wireguard gateway works now (it is quite ugly though)

2 files changed, 24 insertions, 1 deletions

diff --git a/inventory/host_vars/ele-gwhetzner.yml b/inventory/host_vars/ele-gwhetzner.yml
index aeaa936f..f68ff783 100644
--- a/inventory/host_vars/ele-gwhetzner.yml
+++ b/inventory/host_vars/ele-gwhetzner.yml
@@ -44,6 +44,14 @@ wireguard_gateway_tunnels:
     priv_key: "{{ wireguard_keys.elemedia.priv }}"
     addresses:
     - 192.168.254.1/30
+    ip_snat:
+      interface: "{{ network.primary.interface }}"
+      to: "{{ network.primary.overlay }}"
+    port_forwardings:
+    - dest: "{{ network.primary.overlay }}"
+      tcp_ports:
+        80: 192.168.254.2:80
+        443: 192.168.254.2:443
     peers:
     - pub_key: "{{ hostvars['ele-media'].wireguard_keys.gwhetzner.pub }}"
       allowed_ips:
diff --git a/inventory/host_vars/ele-media.yml b/inventory/host_vars/ele-media.yml
index a0a388e9..ea298088 100644
--- a/inventory/host_vars/ele-media.yml
+++ b/inventory/host_vars/ele-media.yml
@@ -12,7 +12,7 @@ network:
     mask: "{{ network_zones.lan.prefix | ipaddr('netmask') }}"
     gateway: "{{ network_zones.lan.gateway }}"
 
-network_setup: r3-with-lan # elevate-festival
+network_setup: elevate-festival
 
 
 dyndns:
@@ -72,3 +72,18 @@ wireguard_keys:
   gwhetzner:
     pub: "YO78lnFJdlGnKxBrtVZF4QXF7bpF8rAP7yF97klWLzg="
     priv: "{{ vault_wireguard_priv_keys.gwhetzner }}"
+
+wireguard_gateway_tunnels:
+  wg-gwhetzner:
+    priv_key: "{{ wireguard_keys.gwhetzner.priv }}"
+    addresses:
+    - 192.168.254.2/30
+    default_gateway:
+      outer: 178.63.180.138
+      inner: 192.168.254.1
+    peers:
+    - pub_key: "{{ hostvars['ele-gwhetzner'].wireguard_keys.elemedia.pub }}"
+      endpoint: 178.63.180.138:51820 # TODO: fix this variable "{{ hostvars['ele-gwhetzner'].external_ip }}"
+      keepalive_interval: 15
+      allowed_ips:
+      - 0.0.0.0/0