current

group_vars/all/ips.yml

@@ -3,3 +3,7 @@ ips:
     ip: 172.23.48.1
     network: kita-pro-service-net
     subnet: 172.23.48.0/24
+-   host: kita-pro-vpn
+    ip: 172.23.48.2
+    network: kita-pro-service-net
+    subnet: 172.23.48.0/24

group_vars/all/networks.yml

@@ -1,5 +1,10 @@
 networks:
 
+  tg-net:
+    subnets:
+      - fd47:17e0:993c::/48
+      - 172.23/16
+
   kita-pro-net:
     parent: tg-net
     site: kita-pro
@@ -14,6 +19,13 @@ networks:
       - fd47:17e0:993c:30::/64
       - 172.23.48/24
 
+  testkita-net:
+    parent: tg-net
+    site: testkita
+    subnets:
+      - fd47:17e0:993c:31::/64
+      - 172.23.49/24
+
   kita-stjs-net:
     parent: tg-net
     site: kita-pro

group_vars/vpn_servers/netif.yml

@@ -0,0 +1,20 @@
+netif_primary: virt
+netifs_profile:
+  virt:
+    networks:
+      - kita-pro-service-net
+    type: virt_ptp
+    virt_host_netif: virt
+    dns_resolvers:
+      - fd47:17e0:993c:c2::c:1
+      - fd47:17e0:993c:c2::c:2
+      - fd47:17e0:993c:c2::c:3
+  vpn:
+    type: fastd
+    networks:
+      - kita-pro-service-net
+    fastd_port: 10060
+    fastd_peers: []
+    babeld:
+      redistribute_networks:
+        - tg-net

host_files/kita-pro-vdesk/root/.local/share/fish/fish_history

@@ -0,0 +1,2 @@
+- cmd: reboot
+  when: 1536583700

host_files/kita-pro-vpn/fastd/vpn/peer.conf

@@ -0,0 +1,5 @@
+key "c61a1701cf00cde38efcbd88d7b365f4d18c45290ffda6900677b18dcd3d0287";
+remote 172.23.48.2:10060;
+remote 51.68.177.5:10060;
+remote [fd47:17e0:993c:30:47:baff:fe21:28f9]:10060;
+float yes;

host_files/kita-pro-vpn/root/.local/share/fish/fish_history

@@ -0,0 +1,24 @@
+- cmd: top
+  when: 1536587819
+- cmd: cat /dev/urandom 
+  when: 1536587835
+- cmd: cat /dev/urandom 
+  when: 1536588003
+- cmd: cat /dev/urandom | base32
+  when: 1536588018
+  paths:
+    - /dev/urandom
+- cmd: cat /dev/urandom | base64
+  when: 1536588024
+  paths:
+    - /dev/urandom
+- cmd: ip a
+  when: 1536588206
+- cmd: cat /etc/network/interfaces
+  when: 1536588218
+  paths:
+    - /etc/network/interfaces
+- cmd: cat /etc/network/interfaces.d/virt 
+  when: 1536588220
+  paths:
+    - /etc/network/interfaces.d/virt

host_vars/kita-pro-vdesk/netif.yml

@@ -13,6 +13,8 @@ netifs:
             type: eui64
         -   ip: 172.23.48.1/24
             type: host
+        -   ip: 51.68.177.5/32
+            type: static
         ll6: fe80::47:aff:fed8:5484
         mac: 02:47:0a:d8:54:84
         networks:

host_vars/kita-pro-vpn/netif.yml

@@ -0,0 +1,49 @@
+ansible_host: fd47:17e0:993c:30:47:baff:fe21:28f9
+netifs:
+    virt:
+        device: enp1s3
+        dns_resolvers:
+        - fd47:17e0:993c:c2::c:1
+        - fd47:17e0:993c:c2::c:2
+        - fd47:17e0:993c:c2::c:3
+        eui64: 47:baff:fe21:28f9
+        id: 308065413369
+        ips:
+        -   ip: fd47:17e0:993c:30:47:baff:fe21:28f9/64
+            type: eui64
+        -   ip: 172.23.48.2/24
+            type: host
+        -   ip: 51.68.177.5/32
+            type: static
+        ll6: fe80::47:baff:fe21:28f9
+        mac: 02:47:ba:21:28:f9
+        networks:
+        - kita-pro-service-net
+        type: virt_ptp
+        virt_host_netif: virt
+        virt_pci_id: 0
+    vpn:
+        babeld:
+            redistribute_networks:
+            - tg-net
+        device: vpn
+        eui64: 47:cdff:fe01:ea1f
+        fastd_key: c61a1701cf00cde38efcbd88d7b365f4d18c45290ffda6900677b18dcd3d0287
+        fastd_peers: []
+        fastd_port: 10060
+        fastd_remote:
+        - 172.23.48.2:10060
+        - 51.68.177.5:10060
+        - '[fd47:17e0:993c:30:47:baff:fe21:28f9]:10060'
+        id: 308382132767
+        ips:
+        -   ip: fd47:17e0:993c:30:47:cdff:fe01:ea1f/64
+            type: eui64
+        -   ip: 172.23.48.2/24
+            type: host
+        ll6: fe80::47:cdff:fe01:ea1f
+        mac: 02:47:cd:01:ea:1f
+        networks:
+        - kita-pro-service-net
+        type: fastd
+ssh_ip: fd47:17e0:993c:30:47:baff:fe21:28f9

host_vars/kita-pro-vpn/ssh_host_key.yml

@@ -0,0 +1 @@
+ssh_host_key_ed25519_public: AAAAC3NzaC1lZDI1NTE5AAAAIJNs5NesENwxBenS5ErcgdKqDdqBOBT90t2GWBrIbyVq

host_vars/kita-pro-vpn/staging.yml

@@ -0,0 +1 @@
+stage: staging

host_vars/kita-pro-vpn/virt.yml

@@ -0,0 +1,19 @@
+filesystems:
+-   device: /dev/vda
+    fstype: ext4
+    keep: true
+    mount_point: /
+swap_devices:
+-   device: /dev/vdb
+    uuid: a5434f37-3986-5feb-9abc-f22f0a5ecb60
+virt_console: serial
+virt_disks:
+-   boot: true
+    name: root
+    size: 32G
+    type: qcow2
+-   name: swap
+    size: 2G
+    type: raw
+virt_host: tg-srv-0
+virt_uuid: 5adee200-b8c7-4e7d-bf71-d2381ec85fbb

inventory

@@ -3,3 +3,6 @@ tg-srv-0
 
 [vdesks]
 kita-pro-vdesk
+
+[vpn_servers]
+kita-pro-vpn

vpn_servers.yml

@@ -0,0 +1,36 @@
+---
+
+- hosts: vpn_servers
+  gather_facts: false
+  roles:
+    - name: staging
+      default_stage: provisioning
+
+- hosts: vpn_servers:&provisioning
+  remote_user: root
+  gather_facts: false
+  roles:
+    - role: netif
+    - role: virt_provision
+    - role: common
+    - name: staging
+      next_stage: staging
+
+- hosts: vpn_servers
+  remote_user: root
+  roles:
+    #- role: common
+    - role: network
+
+# - hosts: vpn_servers:&staging
+#   remote_user: root
+#   roles:
+#     - name: staging
+#       next_stage: production
+
+# - hosts: vpn_servers:&recycling
+#   remote_user: root
+#   gather_facts: false
+#   roles:
+#     - role: virt
+#       virt_state: absent