diff --git a/.gitignore b/.gitignore index 144b5a5..eb2bf48 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ *.retry .main_vault_password .user_vault_password +.vpn_vault_password diff --git a/ansible.cfg b/ansible.cfg index 2550a2e..be95dd1 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -23,8 +23,7 @@ forks = 15 # Some SSH connection will take time timeout = 60 -vault_identity_list = main_vault@.main_vault_password , user_vault@.user_vault_password -#vault_password_file = .vault_password +vault_identity_list = main_vault@.main_vault_password , user_vault@.user_vault_password, vpn_vault@.vpn_vault_password [privilege_escalation] diff --git a/group_vars/all/vpn_vault b/group_vars/all/vpn_vault new file mode 100644 index 0000000..156adfe --- /dev/null +++ b/group_vars/all/vpn_vault @@ -0,0 +1,16 @@ +$ANSIBLE_VAULT;1.2;AES256;vpn_vault +37633462636161633333306438623761626365623138653733613338316239303533353539366438 +3638386334656338616232333463303739613831646638360a643933346664373035303336393333 +33663439363031626664323464316334316430346138636133646562353132316530343533643564 +3566313834303662630a353636666230333536333066636162356366396331323937616431343538 +37396662353437353037316335373139653431636236666463353465333462303465646163393332 +39313763303935356364396237653435623438316164343766313461646239613933366265663437 +62303336656662363036333136303737613966616137386336653863663234656336376134313831 +38396466633832313338643638656439616232616431333564343433356461303365646237313038 +38373038626564313463383632353335373134313136323135653031346237373166343961353633 +30313439386636636333643264396362303733383239663562623631633932633732623538363232 +35636432376666333166633339306635316234383630316137303865313839333938346163306565 +64353264636166323937306466393539383734613636336361623536313330363537326361393662 +64366330383838386165656636383530323866396663363230623964353363336461646363326663 +61356430396136393630626266366138623932323532663866326264333166663731303732333238 +336462386365303833366562636134663037 diff --git a/group_vars/all/vpn_vault.example b/group_vars/all/vpn_vault.example new file mode 100644 index 0000000..303cf10 --- /dev/null +++ b/group_vars/all/vpn_vault.example @@ -0,0 +1,4 @@ +--- +vpn_vault_hindley_key: "AAAAAcxofuT6w7K0ev6L9zxHk/nLvnGgXVgYzXRJNXw=" +vpn_vault_azerty_key: "BBBBBcxofuT6w7K0ev6L9zxHk/nLvnGgXVgYzXRJNXw=" +vpn_vault_hellman_key: "CCCCCcxofuT6w7K0ev6L9zxHk/nLvnGgXVgYzXRJNXw=" diff --git a/host_vars/azerty.fil.sand.auro.re/vpn.yml b/host_vars/azerty.fil.sand.auro.re/vpn.yml index cba6110..4643237 100644 --- a/host_vars/azerty.fil.sand.auro.re/vpn.yml +++ b/host_vars/azerty.fil.sand.auro.re/vpn.yml @@ -3,7 +3,7 @@ vpn_interfaces: wg0: ip: "{{ interfaces.wg0.ipv4 }}" private_key: "{{ vpn_vault_azerty_key }}" - public_key: "" + public_key: "o9rdoSdnp4twbNbZAMl0wY4sFQh647qqRv6V8HJwMQY=" keepalive: true peers: - endpoint: "{{ hostvars['hindley.adh.auro.re'].enp2s0.ipv4 }}" diff --git a/host_vars/hellman.fil.sand.auro.re/vpn.yml b/host_vars/hellman.fil.sand.auro.re/vpn.yml index e555d93..d7992d7 100644 --- a/host_vars/hellman.fil.sand.auro.re/vpn.yml +++ b/host_vars/hellman.fil.sand.auro.re/vpn.yml @@ -3,7 +3,7 @@ vpn_interfaces: wg0: ip: "{{ interfaces.wg0.ipv4 }}" private_key: "{{ vpn_vault_hellman_key }}" - public_key: "" + public_key: "+qV1RHAgSigOkrxUKqpGR83bydmlIHrEiw+A7zjbRk4=" keepalive: true peers: - endpoint: "{{ hostvars['hindley.adh.auro.re'].enp2s0.ipv4 }}" diff --git a/host_vars/hindley.adh.auro.re/vpn.yml b/host_vars/hindley.adh.auro.re/vpn.yml index 483522d..4d332a6 100644 --- a/host_vars/hindley.adh.auro.re/vpn.yml +++ b/host_vars/hindley.adh.auro.re/vpn.yml @@ -3,7 +3,7 @@ vpn_interfaces: wg0: ip: "{{ interfaces.wg0.ipv4 }}" private_key: "{{ vpn_vault_hindley_key }}" - public_key: "" + public_key: "Ce48/ZdvpI2S82bIivhiWHQsyidzTAtxCnEYojY3xEA=" keepalive: false peers: - endpoint: ""