38 lines
1.2 KiB
YAML
38 lines
1.2 KiB
YAML
---
|
|
interfaces:
|
|
adm: ens18
|
|
auto: ens19
|
|
|
|
loc_wireguard:
|
|
tunnels:
|
|
- name: boeing
|
|
listen_port: 51820
|
|
private_key: "{{ vault.wireguard.routeur_ft.privkey }}"
|
|
table: "off"
|
|
peers:
|
|
- public_key: "{{ vault.wireguard.boeing.viarezo.pubkey }}"
|
|
allowed_ips:
|
|
- "{{ query('ldap', 'network', 'adm') }}"
|
|
- fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64
|
|
endpoint: "{{ query('ldap', 'ip', 'boeing', 'srv') | ansible.utils.ipv4 | first }}:51821"
|
|
persistent_keepalive: 25
|
|
post_up:
|
|
- sysctl -w net.ipv4.conf.%i.proxy_arp=1
|
|
- sysctl -w net.ipv6.conf.%i.proxy_ndp=1
|
|
- ip route add 172.16.10.1 dev %i proto proxy
|
|
- python3 /var/local/services/proxy/proxy.py --alter
|
|
pre_down:
|
|
- sysctl -w net.ipv4.conf.%i.proxy_arp=0
|
|
- sysctl -w net.ipv6.conf.%i.proxy_ndp=0
|
|
- ip route flush proto proxy; ip -6 route flush proto proxy; ip neigh flush proxy proto proxy
|
|
|
|
loc_service_proxy:
|
|
config:
|
|
ldap:
|
|
server: ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipv4 | first }}/
|
|
protocol: proxy
|
|
filter: adm.crans.org
|
|
proxy:
|
|
default: boeing
|
|
viarezo: ens18
|