From 0f6cabbae37d2750a1841d2e1abd07eca064af29 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sun, 20 Nov 2022 23:30:00 +0100 Subject: add wireguard-based remote vpn connections to ch-(pan|mimas) --- inventory/host_vars/ch-mimas.yml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) (limited to 'inventory/host_vars/ch-mimas.yml') diff --git a/inventory/host_vars/ch-mimas.yml b/inventory/host_vars/ch-mimas.yml index 2bafafe1..32db8f65 100644 --- a/inventory/host_vars/ch-mimas.yml +++ b/inventory/host_vars/ch-mimas.yml @@ -47,6 +47,29 @@ zfs_sanoid_modules: process_children_only: yes +wireguard_p2p_interface: + name: remote0 + description: connection to chaos-at-home internal services + listen_port: 51820 + addresses: + - "{{ network_zones.remote.prefix | ansible.utils.ipaddr(network_zones.remote.offsets[inventory_hostname]) }}" + static_routes: + - dest: "{{ network_zones.svc.prefix }}" + gw: "{{ network_zones.remote.prefix | ansible.utils.ipaddr(network_zones.remote.offsets['ch-router']) | ansible.utils.ipaddr('address') }}" + - dest: "{{ network_zones.lan.prefix | ansible.utils.ipaddr(network_zones.lan.offsets['ch-prometheus-legacy']) | ansible.utils.ipaddr('address') }}/32" + gw: "{{ network_zones.remote.prefix | ansible.utils.ipaddr(network_zones.remote.offsets['ch-router']) | ansible.utils.ipaddr('address') }}" + +wireguard_p2p_peers: + - pub_key: "9pUDet+les5aI9UnHHVgyw95hNBxlAX8DBCxTjigpEI=" + endpoint: + host: "{{ network_zones.magenta.prefix | ansible.utils.ipaddr(network_zones.magenta.offsets['ch-router']) | ansible.utils.ipaddr('address') }}" + port: 51820 + allowed_ips: + - "{{ network_zones.remote.prefix }}" + - "{{ network_zones.svc.prefix }}" + - "{{ network_zones.lan.prefix | ansible.utils.ipaddr(network_zones.lan.offsets['ch-prometheus-legacy']) | ansible.utils.ipaddr('address') }}/32" + + bind_option_empty_zones_enable: no bind_option_allow_transfer: [] bind_option_allow_recursion: -- cgit v1.2.3