ansible/host_vars/boeing.adm.crans.org.yml

---
interfaces:
  adm: ens18
  srv: ens19

loc_wireguard:
  tunnels:
    - name: sputnik
      listen_port: 51820
      private_key: "{{ vault.wireguard.boeing.sputnik.privkey }}"
      table: "off"
      peers:
        - public_key: "{{ vault.wireguard.sputnik.pubkey }}"
          allowed_ips:
            - "{{ query('ldap', 'ip', 'sputnik', 'adm') | ansible.utils.ipv4 | first }}/32"
            - "{{ query('ldap', 'ip', 'sputnik', 'adm') | ansible.utils.ipv6 | first }}/128"
          endpoint: "{{ query('ldap', 'ip', 'sputnik', 'srv') | ansible.utils.ipv4 | first }}:51820"
      post_up:
        - sysctl -w net.ipv4.conf.%i.proxy_arp=1
        - sysctl -w net.ipv6.conf.%i.proxy_ndp=1
        - python3 /var/local/services/proxy/proxy.py --alter
      pre_down:
        - sysctl -w net.ipv4.conf.%i.proxy_arp=0
        - sysctl -w net.ipv6.conf.%i.proxy_ndp=0
        - ip route flush proto proxy; ip -6 route flush proto proxy; ip neigh flush proxy proto proxy
    - name: viarezo
      listen_port: 51821
      private_key: "{{ vault.wireguard.boeing.viarezo.privkey }}"
      table: "off"
      peers:
        - public_key: "{{ vault.wireguard.routeur_ft.pubkey }}"
          allowed_ips:
            - "{{ query('ldap', 'network', 'adm') }}"
            - fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64
          persistent_keepalive: 25
      post_up:
        - sysctl -w net.ipv4.conf.%i.proxy_arp=1
        - sysctl -w net.ipv6.conf.%i.proxy_ndp=1
        - python3 /var/local/services/proxy/proxy.py --alter
      pre_down:
        - sysctl -w net.ipv4.conf.%i.proxy_arp=0
        - sysctl -w net.ipv6.conf.%i.proxy_ndp=0
        - ip route flush proto proxy; ip -6 route flush proto proxy; ip neigh flush proxy proto proxy
    - name: aurore
      listen_port: 51822
      private_key: "{{ vault.wireguard.boeing.aurore.privkey }}"
      table: "off"
      peers:
        - public_key: "{{ vault.wireguard.routeur_thot.pubkey }}"
          allowed_ips:
            - "{{ query('ldap', 'network', 'adm') }}"
            - fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64
          persistent_keepalive: 25
      post_up:
        - sysctl -w net.ipv4.conf.%i.proxy_arp=1
        - sysctl -w net.ipv6.conf.%i.proxy_ndp=1
        - python3 /var/local/services/proxy/proxy.py --alter
      pre_down:
        - sysctl -w net.ipv4.conf.%i.proxy_arp=0
        - sysctl -w net.ipv6.conf.%i.proxy_ndp=0
        - ip route flush proto proxy; ip -6 route flush proto proxy; ip neigh flush proxy proto proxy

loc_service_proxy:
  config:
    ldap:
      server: ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipv4 | first }}/
    protocol: proxy
    filter: adm.crans.org
    proxy:
      default: ens18
      viarezo: viarezo
      aurore: aurore
      ovh: sputnik