diff options
author | Christian Pointner <equinox@spreadspace.org> | 2022-11-20 23:30:14 +0100 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2022-11-20 23:30:14 +0100 |
commit | b6d36823effe31d9c12c927f5d05ddab8c7005c0 (patch) | |
tree | f20a721e510a85da81428b2f7d9f46ae51614b05 /inventory/host_vars/ch-pan.yml | |
parent | ch-mimas: external_ip (diff) | |
parent | add wireguard-based remote vpn connections to ch-(pan|mimas) (diff) |
Merge branch 'topic/wireguard-extern-vpn'
Diffstat (limited to 'inventory/host_vars/ch-pan.yml')
-rw-r--r-- | inventory/host_vars/ch-pan.yml | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/inventory/host_vars/ch-pan.yml b/inventory/host_vars/ch-pan.yml index 9f18ed93..5beabb31 100644 --- a/inventory/host_vars/ch-pan.yml +++ b/inventory/host_vars/ch-pan.yml @@ -41,6 +41,29 @@ sshd_allowusers_host: "{{ admin_users_host + ['dyndns'] }}" ntp_variant: systemd-timesyncd +wireguard_p2p_interface: + name: remote0 + description: connection to chaos-at-home internal services + listen_port: 51820 + addresses: + - "{{ network_zones.remote.prefix | ansible.utils.ipaddr(network_zones.remote.offsets[inventory_hostname]) }}" + static_routes: + - dest: "{{ network_zones.svc.prefix }}" + gw: "{{ network_zones.remote.prefix | ansible.utils.ipaddr(network_zones.remote.offsets['ch-router']) | ansible.utils.ipaddr('address') }}" + - dest: "{{ network_zones.lan.prefix | ansible.utils.ipaddr(network_zones.lan.offsets['ch-prometheus-legacy']) | ansible.utils.ipaddr('address') }}/32" + gw: "{{ network_zones.remote.prefix | ansible.utils.ipaddr(network_zones.remote.offsets['ch-router']) | ansible.utils.ipaddr('address') }}" + +wireguard_p2p_peers: + - pub_key: "9pUDet+les5aI9UnHHVgyw95hNBxlAX8DBCxTjigpEI=" + endpoint: + host: "{{ network_zones.magenta.prefix | ansible.utils.ipaddr(network_zones.magenta.offsets['ch-router']) | ansible.utils.ipaddr('address') }}" + port: 51820 + allowed_ips: + - "{{ network_zones.remote.prefix }}" + - "{{ network_zones.svc.prefix }}" + - "{{ network_zones.lan.prefix | ansible.utils.ipaddr(network_zones.lan.offsets['ch-prometheus-legacy']) | ansible.utils.ipaddr('address') }}/32" + + nginx_server_names_hash_bucket_size: 64 acmetool_directory_server: "{{ acmetool_directory_server_le_live_v2 }}" |