From a5d79d229e89a8c7bab3527ef2097429ee7a308f Mon Sep 17 00:00:00 2001
From: Trygve Laugstøl <trygvis@inamo.no>
Date: Wed, 25 Oct 2023 15:42:22 +0200
Subject: wg0

---
 ansible/group_vars/all/wireguard_wg0.yml           | 60 --------------------
 ansible/inventory                                  |  8 ++-
 .../plays/files/akili/etc/wireguard/public-wg0.key |  1 -
 .../android-trygvis/etc/wireguard/public-wg0.key   |  1 -
 .../plays/files/arius/etc/wireguard/public-wg0.key |  1 -
 .../files/astyanax/etc/wireguard/public-wg0.key    |  1 -
 .../files/birgitte/etc/wireguard/public-wg0.key    |  1 -
 .../etc/wireguard/public-wg-edipost.key            |  1 -
 .../files/conflatorio/etc/wireguard/public-wg0.key |  1 -
 .../plays/files/hash/etc/wireguard/public-wg0.key  |  1 -
 .../plays/files/knot/etc/wireguard/public-wg0.key  |  1 -
 .../files/lhn2ix/etc/wireguard/public-wg0.key      |  1 -
 .../files/lhn2pi/etc/wireguard/public-wg0.key      |  1 -
 .../files/malabaricus/etc/wireguard/public-wg0.key |  1 -
 .../sweetzpot-macos/etc/wireguard/public-wg0.key   |  1 -
 .../sweetzpot-mobile/etc/wireguard/public-wg0.key  |  1 -
 ansible/plays/wireguard-wg0-terraform.yml          | 17 ------
 ansible/plays/wireguard-wg0.yml                    |  5 --
 .../wg0/files/akili/etc/wireguard/public-wg0.key   |  1 +
 .../android-trygvis/etc/wireguard/public-wg0.key   |  1 +
 .../wg0/files/arius/etc/wireguard/public-wg0.key   |  1 +
 .../files/astyanax/etc/wireguard/public-wg0.key    |  1 +
 .../files/birgitte/etc/wireguard/public-wg0.key    |  1 +
 .../files/conflatorio/etc/wireguard/public-wg0.key |  1 +
 .../wg0/files/hash/etc/wireguard/public-wg0.key    |  1 +
 .../wg0/files/knot/etc/wireguard/public-wg0.key    |  1 +
 .../wg0/files/kv24ix/etc/wireguard/public-wg0.key  |  1 +
 .../wg0/files/lhn2ix/etc/wireguard/public-wg0.key  |  1 +
 .../wg0/files/lhn2pi/etc/wireguard/public-wg0.key  |  1 +
 .../files/malabaricus/etc/wireguard/public-wg0.key |  1 +
 .../sweetzpot-macos/etc/wireguard/public-wg0.key   |  1 +
 .../sweetzpot-mobile/etc/wireguard/public-wg0.key  |  1 +
 ansible/wg0/group_vars/all/wireguard_wg0.yml       | 65 ++++++++++++++++++++++
 ansible/wg0/wireguard-wg0-terraform.yml            | 17 ++++++
 ansible/wg0/wireguard-wg0.yml                      |  5 ++
 35 files changed, 107 insertions(+), 98 deletions(-)
 delete mode 100644 ansible/group_vars/all/wireguard_wg0.yml
 delete mode 100644 ansible/plays/files/akili/etc/wireguard/public-wg0.key
 delete mode 100644 ansible/plays/files/android-trygvis/etc/wireguard/public-wg0.key
 delete mode 100644 ansible/plays/files/arius/etc/wireguard/public-wg0.key
 delete mode 100644 ansible/plays/files/astyanax/etc/wireguard/public-wg0.key
 delete mode 100644 ansible/plays/files/birgitte/etc/wireguard/public-wg0.key
 delete mode 100644 ansible/plays/files/conflatorio/etc/wireguard/public-wg-edipost.key
