45 lines
1.3 KiB
YAML
45 lines
1.3 KiB
YAML
---
|
|
interfaces:
|
|
adm: ens18
|
|
auto: ens19
|
|
|
|
loc_unattended:
|
|
reboot: true
|
|
|
|
loc_needrestart:
|
|
override: []
|
|
|
|
loc_wireguard:
|
|
tunnels:
|
|
- name: "boeing"
|
|
listen_port: 51820
|
|
private_key: "{{ vault.wireguard.routeur_ft.privkey }}"
|
|
table: "off"
|
|
peers:
|
|
- public_key: "{{ vault.wireguard.boeing.viarezo.pubkey }}"
|
|
allowed_ips:
|
|
- "{{ lookup('ldap', 'network', 'adm') }}"
|
|
- "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64"
|
|
endpoint: "{{ lookup('ldap', 'ip4', 'boeing', 'srv') }}:51821"
|
|
persistent_keepalive: 25
|
|
post_up:
|
|
- "sysctl -w net.ipv4.conf.%i.proxy_arp=1"
|
|
- "sysctl -w net.ipv6.conf.%i.proxy_ndp=1"
|
|
- "ip route add {{ lookup('ldap', 'ip4', 'tealc', 'adm') }} dev %i proto proxy"
|
|
- "python3 /var/local/services/proxy/proxy.py --alter"
|
|
pre_down:
|
|
- "sysctl -w net.ipv4.conf.%i.proxy_arp=0"
|
|
- "sysctl -w net.ipv6.conf.%i.proxy_ndp=0"
|
|
- "ip route flush proto proxy; ip -6 route flush proto proxy; ip neigh flush proxy proto proxy"
|
|
|
|
loc_service_proxy:
|
|
config:
|
|
ldap:
|
|
- server: "ldaps://{{ lookup('ldap', 'ip4', 'wall-e', 'adm') }}/"
|
|
- server: "ldaps://{{ lookup('ldap', 'ip4', 'ft', 'adm') }}/"
|
|
protocol: "proxy"
|
|
filter: ".adm.crans.org"
|
|
proxy:
|
|
default: "boeing"
|
|
viarezo: "ens18"
|