prepare wireguard tunnel for emc

author: Christian Pointner <equinox@spreadspace.org> 2020-02-29 04:55:38 +0100
committer: Christian Pointner <equinox@spreadspace.org> 2020-02-29 04:55:38 +0100
commit: b399a54c2363ff717b1a92732e42e82f73cd958d (patch)
tree: 74bbcc77e0e14277f3bcbfe6ee6a5bb4413df8a0 /inventory/host_vars
parent: ele-media fix firewall rules (ssh port) (diff)
2 files changed, 30 insertions, 2 deletions
diff --git a/inventory/host_vars/ele-gwhetzner.yml b/inventory/host_vars/ele-gwhetzner.yml
index f68ff783..3575c943 100644
--- a/inventory/host_vars/ele-gwhetzner.yml
+++ b/inventory/host_vars/ele-gwhetzner.yml
@@ -37,6 +37,9 @@ wireguard_keys:
   elemedia:
     pub: "1GdTR5ehIcSVvwdWWsKitRjzcm1gY3Z9ASzJAuN7VH0="
     priv: "{{ vault_wireguard_priv_keys.elemedia }}"
+  emc:
+    pub: "xgBLLDTRrVxUG0BEr0gNQ6ofkXSRDQR7OXilxCCwtxs="
+    priv: "{{ vault_wireguard_priv_keys.elemedia }}"
 
 wireguard_gateway_tunnels:
   wg-elemedia:
@@ -52,7 +55,26 @@ wireguard_gateway_tunnels:
       tcp_ports:
         80: 192.168.254.2:80
         443: 192.168.254.2:443
+        322: 192.168.254.2:222
     peers:
     - pub_key: "{{ hostvars['ele-media'].wireguard_keys.gwhetzner.pub }}"
       allowed_ips:
         - 192.168.254.2/32
+  wg-emc:
+    description: Elevate Media Channel
+    priv_key: "{{ wireguard_keys.emc.priv }}"
+    listen_port: 51821
+    addresses:
+    - 192.168.254.5/30
+    ip_snat:
+      interface: "{{ network.primary.interface }}"
+      to: "{{ network.primary.overlay }}"
+    port_forwardings:
+    - dest: "{{ network.primary.overlay }}"
+      tcp_ports:
+        422: 192.168.254.6:222
+    peers:
+    - pub_key: "{{ hostvars['ele-router'].wireguard_keys.gwhetzner.pub }}"
+      allowed_ips:
+        - 192.168.254.6/32
+        - 192.168.20.0/24
diff --git a/inventory/host_vars/ele-router.yml b/inventory/host_vars/ele-router.yml
index 4a552d7f..72cb2b14 100644
--- a/inventory/host_vars/ele-router.yml
+++ b/inventory/host_vars/ele-router.yml
@@ -1,4 +1,10 @@
 ---
+wireguard_keys:
+  gwhetzner:
+    pub: "fqaKDJbSj6V0H98d78d/lnFLolefgp6zDPH9bN4+zUY="
+    priv: "{{ vault_wireguard_priv_keys.gwhetzner }}"
+
+
 network_mgmt_zone: "{{ network_zones.mgmt }}"
 network_internal_zone_names:
   - lan
@@ -12,7 +18,7 @@ openwrt_network_external:
     options:
       device: 'switch0'
       ## for some reason vlan-id 502 does not work. why??
-      vlan: '{{ network_zones.forum_a1.vlan }}'
+      #vlan: '{{ network_zones.forum_a1.vlan }}'
       vlan: '1'
       ports: '4 6t'
 
@@ -49,7 +55,7 @@ openwrt_network_external:
   - name: interface 'wanff'
     options:
       ## for some reason vlan-id 502 does not work. why??
-      #fname: 'eth0.{{ network_zones.funkfeuer.vlan }}'
+      #ifname: 'eth0.{{ network_zones.funkfeuer.vlan }}'
       ifname: 'eth0.2'
       proto: static
       ipaddr: "{{ network_zones.funkfeuer.prefix | ipaddr(network_zones.funkfeuer.offsets[inventory_hostname]) | ipaddr('address') }}"
author	Christian Pointner <equinox@spreadspace.org>	2020-02-29 04:55:38 +0100
committer	Christian Pointner <equinox@spreadspace.org>	2020-02-29 04:55:38 +0100
commit	b399a54c2363ff717b1a92732e42e82f73cd958d (patch)
tree	74bbcc77e0e14277f3bcbfe6ee6a5bb4413df8a0 /inventory/host_vars
parent	ele-media fix firewall rules (ssh port) (diff)