28 lines
1.4 KiB
Django/Jinja
28 lines
1.4 KiB
Django/Jinja
{{ ansible_header | comment }}
|
||
{% if wireguard.sputnik %}
|
||
[Interface]
|
||
Address = 172.16.10.32/24, fd00::10:0:ff:fe00:3210/64
|
||
ListenPort = 51820
|
||
PrivateKey = {{ wireguard.private_key }}
|
||
|
||
PostUp = /sbin/ip link set sputnik alias adm
|
||
|
||
[Peer]
|
||
PublicKey = {{ wireguard.peer_public_key }}
|
||
AllowedIPs = {{ query('ldap', 'network', 'adm') }}, fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64
|
||
Endpoint = {{ (query('ldap', 'ip', 'boeing', 'srv') | ipv4)[0] }}:51820
|
||
{% else %}
|
||
[Interface]
|
||
ListenPort = 51820
|
||
PrivateKey = {{ wireguard.private_key }}
|
||
|
||
PostUp = sysctl -w net.ipv4.conf.{{ wireguard.if }}.proxy_arp=1; sysctl -w net.ipv4.conf.sputnik.proxy_arp=1; sysctl -w net.ipv6.conf.{{ wireguard.if }}.proxy_ndp=1; sysctl -w net.ipv6.conf.sputnik.proxy_ndp=1; ip neigh add proxy {{ (query('ldap', 'ip', 'sputnik', 'adm') | ipv6)[0] }} dev {{ wireguard.if }}
|
||
PostDown = sysctl -w net.ipv4.conf.{{ wireguard.if }}.proxy_arp=0; sysctl -w net.ipv4.conf.sputnik.proxy_arp=0; sysctl -w net.ipv6.conf.{{ wireguard.if }}.proxy_ndp=0; sysctl -w net.ipv6.conf.sputnik.proxy_ndp=0; ip neigh delete proxy {{ (query('ldap', 'ip', 'sputnik', 'adm') | ipv6)[0] }} dev {{ wireguard.if }}
|
||
|
||
[Peer]
|
||
PublicKey = {{ wireguard.peer_public_key }}
|
||
AllowedIPs = {{ (query('ldap', 'ip', 'sputnik', 'adm') | ipv4)[0] }}/32, {{ (query('ldap', 'ip', 'sputnik', 'adm') | ipv6)[0] }}/128
|
||
Endpoint = {{ (query('ldap', 'ip', 'sputnik', 'srv') | ipv4)[0] }}:51820
|
||
{% endif %}
|
||
|