42 lines
1.4 KiB
YAML
42 lines
1.4 KiB
YAML
---
|
||
interfaces:
|
||
cachan_adm: ens18
|
||
cachan_srv: ens19
|
||
infra: ens20
|
||
|
||
# Don't route to adm so we redefine local network interfaces
|
||
loc_network_interfaces:
|
||
vlan:
|
||
- name: cachan_srv
|
||
id: 2
|
||
gateway: "{{ query('ldap', 'ip', 'routeur-gulp', 'cachan-srv') | ipv4 | first }}"
|
||
dns: "{{ query('ldap', 'ip', 'routeur-gulp', 'cachan-srv') | ipv4 | first }}"
|
||
gateway_v6: "{{ query('ldap', 'ip', 'routeur-gulp', 'cachan-srv') | ipv6 | first }}"
|
||
- name: cachan_adm
|
||
id: 10
|
||
dns: "{{ query('ldap', 'ip', 'routeur-gulp', 'cachan-adm') | ipv4 | first }}"
|
||
- name: infra
|
||
id: 11
|
||
dns: "{{ query('ldap', 'ip', 'routeur-gulp', 'infra') | ipv4 | first }}"
|
||
|
||
loc_ntp_server:
|
||
open:
|
||
- 172.17.10.0/24
|
||
- 172.16.32.0/22
|
||
|
||
loc_wireguard:
|
||
tunnels:
|
||
- name: "gulp"
|
||
addresses:
|
||
- "{{ query('ldap', 'ip', 'terenez', 'adm') | ipv4 | first }}/24"
|
||
- "{{ query('ldap', 'ip', 'terenez', 'adm') | ipv6 | first }}/64"
|
||
listen_port: 51820
|
||
private_key: "{{ vault.wireguard_terenez_private_key }}"
|
||
peers:
|
||
- public_key: "{{ vault.wireguard_vol447_public_key }}"
|
||
allowed_ips:
|
||
- "{{ query('ldap', 'network', 'adm') }}"
|
||
- "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64"
|
||
endpoint: "{{ query('ldap', 'ip', 'vol447', 'srv') | ipv4 | first }}:51820"
|
||
post_up: "/sbin/ip link set gulp alias adm"
|