 delete mode 100644 ansible/plays/files/conflatorio/etc/wireguard/public-wg0.key
 delete mode 100644 ansible/plays/files/hash/etc/wireguard/public-wg0.key
 delete mode 100644 ansible/plays/files/knot/etc/wireguard/public-wg0.key
 delete mode 100644 ansible/plays/files/lhn2ix/etc/wireguard/public-wg0.key
 delete mode 100644 ansible/plays/files/lhn2pi/etc/wireguard/public-wg0.key
 delete mode 100644 ansible/plays/files/malabaricus/etc/wireguard/public-wg0.key
 delete mode 100644 ansible/plays/files/sweetzpot-macos/etc/wireguard/public-wg0.key
 delete mode 100644 ansible/plays/files/sweetzpot-mobile/etc/wireguard/public-wg0.key
 delete mode 100644 ansible/plays/wireguard-wg0-terraform.yml
 delete mode 100644 ansible/plays/wireguard-wg0.yml
 create mode 100644 ansible/wg0/files/akili/etc/wireguard/public-wg0.key
 create mode 100644 ansible/wg0/files/android-trygvis/etc/wireguard/public-wg0.key
 create mode 100644 ansible/wg0/files/arius/etc/wireguard/public-wg0.key
 create mode 100644 ansible/wg0/files/astyanax/etc/wireguard/public-wg0.key
 create mode 100644 ansible/wg0/files/birgitte/etc/wireguard/public-wg0.key
 create mode 100644 ansible/wg0/files/conflatorio/etc/wireguard/public-wg0.key
 create mode 100644 ansible/wg0/files/hash/etc/wireguard/public-wg0.key
 create mode 100644 ansible/wg0/files/knot/etc/wireguard/public-wg0.key
 create mode 100644 ansible/wg0/files/kv24ix/etc/wireguard/public-wg0.key
 create mode 100644 ansible/wg0/files/lhn2ix/etc/wireguard/public-wg0.key
 create mode 100644 ansible/wg0/files/lhn2pi/etc/wireguard/public-wg0.key
 create mode 100644 ansible/wg0/files/malabaricus/etc/wireguard/public-wg0.key
 create mode 100644 ansible/wg0/files/sweetzpot-macos/etc/wireguard/public-wg0.key
 create mode 100644 ansible/wg0/files/sweetzpot-mobile/etc/wireguard/public-wg0.key
 create mode 100644 ansible/wg0/group_vars/all/wireguard_wg0.yml
 create mode 100644 ansible/wg0/wireguard-wg0-terraform.yml
 create mode 100644 ansible/wg0/wireguard-wg0.yml

(limited to 'ansible')

diff --git a/ansible/group_vars/all/wireguard_wg0.yml b/ansible/group_vars/all/wireguard_wg0.yml
deleted file mode 100644
index dee1eb1..0000000
--- a/ansible/group_vars/all/wireguard_wg0.yml
+++ /dev/null
@@ -1,60 +0,0 @@
-wireguard_wg0:
-  if: wg0
-  ipv4_prefix: 24
-  ipv6_prefix: 64
-  hosts:
-    knot:
-      endpoint: trygvis.io
-      listen_port: 51821
-      peers: all
-      # Generated by https://www.ultratools.com/tools/rangeGenerator
-      ipv6: fdf3:aad9:a885:0b3a::1
-      allowed_ips:
-        - ::/0
-    birgitte:
-      state: absent
-      ipv4: 192.168.60.2
-      ipv6: fdf3:aad9:a885:0b3a::2
-    conflatorio:
-      state: absent
-      ipv6: fdf3:aad9:a885:0b3a::3
-    arius:
-      state: present
-      ipv6: fdf3:aad9:a885:0b3a::6
-    akili:
-      state: present
-      ipv6: fdf3:aad9:a885:0b3a::7
