prepare wireguard tunnel for emc

1 files changed, 22 insertions, 0 deletions

diff --git a/inventory/host_vars/ele-gwhetzner.yml b/inventory/host_vars/ele-gwhetzner.yml
index f68ff783..3575c943 100644
--- a/inventory/host_vars/ele-gwhetzner.yml
+++ b/inventory/host_vars/ele-gwhetzner.yml
@@ -37,6 +37,9 @@ wireguard_keys:
   elemedia:
     pub: "1GdTR5ehIcSVvwdWWsKitRjzcm1gY3Z9ASzJAuN7VH0="
     priv: "{{ vault_wireguard_priv_keys.elemedia }}"
+  emc:
+    pub: "xgBLLDTRrVxUG0BEr0gNQ6ofkXSRDQR7OXilxCCwtxs="
+    priv: "{{ vault_wireguard_priv_keys.elemedia }}"
 
 wireguard_gateway_tunnels:
   wg-elemedia:
@@ -52,7 +55,26 @@ wireguard_gateway_tunnels:
       tcp_ports:
         80: 192.168.254.2:80
         443: 192.168.254.2:443
+        322: 192.168.254.2:222
     peers:
     - pub_key: "{{ hostvars['ele-media'].wireguard_keys.gwhetzner.pub }}"
       allowed_ips:
         - 192.168.254.2/32
+  wg-emc:
+    description: Elevate Media Channel
+    priv_key: "{{ wireguard_keys.emc.priv }}"
+    listen_port: 51821
+    addresses:
+    - 192.168.254.5/30
+    ip_snat:
+      interface: "{{ network.primary.interface }}"
+      to: "{{ network.primary.overlay }}"
+    port_forwardings:
+    - dest: "{{ network.primary.overlay }}"
+      tcp_ports:
+        422: 192.168.254.6:222
+    peers:
+    - pub_key: "{{ hostvars['ele-router'].wireguard_keys.gwhetzner.pub }}"
+      allowed_ips:
+        - 192.168.254.6/32
+        - 192.168.20.0/24