~xenrox/ansible

9e1abb89470c851757fb3edf412aa413ae968fee — Thorben Günther 1 year, 9 months ago 01f19ba 
wireguard: Add desktop access to internal network

For now only access to the main server.
patch browse .tar.gz 
3 files changed, 9 insertions(+), 2 deletions(-)

M host_vars/fenrir.xenrox.net/vars.yml
M host_vars/xenrox.net/vars.yml
M roles/wireguard/templates/wg0.netdev.j2

M host_vars/fenrir.xenrox.net/vars.yml => host_vars/fenrir.xenrox.net/vars.yml +1 -1
@@ 1,3 1,3 @@
---
ci_deploy_target: true
wireguard_address: 10.0.0.2
wireguard_address: 10.0.0.3


M host_vars/xenrox.net/vars.yml => host_vars/xenrox.net/vars.yml +1 -1
@@ 7,7 7,7 @@ ipv6_netmask: "/64"
ipv6_gateway: "fe80::1"

network_interface: enp9s0
wireguard_address: 10.0.0.1
wireguard_address: 10.0.0.2
wireguard_vpn_subnet: 10.200.200.0/24

borg_user: u272193-sub1


M roles/wireguard/templates/wg0.netdev.j2 => roles/wireguard/templates/wg0.netdev.j2 +7 -0
@@ 15,3 15,10 @@ AllowedIPs={{ hostvars[host]['wireguard_address'] }}/32
Endpoint={{ host }}:51820

{% endfor %}

{% if inventory_hostname == 'xenrox.net' %}
[WireGuardPeer]
PublicKey={{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/wireguard/localhost.pub:content') | trim }}
PresharedKey={{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/wireguard/localhost.psk:content') | trim }}
AllowedIPs=10.0.0.1/32
{% endif %}