-      allowed_ips:
-        - fdf3:aad9:a885:ba64::/64
-    malabaricus:
-      state: absent
-      ipv6: fdf3:aad9:a885:0b3a::8
-    sweetzpot-mobile:
-      state: present
-      ipv6: fdf3:aad9:a885:0b3a::9
-    astyanax:
-      state: present
-      ipv6: fdf3:aad9:a885:0b3a::10
-      allowed_ips:
-        - fdf3:aad9:a885:ba65::/64
-    sweetzpot-macos:
-      state: present
-      ipv6: fdf3:aad9:a885:0b3a::11
-    android-trygvis:
-      state: absent
-      ipv6: fdf3:aad9:a885:0b3a::12
-    hash:
-      endpoint: hash.trygvis.io
-      listen_port: 51821
-      peers: all
-      ipv6: fdf3:aad9:a885:0b3a::13
-      allowed_ips:
-        - fdf3:aad9:a885:ab76::/64
-    lhn2pi:
-      state: present
-      ipv6: fdf3:aad9:a885:0b3a::14
-    lhn2ix:
-      state: present
-      ipv6: fdf3:aad9:a885:0b3a::15
-      allowed_ips:
-        - fdf3:aad9:a885:77dd::/64
diff --git a/ansible/inventory b/ansible/inventory
index 451a286..ca8fe21 100644
--- a/ansible/inventory
+++ b/ansible/inventory
@@ -43,6 +43,8 @@ all:
       ansible_host: 192.168.100.8
     lhn2ix:
       ansible_host: 192.168.100.7
+    kv24ix:
+      ansible_host: 192.168.100.7
 
     zh2569.rsync.net:
       ansible_user: zh2569
@@ -150,8 +152,9 @@ all:
         malabaricus:
         sweetzpot-macos:
         sweetzpot-mobile:
-        lhnpi:
-        lhnix:
+        lhn2pi:
+        lhn2ix:
+        kv24ix:
 
     bgp:
       hosts:
@@ -160,4 +163,5 @@ all:
         astyanax:
         hash:
         knot:
+
 # vim: set filetype=yaml:
diff --git a/ansible/plays/files/akili/etc/wireguard/public-wg0.key b/ansible/plays/files/akili/etc/wireguard/public-wg0.key
deleted file mode 100644
index a257ddf..0000000
--- a/ansible/plays/files/akili/etc/wireguard/public-wg0.key
+++ /dev/null
@@ -1 +0,0 @@
-VljF7el9SuYTe4RN9ZOSHPHyqWnUM/DSk4kuh29hJR4=
diff --git a/ansible/plays/files/android-trygvis/etc/wireguard/public-wg0.key b/ansible/plays/files/android-trygvis/etc/wireguard/public-wg0.key
deleted file mode 100644
index 4ab6833..0000000
--- a/ansible/plays/files/android-trygvis/etc/wireguard/public-wg0.key
+++ /dev/null
@@ -1 +0,0 @@
-9SgKebI72gmwuglEQfSOp3CKrYprUXam6+9BbEPnEkU=
diff --git a/ansible/plays/files/arius/etc/wireguard/public-wg0.key b/ansible/plays/files/arius/etc/wireguard/public-wg0.key
deleted file mode 100644
index a722138..0000000
--- a/ansible/plays/files/arius/etc/wireguard/public-wg0.key
+++ /dev/null
@@ -1 +0,0 @@
-8OOM3+qqdyh3uoI6/1pA+9/ksYwNB7jUk9HZx13zsS0=
diff --git a/ansible/plays/files/astyanax/etc/wireguard/public-wg0.key b/ansible/plays/files/astyanax/etc/wireguard/public-wg0.key
deleted file mode 100644
index 62eb9b6..0000000
--- a/ansible/plays/files/astyanax/etc/wireguard/public-wg0.key
+++ /dev/null
@@ -1 +0,0 @@
-CnfTr3NGymPlOKzWeaUXutxaIFKRDpREx3XI40rUr2U=
