---
interfaces:
  adm: ens18
  auto: ens19

loc_wireguard:
  tunnels:
    - name: boeing
      listen_port: 51820
      private_key: "{{ vault.wireguard.routeur_thot.privkey }}"
      table: "off"
      peers:
        - public_key: "{{ vault.wireguard.boeing.aurore.pubkey }}"
          allowed_ips:
            - "{{ query('ldap', 'network', 'adm') }}"
            - fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64
          endpoint: "{{ query('ldap', 'ip', 'boeing', 'srv') | ansible.utils.ipv4 | first }}:51822"
          persistent_keepalive: 25
      post_up:
        - sysctl -w net.ipv4.conf.%i.proxy_arp=1
        - sysctl -w net.ipv6.conf.%i.proxy_ndp=1
        - ip route add 172.16.10.1 dev %i proto proxy
        - python3 /var/local/services/proxy/proxy.py --alter
      pre_down:
        - sysctl -w net.ipv4.conf.%i.proxy_arp=0
        - sysctl -w net.ipv6.conf.%i.proxy_ndp=0
        - ip route flush proto proxy; ip -6 route flush proto proxy; ip neigh flush proxy proto proxy

loc_service_proxy:
  config:
    ldap:
      server: ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipv4 | first }}/
    protocol: proxy
    filter: adm.crans.org
    proxy:
      default: boeing
      aurore: ens18