Add a server at sn10 (#9)

* sn10 * deploy * deploy * image * clean * matt
nycmeshnet · Feb 15, 2025 · 6c15b26 · 6c15b26
1 parent 03e0e2b
commit 6c15b26
Show file tree

Hide file tree

Showing 9 changed files with 73 additions and 10 deletions.
diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml
@@ -24,7 +24,17 @@ jobs:
     uses: ./.github/workflows/deploy_environment.yaml
     with:
       environment: prod1
-      varfile: wireguard.yaml
+      varfile: wireguard_sn3.yaml
     secrets: inherit
     needs: deploy_dev3
     if: github.ref == 'refs/heads/master'
+
+  deploy_prod2:
+    name: Deploy prod2
+    uses: ./.github/workflows/deploy_environment.yaml
+    with:
+      environment: prod2
+      varfile: wireguard_sn10.yaml
+    secrets: inherit
+    needs: deploy_prod1
+    if: github.ref == 'refs/heads/master'
diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml
@@ -52,6 +52,14 @@ jobs:
       - name: Terraform format
         run: pip install -r requirements.txt
 
-      - name: Run tests
-        run: ansible-playbook tests.yaml
+      - name: Run tests dev3
+        run: ansible-playbook tests.yaml --extra-vars "env_file=dev.yaml expected_range=10.70.248.0/24 expected_default=10.70.248.1"
+        working-directory: ./ansible/
+
+      - name: Run tests prod2
+        run: ansible-playbook tests.yaml --extra-vars "env_file=wireguard_sn10.yaml expected_range=10.70.247.0/24 expected_default=10.70.247.1"
+        working-directory: ./ansible/
+
+      - name: Run tests prod1
+        run: ansible-playbook tests.yaml --extra-vars "env_file=wireguard_sn3.yaml expected_range=10.70.250.0/24 expected_default=10.70.250.1"
         working-directory: ./ansible/
diff --git a/README.md b/README.md
@@ -2,10 +2,15 @@
 
 ## Adding a config
 
+| Location  | Public IP | Allocated Range | Public Key |
+| ------------- | ------------- | ------------- | ------------- |
+| `SN3` | `199.170.132.43` | `10.70.250.0/24` | `HCYsMu1Wztk8ape2WP5HYiFZnNpn07guRNvKZw/e0mk=` |
+| `SN10` | `23.158.16.28` | `10.70.247.0/24` | `wFQXW68D0ePLU39A1yfuIRH7oyH3ZIfb424OczjI7Ak=` |
+
 ### Add a road warrior config
 
 1. Generate a public private keypair. `wg genkey | tee yourname_privatekey | wg pubkey > yourname_publickey`
-2. Add a new entry to [ansible/wireguard.yaml](./ansible/wireguard.yaml)
+2. Add a new entry to [ansible/wireguard_sn3.yaml](./ansible/wireguard_sn3.yaml)
 
 | Key  | Description | Restrictions |
 | ------------- | ------------- | ------------- |
@@ -25,7 +30,7 @@
 ## Add a remote hub config
 
 1. Generate a public private keypair. `wg genkey | tee nn000_privatekey | wg pubkey > nn000_publickey`
-2. Add a new entry to [ansible/wireguard.yaml](./ansible/wireguard.yaml)
+2. Add a new entry to [ansible/wireguard_sn3.yaml](./ansible/wireguard_sn3.yaml)
 
 | Key  | Description | Restrictions |
 | ------------- | ------------- | ------------- |

diff --git a/ansible/tests.yaml b/ansible/tests.yaml
@@ -1,8 +1,10 @@
 - name: Wireguard config tests
   hosts: 127.0.0.1
-  vars_files:
-    - wireguard.yaml
   tasks:
+    - name: Load variables
+      ansible.builtin.include_vars:
+        file: "{{ env_file }}"
+
     - name: Gather count of wireguard configs
       ansible.builtin.debug:
         msg: "{{ wireguard_configs | list | length }}"
@@ -54,7 +56,7 @@
         - name: INTERFACE_ADDRESS should be within the allocated space
           ansible.builtin.fail:
             msg: "INTERFACE_ADDRESS should be in the allocated space"
-          when: (wireguard_configs | map(attribute='INTERFACE_ADDRESS', default='10.70.250.1') | ansible.utils.reduce_on_network('10.70.250.0/24') | list | length | string) != wg_config_len.msg
+          when: (wireguard_configs | map(attribute='INTERFACE_ADDRESS', default=expected_default) | ansible.utils.reduce_on_network(expected_range) | list | length | string) != wg_config_len.msg
 
