010::3
hostname: node1
node2:
address: fd00:fd41:d0f1:1010::4
hostname: node2
node3:
address: fd00:fd41:d0f1:1010::5
hostname: node3
driveripper:
address: fd00:fd41:d0f1:1010::6
hostname: driveripper
localhost:
address: fd00:fd41:d0f1:1010::7
hostname: reesework

76
wireguard/wireguard.yaml
View File

@@ -1,76 +0,0 @@
- name: Update nginx stream configuration
hosts: colors
become: true
become_user: root
become_method: sudo
vars_files:
- vars.yaml
tasks:
- name: Remove http.d dir before repopulating
file:
path: /etc/nginx/http.d/
state: absent
- name: Remove stream.d dir before repopulating
file:
path: /etc/nginx/stream.d/
state: absent
- name: Create stream.d dir
ansible.builtin.file:
path: /etc/nginx/stream.d
state: directory
mode: '0755'
- name: Create http.d dir
ansible.builtin.file:
path: /etc/nginx/http.d
state: directory
mode: '0755'
- name: Copy nginx.conf
template:
src: nginx.conf
dest: /etc/nginx/nginx.conf
owner: root
group: root
mode: '0644'
- name: Copy .htpasswd
template:
src: ../secrets/.htpasswd
dest: /etc/nginx/.htpasswd
owner: nginx
group: nginx
mode: '0600'
- name: Copy stream configurations
template:
src: "{{ item }}"
dest: /etc/nginx/stream.d/{{ item | basename }}
owner: root
group: root
mode: '0644'
with_fileglob:
- stream.d/*
- name: Template all http configurations
template:
src: https.conf
dest: /etc/nginx/http.d/{{ item.external.domain }}.conf
owner: root
group: root
mode: '0644'
loop: "{{ http }}"
- name: Test nginx configuration
ansible.builtin.shell: /usr/sbin/nginx -t
- name: Stop nginx service
ansible.builtin.systemd_service:
state: stopped
name: nginx
- name: Remove old socket files
file:
path: /var/lib/nginx/tmp/nginx_http.sock
state: absent
- name: Remove old socket files
file:
path: /var/lib/nginx/tmp/nginx_https.sock
state: absent
- name: Reload nginx service
ansible.builtin.systemd_service:
state: started
name: nginx
enabled: true