From 9158fc8ff671707c686fcd40e13b06310112eada Mon Sep 17 00:00:00 2001 From: Trygve Laugstøl Date: Fri, 21 Aug 2020 13:44:50 +0200 Subject: wireguard2 --- ansible/plays/files/wireguard/vs0/birgitte.pub | 1 + ansible/plays/files/wireguard/vs0/vimscore-1.pub | 1 + ansible/plays/files/wireguard/vs0/vimscore-2.pub | 1 + ansible/plays/files/wireguard/vs0/vimscore-3.pub | 1 + ansible/plays/wireguard-vs0.yml | 74 ++++++++++++++++++++++++ 5 files changed, 78 insertions(+) create mode 100644 ansible/plays/files/wireguard/vs0/birgitte.pub create mode 100644 ansible/plays/files/wireguard/vs0/vimscore-1.pub create mode 100644 ansible/plays/files/wireguard/vs0/vimscore-2.pub create mode 100644 ansible/plays/files/wireguard/vs0/vimscore-3.pub create mode 100644 ansible/plays/wireguard-vs0.yml (limited to 'ansible/plays') diff --git a/ansible/plays/files/wireguard/vs0/birgitte.pub b/ansible/plays/files/wireguard/vs0/birgitte.pub new file mode 100644 index 0000000..fcc93c3 --- /dev/null +++ b/ansible/plays/files/wireguard/vs0/birgitte.pub @@ -0,0 +1 @@ +NBTz38oefUN5Thj7kwcL91fV7HL+xf6iju5/AgR2bC0= diff --git a/ansible/plays/files/wireguard/vs0/vimscore-1.pub b/ansible/plays/files/wireguard/vs0/vimscore-1.pub new file mode 100644 index 0000000..ed7da6a --- /dev/null +++ b/ansible/plays/files/wireguard/vs0/vimscore-1.pub @@ -0,0 +1 @@ +5upofMGG4o7GO1fMYIUye/QImQwEJBXIlAMaH8QzzBk= diff --git a/ansible/plays/files/wireguard/vs0/vimscore-2.pub b/ansible/plays/files/wireguard/vs0/vimscore-2.pub new file mode 100644 index 0000000..45d1586 --- /dev/null +++ b/ansible/plays/files/wireguard/vs0/vimscore-2.pub @@ -0,0 +1 @@ +rDEwWC433PMoQtyORPrXD4bHiuTobvbqjYYUtATiWgY= diff --git a/ansible/plays/files/wireguard/vs0/vimscore-3.pub b/ansible/plays/files/wireguard/vs0/vimscore-3.pub new file mode 100644 index 0000000..f1503a5 --- /dev/null +++ b/ansible/plays/files/wireguard/vs0/vimscore-3.pub @@ -0,0 +1 @@ +gnbNb32q7t9oFU801ASfx7hi3IzbPYP/b/jpNYmiuHg= diff --git a/ansible/plays/wireguard-vs0.yml b/ansible/plays/wireguard-vs0.yml new file mode 100644 index 0000000..04eee72 --- /dev/null +++ b/ansible/plays/wireguard-vs0.yml @@ -0,0 +1,74 @@ +- hosts: + - akili + - birgitte + roles: + - role: wireguard2 + wireguard_if: vs0 + wireguard_listen_port: 45364 + wireguard_address4: "{{ networks[ansible_hostname].address }}" + + networks: + vimscore-1: + address: 192.168.137.1/24 + network: 10.137.1.0 + prefix: 24 + vimscore-2: + address: 192.168.137.2/24 + network: 10.137.2.0 + prefix: 24 + vimscore-3: + address: 192.168.137.3/24 + network: 10.137.3.0 + prefix: 24 + akili: + address: 192.168.137.4/24 + network: 10.137.4.0 + prefix: 24 + birgitte: + address: 192.168.137.5/24 + network: 10.137.5.0 + prefix: 24 + + wireguard_routers: + - gateway: "{{ networks['vimscore-1'].address }}" + network: "{{ networks['vimscore-1'].network }}/{{ networks['vimscore-1'].prefix }}" + state: "{{ 'absent' if ansible_hostname == 'vimscore-1' else 'present' }}" + - gateway: "{{ networks['vimscore-2'].address }}" + network: "{{ networks['vimscore-2'].network }}/{{ networks['vimscore-2'].prefix }}" + state: "{{ 'absent' if ansible_hostname == 'vimscore-2' else 'present' }}" + - gateway: "{{ networks['vimscore-3'].address }}" + network: "{{ networks['vimscore-3'].network }}/{{ networks['vimscore-3'].prefix }}" + state: "{{ 'absent' if ansible_hostname == 'vimscore-3' else 'present' }}" + - gateway: "{{ networks['akili'].address }}" + network: "{{ networks['akili'].network }}/{{ networks['akili'].prefix }}" + state: "{{ 'absent' if ansible_hostname == 'akili' else 'present' }}" + - gateway: "{{ networks['birgitte'].address }}" + network: "{{ networks['birgitte'].network }}/{{ networks['birgitte'].prefix }}" + state: "{{ 'absent' if ansible_hostname == 'birgitte' else 'present' }}" + + wireguard_peers: + vimscore-1: + endpoint: vimscore-1.vimscore.com + allowed_ips: + - "{{ networks['vimscore-1'].address | ipaddr('address') }}/32" + - "{{ networks['vimscore-1'].network }}/{{ networks['vimscore-1'].prefix }}" + vimscore-2: + endpoint: vimscore-2.vimscore.com + allowed_ips: + - "{{ networks['vimscore-2'].address | ipaddr('address') }}/32" + - "{{ networks['vimscore-2'].network }}/{{ networks['vimscore-2'].prefix }}" + vimscore-3: + endpoint: vimscore-3.vimscore.com + allowed_ips: + - "{{ networks['vimscore-3'].address | ipaddr('address') }}/32" + - "{{ networks['vimscore-3'].network }}/{{ networks['vimscore-3'].prefix }}" + akili: + public_key: UZc6XKf9ULUbBc4CI01DdCdyuj+lHvc1NQRhGJH/TE4= + allowed_ips: + - "{{ networks['akili'].address | ipaddr('address') }}/32" + - "{{ networks['akili'].network }}/{{ networks['akili'].prefix }}" + birgitte: + public_key: NBTz38oefUN5Thj7kwcL91fV7HL+xf6iju5/AgR2bC0= + allowed_ips: + - "{{ networks['birgitte'].address | ipaddr('address') }}/32" + - "{{ networks['birgitte'].network }}/{{ networks['birgitte'].prefix }}" -- cgit v1.2.3