Browse Source

centralize the declaration of the intranet ip plan

networking
Jean-Marie Mineau 1 year ago
parent
commit
b7ff3a6419
Signed by: histausse
GPG Key ID: 67486F107F62E9E9
  1. 40
      group_vars/all/networking.yaml
  2. 3
      group_vars/all/vpn.yml
  3. 4
      host_vars/azerty.fil.sand.auro.re/networking.yml
  4. 4
      host_vars/hellman.fil.sand.auro.re/networking.yml
  5. 4
      host_vars/hindley.adh.auro.re/networking.yml
  6. 7
      host_vars/hindley.adh.auro.re/vpn.yml
  7. 2
      roles/vpn/handlers/main.yml
  8. 2
      roles/vpn/tasks/main.yml
  9. 2
      run_playbook

40
group_vars/all/networking.yaml

@ -0,0 +1,40 @@
---
intranet:
domaine: "intra"
ipv4: "172.20.0.0"
netmaskv4: 16
comment: "The intranet"
subnets:
physical:
domaine: "phy"
ipv4: "172.20.1.0"
netmaskv4: 24
comment: "Physical machines"
subnets:
hindley:
domaine: "hindley"
ipv4: "172.20.1.1"
netmaskv4: 32
comment: "Hindley"
azerty:
domaine: "azerty"
ipv4: "172.20.1.2"
netmaskv4: 32
comment: "Azerty"
hellman:
domaine: "hellman"
ipv4: "172.20.1.3"
netmaskv4: 32
comment: "Hellman"
guest:
domaine: "guest"
ipv4: "172.20.200.0"
netmaskv4: 24
comment: "Gest machines"
subnets:
knuth:
domaine: "knuth"
ipv4: "172.20.200.1"
netmaskv4: 32
comment: "Knuth"

3
group_vars/all/vpn.yml

@ -1,3 +1,6 @@
---
vpn_port: 51820
vpn_keepalive_period: 25
vpn_guest_keys:
knuth: "NVKyKcX6PEEApSZvAwnT9gfMmMo6o5Go5FtzEPvh+y8="

4
host_vars/azerty.fil.sand.auro.re/networking.yml

@ -4,8 +4,8 @@ interfaces:
ipv4: "10.50.1.221"
netmaskv4: 16
wg0:
ipv4: "172.20.1.2"
netmaskv4: 16
ipv4: "{{ intranet.subnets.physical.subnets.azerty.ipv4 }}"
netmaskv4: "{{ intranet.netmaskv4 }}"
ipv4_forwarding: false
ipv6_forwarding: false

4
host_vars/hellman.fil.sand.auro.re/networking.yml

@ -4,8 +4,8 @@ interfaces:
ipv4: "10.50.2.17"
netmaskv4: 16
wg0:
ipv4: "172.20.1.3"
netmaskv4: 16
ipv4: "{{ intranet.subnets.physical.subnets.hellman.ipv4 }}"
netmaskv4: "{{ intranet.netmaskv4 }}"
ipv4_forwarding: false
ipv6_forwarding: false

4
host_vars/hindley.adh.auro.re/networking.yml

@ -4,8 +4,8 @@ interfaces:
ipv4: "45.66.110.3"
netmaskv4: 24
wg0:
ipv4: "172.20.1.1"
netmaskv4: 16
ipv4: "{{ intranet.subnets.physical.subnets.hindley.ipv4 }}"
netmaskv4: "{{ intranet.netmaskv4 }}"
ipv4_forwarding: true
ipv6_forwarding: false

7
host_vars/hindley.adh.auro.re/vpn.yml

@ -17,7 +17,8 @@ vpn_interfaces:
allowed_mask: 32
comment: "hellman"
- endpoint: ""
public_key: "NVKyKcX6PEEApSZvAwnT9gfMmMo6o5Go5FtzEPvh+y8="
allowed_ip: "172.20.200.1"
allowed_mask: 32
public_key: "{{ vpn_guest_keys.knuth }}"
allowed_ip: "{{ intranet.subnets.guest.subnets.knuth.ipv4 }}"
allowed_mask: "{{ intranet.subnets.guest.subnets.knuth.netmaskv4 }}"
comment: "Client laptop: knuth"

2
roles/vpn/handlers/main.yml

@ -6,4 +6,4 @@
state: restarted
loop:
- "{{ lookup('dict', vpn_interfaces) }}"
no_log: true
no_log: false

2
roles/vpn/tasks/main.yml

@ -46,4 +46,4 @@
enabled: yes
loop:
- "{{ lookup('dict', vpn_interfaces) }}"
no_log: true
no_log: false

2
run_playbook

@ -2,4 +2,4 @@
eval `ssh-agent -s`
ssh-add
ansible-playbook $1
ansible-playbook $*

Loading…
Cancel
Save