diff --git a/ansible/plays/files/birgitte/etc/wireguard/public-wg0.key b/ansible/plays/files/birgitte/etc/wireguard/public-wg0.key
deleted file mode 100644
index d595dff..0000000
--- a/ansible/plays/files/birgitte/etc/wireguard/public-wg0.key
+++ /dev/null
@@ -1 +0,0 @@
-r/eymAwM7HDSJkkWSY2Ec7A+F8AQ7tuL0drD/OI1LyM=
diff --git a/ansible/plays/files/conflatorio/etc/wireguard/public-wg-edipost.key b/ansible/plays/files/conflatorio/etc/wireguard/public-wg-edipost.key
deleted file mode 100644
index dd3609c..0000000
--- a/ansible/plays/files/conflatorio/etc/wireguard/public-wg-edipost.key
+++ /dev/null
@@ -1 +0,0 @@
-JwZ1bmkuCvZfzzVzWqpEt5+NRAQ/B3ciURg2Gg5jdVw=
diff --git a/ansible/plays/files/conflatorio/etc/wireguard/public-wg0.key b/ansible/plays/files/conflatorio/etc/wireguard/public-wg0.key
deleted file mode 100644
index f4cc915..0000000
--- a/ansible/plays/files/conflatorio/etc/wireguard/public-wg0.key
+++ /dev/null
@@ -1 +0,0 @@
-170TWFqJLCfkw48ddLLnx7zWAo1qpx/AQf8Dar8mSXY=
diff --git a/ansible/plays/files/hash/etc/wireguard/public-wg0.key b/ansible/plays/files/hash/etc/wireguard/public-wg0.key
deleted file mode 100644
index b7736d6..0000000
--- a/ansible/plays/files/hash/etc/wireguard/public-wg0.key
+++ /dev/null
@@ -1 +0,0 @@
-mqWUWuINT47LoIxYHNrtdvE91nBZeqGaRfwAK1rTPHw=
diff --git a/ansible/plays/files/knot/etc/wireguard/public-wg0.key b/ansible/plays/files/knot/etc/wireguard/public-wg0.key
deleted file mode 100644
index 8caf3db..0000000
--- a/ansible/plays/files/knot/etc/wireguard/public-wg0.key
+++ /dev/null
@@ -1 +0,0 @@
-cuUgTdFH1UEXpUH6V1nashdH7K/L+pl6dmJCpBWN+Xw=
diff --git a/ansible/plays/files/lhn2ix/etc/wireguard/public-wg0.key b/ansible/plays/files/lhn2ix/etc/wireguard/public-wg0.key
deleted file mode 100644
index 588621e..0000000
--- a/ansible/plays/files/lhn2ix/etc/wireguard/public-wg0.key
+++ /dev/null
@@ -1 +0,0 @@
-qGGsJvvaZWjyjATnPKq/4rpCseuuqiWnS3qSpTntl04=
diff --git a/ansible/plays/files/lhn2pi/etc/wireguard/public-wg0.key b/ansible/plays/files/lhn2pi/etc/wireguard/public-wg0.key
deleted file mode 100644
index df1ce0a..0000000
--- a/ansible/plays/files/lhn2pi/etc/wireguard/public-wg0.key
+++ /dev/null
@@ -1 +0,0 @@
-Flf2BKoYAvE4oZc/+l0sn4GldkI/lKXObrJXdBpvakI=
diff --git a/ansible/plays/files/malabaricus/etc/wireguard/public-wg0.key b/ansible/plays/files/malabaricus/etc/wireguard/public-wg0.key
deleted file mode 100644
index 6104a9a..0000000
--- a/ansible/plays/files/malabaricus/etc/wireguard/public-wg0.key
+++ /dev/null
@@ -1 +0,0 @@
-LjvdPrpPeXyj8qIYgiKkrt7A6C+VmwKgjxYmpr5Jtg0=
diff --git a/ansible/plays/files/sweetzpot-macos/etc/wireguard/public-wg0.key b/ansible/plays/files/sweetzpot-macos/etc/wireguard/public-wg0.key
deleted file mode 100644
index ea56ab1..0000000
--- a/ansible/plays/files/sweetzpot-macos/etc/wireguard/public-wg0.key
+++ /dev/null
@@ -1 +0,0 @@
-815EbcmtSqL9Fr6SdvfeL6/BLjDBAJDPsV/lnxeWmG0=
