corerouter: add tunnels option using tunspace

roles/cfg_openwrt/templates/common/config/network.j2

@@ -22,13 +22,14 @@ config interface 'loopback'
   {% set name = network['name'] if 'name' in network else network['role'] %}
   {% set port = ('switch0' if dsa_ports is defined else int_port) + '.' + network['vid']|string %}
   {% set bridge_name = 'br-' + name %}
-  {% set bridge_needed = name in wifi_networks or network.get('mesh_ap') == inventory_hostname or (role == 'corerouter' and 'tunnel_wan_ip' in network) %}
+  {% set bridge_needed = name in wifi_networks or network.get('mesh_ap') == inventory_hostname or (role == 'corerouter' and 'tunnel_wan_ip' in network) or (role == 'corerouter' and 'tunnels' in network) %}
   {% set port_needed = not (role == 'corerouter' and network.get('mesh_ap') == inventory_hostname) %}
 
   {%- if (role == 'corerouter' and network['role'] == 'mesh') or ('assignments' in network and inventory_hostname in network['assignments'])
      or name in wifi_networks
      or network.get('mesh_ap') == inventory_hostname
      or (role == 'corerouter' and 'tunnel_wan_ip' in network)
+     or (role == 'corerouter' and 'tunnels' in network)
      %}
 config interface '{{ name }}'
     {% if port_needed %}

roles/cfg_openwrt/templates/corerouter/config/babeld.j2

@@ -22,6 +22,22 @@ config filter
 
   {% endfor -%}
 
+  {% for network in networks | selectattr('role', 'equalto', 'uplink') %}
+		{% for tunnel in network['tunnels'] %}
+config interface
+	option 'ifname' '{{ tunnel['ifname'] }}'
+	option 'split_horizon' 'true'
+
+config filter
+	option 'type' 'in'
+	option 'if' '{{ tunnel['ifname'] }}'
+	option 'ip' '::/0'
+	option 'eq' '0'
+	option 'action' 'metric {{ tunnel['metric']|default(512) }}'
+
+		{% endfor %}
+  {% endfor %}
+
 config filter
 	option 'type'	'redistribute'
 	option 'ip'	'{{ ipv6_prefix }}'

roles/cfg_openwrt/templates/corerouter/config/olsrd.j2

@@ -71,3 +71,16 @@ config Hna4
 	option netaddr '{{ network['prefix'] | ansible.utils.ipaddr('network') }}'
   {% endif %}
 {% endfor %}
+
+{% for network in networks | selectattr('role', 'equalto', 'uplink') %}
+	{% for tunnel in network['tunnels'] %}
+config Interface
+	option interface '{{ tunnel['ifname'] }}'
+	option Mode 'ether'
+		{% for lqm in network['mesh_metric_lqm']|default([]) %}
+	list LinkQualityMult '{{ lqm }}'
+		{% endfor %}
+	option ignore 0
+
+	{% endfor %}
+{% endfor %}

roles/cfg_openwrt/templates/corerouter/config/tunspace.j2

@@ -0,0 +1,31 @@
+#jinja2: trim_blocks: "true", lstrip_blocks: "true"
+{% for network in networks | selectattr('tunnels', 'defined') %}
+  {% set name = network['name'] if 'name' in network else network['role'] %}
+  {% set bridge_name = 'br-' + name %}
+
+config tunspace "tunspace"
+  option uplink_netns "{{ name }}"
+  option uplink_ifname "{{ bridge_name }}"
+  option maintenance_interval 15
+
+  {% for tun in network['tunnels'] %}
+config wg-interface
+  option ifname "{{ tun['ifname'] }}"
+  option ipv6 "{{ tun['ipv6']|default('fe80::2/64') }}"
+  option ipv4 "{{ tun['ipv4'] }}"
+  option mtu {{ tun['mtu'] }}
+  option port {{ tun['port'] }}
+  option keyfile "/etc/tunspace/{{ tun['ifname'] }}.key"
+  option disabled 0
+
+  {% endfor %}
+
+  {% for gateway in groups['role_gateway'] %}
+config wg-server
+  option name "{{ gateway }}"
+  option url "https://{{ hostvars[gateway]['uplink']['ipv4'] | ansible.utils.ipaddr('address') }}/ubus"
+  option check_cert 0
+  option disabled 0
+
+  {% endfor %}
+{% endfor %}