     - name: NEIGHBORS property
       block:
@@ -66,7 +68,7 @@
         - name: NEIGHBORS should be within the allocated space
           ansible.builtin.fail:
             msg: "When set for remote hubs NEIGHBORS should be in the allocated space"
-          when: (wireguard_configs | map(attribute='NEIGHBORS', default='10.70.250.1') | ansible.utils.reduce_on_network('10.70.250.0/24') | list | length | string) != wg_config_len.msg
+          when: (wireguard_configs | map(attribute='NEIGHBORS', default=expected_default) | ansible.utils.reduce_on_network(expected_range) | list | length | string) != wg_config_len.msg
 
     - name: TX_LENGTH property
       block:

diff --git a/ansible/wireguard_sn10.yaml b/ansible/wireguard_sn10.yaml
@@ -0,0 +1,21 @@
+wireguard_configs:
+    # For the super awesome remote hub NN592
+  - NAME: nn592
+    PORT: 51821
+    PEER_PUBLIC_KEY: sD3bVQglZfq2j82or48q+i0R0KdszUPZRkcz4rVqAk8=
+    INTERFACE_ADDRESS: "10.70.247.121/30"
+    NEIGHBORS: "10.70.247.122"
+    TX_LENGTH: 1420
+    COST: 99
+
+    # For James
+  - NAME: jameso
+    PORT: 51822
+    PEER_PUBLIC_KEY: nj5rB0CIL6JUXLvl+oqQXcav2qnr509FzpF30lF8mEY=
+    INTERFACE_ADDRESS: "10.70.247.0/31"
+
+    # For Matt
+  - NAME: matt
+    PORT: 51823
+    PEER_PUBLIC_KEY: JQ9/0Ll0oCsq1F5EHXomnoKiaSnvGX9b2RH4KfRq7Us=
+    INTERFACE_ADDRESS: "10.70.247.2/31"
diff --git a/ansible/wireguard.yaml → ansible/wireguard_sn3.yaml b/ansible/wireguard.yaml → ansible/wireguard_sn3.yaml
diff --git a/terraform/dev3.tfvars b/terraform/dev3.tfvars
@@ -1,6 +1,6 @@
 proxmox_node             = "jon"
 proxmox_storage_location = "local-lvm"
-hostname                 = "nycmesh-vpn-0"
+hostname                 = "nycmesh-713-vpn-0"
 vm_mgt_ip                = "10.70.90.180"
 vm_mgt_default_gateway   = "10.70.90.1"
 bird_networks            = "10.70.90.0/24;10.69.0.0/16;199.170.132.44/32;10.70.248.0/24"

diff --git a/terraform/prod2.tfvars b/terraform/prod2.tfvars
@@ -0,0 +1,11 @@
+proxmox_node             = "nycmesh-10-r630-01"
+proxmox_storage_location = "local-lvm"
+vm_nic                   = "vmbr1"
+hostname                 = "nycmesh-10-vpn-3"
+vm_mgt_ip                = "10.70.100.62"
+vm_mgt_default_gateway   = "10.70.100.1"
+bird_networks            = "10.70.100.0/24;10.69.0.0/16;23.158.16.28/32;10.70.247.0/24"
+bird_neighbors           = "10.69.0.10"
+wg_public_ip             = "23.158.16.28"
+wg_private_range         = "10.70.247.0/24"
+system_image             = "local:vztmpl/debian-12-standard_12.7-1_amd64.tar.zst"
diff --git a/test.sh b/test.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+set -e
+cd ansible/
+ansible-playbook tests.yaml --extra-vars "env_file=dev.yaml expected_range=10.70.248.0/24 expected_default=10.70.248.1"
+ansible-playbook tests.yaml --extra-vars "env_file=wireguard_sn10.yaml expected_range=10.70.247.0/24 expected_default=10.70.247.1"
+ansible-playbook tests.yaml --extra-vars "env_file=wireguard_sn3.yaml expected_range=10.70.250.0/24 expected_default=10.70.250.1"