---
interfaces:
  adm: ens18
  srv: ens19

loc_wireguard:
  tunnels:
    - name: "sputnik"
      listen_port: 51820
      private_key: "{{ vault.wireguard.boeing.sputnik.privkey }}"
      table: "off"
      peers:
        - public_key: "{{ vault.wireguard.sputnik.pubkey }}"
          allowed_ips:
            - "{{ query('ldap', 'ip4', 'sputnik', 'adm') }}/32"
            - "{{ query('ldap', 'ip6', 'sputnik', 'adm') }}/128"
          endpoint: "{{ query('ldap', 'ip4', 'sputnik', 'srv') }}:51820"
      post_up:
        - "sysctl -w net.ipv4.conf.%i.proxy_arp=1"
        - "sysctl -w net.ipv6.conf.%i.proxy_ndp=1"
        - "python3 /var/local/services/proxy/proxy.py --alter"
      pre_down:
        - "sysctl -w net.ipv4.conf.%i.proxy_arp=0"
        - "sysctl -w net.ipv6.conf.%i.proxy_ndp=0"
        - "ip route flush proto proxy; ip -6 route flush proto proxy; ip neigh flush proxy proto proxy"
    - name: "viarezo"
      listen_port: 51821
      private_key: "{{ vault.wireguard.boeing.viarezo.privkey }}"
      table: "off"
      peers:
        - public_key: "{{ vault.wireguard.routeur_ft.pubkey }}"
          allowed_ips:
            - "{{ query('ldap', 'network', 'adm') }}"
            - "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64"
          persistent_keepalive: 25
      post_up:
        - "sysctl -w net.ipv4.conf.%i.proxy_arp=1"
        - "sysctl -w net.ipv6.conf.%i.proxy_ndp=1"
        - "python3 /var/local/services/proxy/proxy.py --alter"
      pre_down:
        - "sysctl -w net.ipv4.conf.%i.proxy_arp=0"
        - "sysctl -w net.ipv6.conf.%i.proxy_ndp=0"
        - "ip route flush proto proxy; ip -6 route flush proto proxy; ip neigh flush proxy proto proxy"
    - name: "aurore"
      listen_port: 51822
      private_key: "{{ vault.wireguard.boeing.aurore.privkey }}"
      table: "off"
      peers:
        - public_key: "{{ vault.wireguard.routeur_thot.pubkey }}"
          allowed_ips:
            - "{{ query('ldap', 'network', 'adm') }}"
            - "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64"
          persistent_keepalive: 25
      post_up:
        - "sysctl -w net.ipv4.conf.%i.proxy_arp=1"
        - "sysctl -w net.ipv6.conf.%i.proxy_ndp=1"
        - "python3 /var/local/services/proxy/proxy.py --alter"
      pre_down:
        - "sysctl -w net.ipv4.conf.%i.proxy_arp=0"
        - "sysctl -w net.ipv6.conf.%i.proxy_ndp=0"
        - "ip route flush proto proxy; ip -6 route flush proto proxy; ip neigh flush proxy proto proxy"

loc_service_proxy:
  config:
    ldap:
      - server: "ldaps://{{ query('ldap', 'ip4', 'wall-e', 'adm') }}/"
    protocol: "proxy"
    filter: ".adm.crans.org"
    proxy:
      default: "ens18"
      viarezo: "viarezo"
      aurore: "aurore"
      ovh: "sputnik"