diff --git a/ansible/plays/files/sweetzpot-mobile/etc/wireguard/public-wg0.key b/ansible/plays/files/sweetzpot-mobile/etc/wireguard/public-wg0.key
deleted file mode 100644
index 73c8ae8..0000000
--- a/ansible/plays/files/sweetzpot-mobile/etc/wireguard/public-wg0.key
+++ /dev/null
@@ -1 +0,0 @@
-EQhaAO3krXKwugH0gdWEd/VjtsxXVWg0osNi5Ia6KDs=
diff --git a/ansible/plays/wireguard-wg0-terraform.yml b/ansible/plays/wireguard-wg0-terraform.yml
deleted file mode 100644
index 33b4b47..0000000
--- a/ansible/plays/wireguard-wg0-terraform.yml
+++ /dev/null
@@ -1,17 +0,0 @@
-- hosts: localhost
-  connection: local
-  tasks:
-    - tags: terraform
-      copy:
-        dest: ../../terraform/dns/vpn.tf
-        content: |
-          # Generated from ansible data
-          {% for host, data in wireguard_wg0.hosts.items() %}
-          resource "linode_domain_record" "vpn-{{ host }}" {
-            domain_id   = linode_domain.root.id
-            name        = "{{ host }}.vpn"
-            record_type = "AAAA"
-            target      = "{{ data.ipv6 }}"
-          }
-          {% endfor %}
-
diff --git a/ansible/plays/wireguard-wg0.yml b/ansible/plays/wireguard-wg0.yml
deleted file mode 100644
index a6f6653..0000000
--- a/ansible/plays/wireguard-wg0.yml
+++ /dev/null
@@ -1,5 +0,0 @@
-- hosts:
-    - wireguard_wg0
-  roles:
-    - role: wireguard
-      wireguard__name: wireguard_wg0
diff --git a/ansible/wg0/files/akili/etc/wireguard/public-wg0.key b/ansible/wg0/files/akili/etc/wireguard/public-wg0.key
new file mode 100644
index 0000000..a257ddf
--- /dev/null
+++ b/ansible/wg0/files/akili/etc/wireguard/public-wg0.key
@@ -0,0 +1 @@
+VljF7el9SuYTe4RN9ZOSHPHyqWnUM/DSk4kuh29hJR4=
diff --git a/ansible/wg0/files/android-trygvis/etc/wireguard/public-wg0.key b/ansible/wg0/files/android-trygvis/etc/wireguard/public-wg0.key
new file mode 100644
index 0000000..4ab6833
--- /dev/null
+++ b/ansible/wg0/files/android-trygvis/etc/wireguard/public-wg0.key
@@ -0,0 +1 @@
+9SgKebI72gmwuglEQfSOp3CKrYprUXam6+9BbEPnEkU=
diff --git a/ansible/wg0/files/arius/etc/wireguard/public-wg0.key b/ansible/wg0/files/arius/etc/wireguard/public-wg0.key
new file mode 100644
index 0000000..a722138
--- /dev/null
+++ b/ansible/wg0/files/arius/etc/wireguard/public-wg0.key
@@ -0,0 +1 @@
+8OOM3+qqdyh3uoI6/1pA+9/ksYwNB7jUk9HZx13zsS0=
diff --git a/ansible/wg0/files/astyanax/etc/wireguard/public-wg0.key b/ansible/wg0/files/astyanax/etc/wireguard/public-wg0.key
new file mode 100644
index 0000000..62eb9b6
--- /dev/null
+++ b/ansible/wg0/files/astyanax/etc/wireguard/public-wg0.key
@@ -0,0 +1 @@
+CnfTr3NGymPlOKzWeaUXutxaIFKRDpREx3XI40rUr2U=
diff --git a/ansible/wg0/files/birgitte/etc/wireguard/public-wg0.key b/ansible/wg0/files/birgitte/etc/wireguard/public-wg0.key
new file mode 100644
index 0000000..d595dff
--- /dev/null
+++ b/ansible/wg0/files/birgitte/etc/wireguard/public-wg0.key
@@ -0,0 +1 @@
