---
interfaces:
  adm: ens18
  srv: ens19

loc_wireguard:
  tunnels:
    - name: "sputnik"
      listen_port: 51820
      private_key: "{{ vault.wireguard.boeing.privkey }}"
      peers:
        - public_key: "{{ vault.wireguard.sputnik.pubkey }}"
          allowed_ips:
            - "{{ query('ldap', 'ip', 'sputnik', 'adm') | ipv4 | first }}/32"
            - "{{ query('ldap', 'ip', 'sputnik', 'adm') | ipv6 | first }}/128"
          endpoint: "{{ query('ldap', 'ip', 'sputnik', 'srv') | ipv4 | first }}:51820"
      post_up: "sysctl -w net.ipv4.conf.ens18.proxy_arp=1; sysctl -w net.ipv4.conf.sputnik.proxy_arp=1; sysctl -w net.ipv6.conf.ens18.proxy_ndp=1; sysctl -w net.ipv6.conf.sputnik.proxy_ndp=1; ip neigh add proxy {{ query('ldap', 'ip', 'sputnik', 'adm') | ipv6 | first }} dev ens18"
      post_down: "sysctl -w net.ipv4.conf.ens18.proxy_arp=0; sysctl -w net.ipv4.conf.sputnik.proxy_arp=0; sysctl -w net.ipv6.conf.ens18.proxy_ndp=0; sysctl -w net.ipv6.conf.sputnik.proxy_ndp=0; ip neigh delete proxy {{ query('ldap', 'ip', 'sputnik', 'adm') | ipv6 | first }} dev ens18"

loc_service_proxy:
  config:
    ldap:
      server: "ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}/"
    protocol: "proxy"
    filter: "adm.crans.org"
    proxy:
      default: "ens18"
      viarezo: "sputnik"
      aurore: "sputnik"
      ovh: "sputnik"