centralize the declaration of the intranet ip plan

2 years ago · b7ff3a6419
parent 3804edfa0a
commit b7ff3a6419
9 changed files with 56 additions and 12 deletions
--- a/group_vars/all/networking.yaml
+++ b/group_vars/all/networking.yaml
@ -0,0 +1,40 @@
+---
+intranet:
+  domaine: "intra"
+  ipv4: "172.20.0.0"
+  netmaskv4: 16
+  comment: "The intranet"
+  subnets:
+    physical:
+      domaine: "phy"
+      ipv4: "172.20.1.0"
+      netmaskv4: 24
+      comment: "Physical machines"
+      subnets:
+        hindley:
+          domaine: "hindley"
+          ipv4: "172.20.1.1"
+          netmaskv4: 32
+          comment: "Hindley"
+        azerty:
+          domaine: "azerty"
+          ipv4: "172.20.1.2"
+          netmaskv4: 32
+          comment: "Azerty"
+        hellman:
+          domaine: "hellman"
+          ipv4: "172.20.1.3"
+          netmaskv4: 32
+          comment: "Hellman"
+    guest:
+      domaine: "guest"
+      ipv4: "172.20.200.0"
+      netmaskv4: 24
+      comment: "Gest machines"
+      subnets:
+        knuth:
+          domaine: "knuth"
+          ipv4: "172.20.200.1"
+          netmaskv4: 32
+          comment: "Knuth"
+
--- a/group_vars/all/vpn.yml
+++ b/group_vars/all/vpn.yml
@ -1,3 +1,6 @@
 ---
 vpn_port: 51820
 vpn_keepalive_period: 25
+
+vpn_guest_keys:
+  knuth: "NVKyKcX6PEEApSZvAwnT9gfMmMo6o5Go5FtzEPvh+y8="
--- a/host_vars/azerty.fil.sand.auro.re/networking.yml
+++ b/host_vars/azerty.fil.sand.auro.re/networking.yml
@ -4,8 +4,8 @@ interfaces:
    ipv4: "10.50.1.221"
    netmaskv4: 16
  wg0:
-    ipv4: "172.20.1.2"
-    netmaskv4: 16
+    ipv4: "{{ intranet.subnets.physical.subnets.azerty.ipv4 }}"
+    netmaskv4: "{{ intranet.netmaskv4 }}"

 ipv4_forwarding: false
 ipv6_forwarding: false
--- a/host_vars/hellman.fil.sand.auro.re/networking.yml
+++ b/host_vars/hellman.fil.sand.auro.re/networking.yml
@ -4,8 +4,8 @@ interfaces:
    ipv4: "10.50.2.17"
    netmaskv4: 16
  wg0:
-    ipv4: "172.20.1.3"
-    netmaskv4: 16
+    ipv4: "{{ intranet.subnets.physical.subnets.hellman.ipv4 }}"
+    netmaskv4: "{{ intranet.netmaskv4 }}"

 ipv4_forwarding: false
 ipv6_forwarding: false
--- a/host_vars/hindley.adh.auro.re/networking.yml
+++ b/host_vars/hindley.adh.auro.re/networking.yml
@ -4,8 +4,8 @@ interfaces:
    ipv4: "45.66.110.3"
    netmaskv4: 24
  wg0:
-    ipv4: "172.20.1.1"
-    netmaskv4: 16
+    ipv4: "{{ intranet.subnets.physical.subnets.hindley.ipv4 }}"
+    netmaskv4: "{{ intranet.netmaskv4 }}"

 ipv4_forwarding: true
 ipv6_forwarding: false
--- a/host_vars/hindley.adh.auro.re/vpn.yml
+++ b/host_vars/hindley.adh.auro.re/vpn.yml
@ -17,7 +17,8 @@ vpn_interfaces:
      allowed_mask: 32
      comment: "hellman"
    - endpoint: ""
-      public_key: "NVKyKcX6PEEApSZvAwnT9gfMmMo6o5Go5FtzEPvh+y8="
-      allowed_ip: "172.20.200.1"
-      allowed_mask: 32
+      public_key: "{{ vpn_guest_keys.knuth }}"
+      allowed_ip: "{{ intranet.subnets.guest.subnets.knuth.ipv4 }}"
+      allowed_mask: "{{ intranet.subnets.guest.subnets.knuth.netmaskv4 }}"
      comment: "Client laptop: knuth"
+
--- a/roles/vpn/handlers/main.yml
+++ b/roles/vpn/handlers/main.yml
@ -6,4 +6,4 @@
    state: restarted
  loop:
    - "{{ lookup('dict', vpn_interfaces) }}"
-  no_log: true
+  no_log: false
--- a/roles/vpn/tasks/main.yml
+++ b/roles/vpn/tasks/main.yml
@ -46,4 +46,4 @@
    enabled: yes
  loop:
    - "{{ lookup('dict', vpn_interfaces) }}"
-  no_log: true
+  no_log: false
--- a/2
+++ b/2
@ -2,4 +2,4 @@

 eval `ssh-agent -s`
 ssh-add
-ansible-playbook $1
+ansible-playbook $*