+r/eymAwM7HDSJkkWSY2Ec7A+F8AQ7tuL0drD/OI1LyM=
diff --git a/ansible/wg0/files/conflatorio/etc/wireguard/public-wg0.key b/ansible/wg0/files/conflatorio/etc/wireguard/public-wg0.key
new file mode 100644
index 0000000..f4cc915
--- /dev/null
+++ b/ansible/wg0/files/conflatorio/etc/wireguard/public-wg0.key
@@ -0,0 +1 @@
+170TWFqJLCfkw48ddLLnx7zWAo1qpx/AQf8Dar8mSXY=
diff --git a/ansible/wg0/files/hash/etc/wireguard/public-wg0.key b/ansible/wg0/files/hash/etc/wireguard/public-wg0.key
new file mode 100644
index 0000000..b7736d6
--- /dev/null
+++ b/ansible/wg0/files/hash/etc/wireguard/public-wg0.key
@@ -0,0 +1 @@
+mqWUWuINT47LoIxYHNrtdvE91nBZeqGaRfwAK1rTPHw=
diff --git a/ansible/wg0/files/knot/etc/wireguard/public-wg0.key b/ansible/wg0/files/knot/etc/wireguard/public-wg0.key
new file mode 100644
index 0000000..8caf3db
--- /dev/null
+++ b/ansible/wg0/files/knot/etc/wireguard/public-wg0.key
@@ -0,0 +1 @@
+cuUgTdFH1UEXpUH6V1nashdH7K/L+pl6dmJCpBWN+Xw=
diff --git a/ansible/wg0/files/kv24ix/etc/wireguard/public-wg0.key b/ansible/wg0/files/kv24ix/etc/wireguard/public-wg0.key
new file mode 100644
index 0000000..99eceda
--- /dev/null
+++ b/ansible/wg0/files/kv24ix/etc/wireguard/public-wg0.key
@@ -0,0 +1 @@
+2J8R/Yg5HWyG/aGOmoCXnbuoPUHzhDxAOeckfnBarW0=
diff --git a/ansible/wg0/files/lhn2ix/etc/wireguard/public-wg0.key b/ansible/wg0/files/lhn2ix/etc/wireguard/public-wg0.key
new file mode 100644
index 0000000..588621e
--- /dev/null
+++ b/ansible/wg0/files/lhn2ix/etc/wireguard/public-wg0.key
@@ -0,0 +1 @@
+qGGsJvvaZWjyjATnPKq/4rpCseuuqiWnS3qSpTntl04=
diff --git a/ansible/wg0/files/lhn2pi/etc/wireguard/public-wg0.key b/ansible/wg0/files/lhn2pi/etc/wireguard/public-wg0.key
new file mode 100644
index 0000000..df1ce0a
--- /dev/null
+++ b/ansible/wg0/files/lhn2pi/etc/wireguard/public-wg0.key
@@ -0,0 +1 @@
+Flf2BKoYAvE4oZc/+l0sn4GldkI/lKXObrJXdBpvakI=
diff --git a/ansible/wg0/files/malabaricus/etc/wireguard/public-wg0.key b/ansible/wg0/files/malabaricus/etc/wireguard/public-wg0.key
new file mode 100644
index 0000000..6104a9a
--- /dev/null
+++ b/ansible/wg0/files/malabaricus/etc/wireguard/public-wg0.key
@@ -0,0 +1 @@
+LjvdPrpPeXyj8qIYgiKkrt7A6C+VmwKgjxYmpr5Jtg0=
diff --git a/ansible/wg0/files/sweetzpot-macos/etc/wireguard/public-wg0.key b/ansible/wg0/files/sweetzpot-macos/etc/wireguard/public-wg0.key
new file mode 100644
index 0000000..ea56ab1
--- /dev/null
+++ b/ansible/wg0/files/sweetzpot-macos/etc/wireguard/public-wg0.key
@@ -0,0 +1 @@
+815EbcmtSqL9Fr6SdvfeL6/BLjDBAJDPsV/lnxeWmG0=
diff --git a/ansible/wg0/files/sweetzpot-mobile/etc/wireguard/public-wg0.key b/ansible/wg0/files/sweetzpot-mobile/etc/wireguard/public-wg0.key
new file mode 100644
index 0000000..73c8ae8
--- /dev/null
+++ b/ansible/wg0/files/sweetzpot-mobile/etc/wireguard/public-wg0.key
@@ -0,0 +1 @@
+EQhaAO3krXKwugH0gdWEd/VjtsxXVWg0osNi5Ia6KDs=
diff --git a/ansible/wg0/group_vars/all/wireguard_wg0.yml b/ansible/wg0/group_vars/all/wireguard_wg0.yml
new file mode 100644
index 0000000..931b0ae
--- /dev/null
+++ b/ansible/wg0/group_vars/all/wireguard_wg0.yml
@@ -0,0 +1,65 @@
+wireguard_wg0:
+  if: wg0
+  ipv4_prefix: 24
+  ipv6_prefix: 64
+  hosts:
+    knot:
+      endpoint: trygvis.io
+      listen_port: 51821
+      peers: all
+      # Generated by https://www.ultratools.com/tools/rangeGenerator
+      ipv6: fdf3:aad9:a885:0b3a::1
+      allowed_ips:
+        - ::/0
+    birgitte:
+      state: absent
+      ipv4: 192.168.60.2
+      ipv6: fdf3:aad9:a885:0b3a::2
+    conflatorio:
+      state: absent
+      ipv6: fdf3:aad9:a885:0b3a::3
+    arius:
+      state: present
+      ipv6: fdf3:aad9:a885:0b3a::6
+    akili:
+      state: present
+      ipv6: fdf3:aad9:a885:0b3a::7
+      allowed_ips:
+        - fdf3:aad9:a885:ba64::/64
+    malabaricus:
+      state: absent
+      ipv6: fdf3:aad9:a885:0b3a::8
+    sweetzpot-mobile:
+      state: present
+      ipv6: fdf3:aad9:a885:0b3a::9
+    astyanax:
+      state: present
+      ipv6: fdf3:aad9:a885:0b3a::10
+      allowed_ips:
+        - fdf3:aad9:a885:ba65::/64
+    sweetzpot-macos:
+      state: present
+      ipv6: fdf3:aad9:a885:0b3a::11
+    android-trygvis:
+      state: absent
+      ipv6: fdf3:aad9:a885:0b3a::12
+    hash:
+      endpoint: hash.trygvis.io
+      listen_port: 51821
+      peers: all
+      ipv6: fdf3:aad9:a885:0b3a::13
+      allowed_ips:
+        - fdf3:aad9:a885:ab76::/64
+    lhn2pi:
+      state: present
+      ipv6: fdf3:aad9:a885:0b3a::14
+    lhn2ix:
+      state: present
+      ipv6: fdf3:aad9:a885:0b3a::15
+      allowed_ips:
+        - fdf3:aad9:a885:77dd::/64
+    kv24ix:
+      state: present
+      ipv6: fdf3:aad9:a885:0b3a::16
+      allowed_ips:
+        - fdf3:aad9:a885:b22d::/64
diff --git a/ansible/wg0/wireguard-wg0-terraform.yml b/ansible/wg0/wireguard-wg0-terraform.yml
new file mode 100644
index 0000000..33b4b47
--- /dev/null
+++ b/ansible/wg0/wireguard-wg0-terraform.yml
@@ -0,0 +1,17 @@
+- hosts: localhost
+  connection: local
+  tasks:
+    - tags: terraform
+      copy:
+        dest: ../../terraform/dns/vpn.tf
+        content: |
+          # Generated from ansible data
+          {% for host, data in wireguard_wg0.hosts.items() %}
+          resource "linode_domain_record" "vpn-{{ host }}" {
+            domain_id   = linode_domain.root.id
+            name        = "{{ host }}.vpn"
+            record_type = "AAAA"
+            target      = "{{ data.ipv6 }}"
+          }
+          {% endfor %}
+
diff --git a/ansible/wg0/wireguard-wg0.yml b/ansible/wg0/wireguard-wg0.yml
new file mode 100644
index 0000000..a6f6653
--- /dev/null
+++ b/ansible/wg0/wireguard-wg0.yml
@@ -0,0 +1,5 @@
+- hosts:
+    - wireguard_wg0
+  roles:
+    - role: wireguard
+      wireguard__name: wireguard_wg0
-- 
cgit v1.2.3