From b7ff3a64197042fbe9884c51ad3efd21f1d2172d Mon Sep 17 00:00:00 2001
From: Jean-Marie Mineau <mineau.jean.marie@gmail.com>
Date: Fri, 23 Apr 2021 19:14:28 +0200
Subject: [PATCH] centralize the declaration of the intranet ip plan

---
 group_vars/all/networking.yaml                | 40 +++++++++++++++++++
 group_vars/all/vpn.yml                        |  3 ++
 .../azerty.fil.sand.auro.re/networking.yml    |  4 +-
 .../hellman.fil.sand.auro.re/networking.yml   |  4 +-
 host_vars/hindley.adh.auro.re/networking.yml  |  4 +-
 host_vars/hindley.adh.auro.re/vpn.yml         |  7 ++--
 roles/vpn/handlers/main.yml                   |  2 +-
 roles/vpn/tasks/main.yml                      |  2 +-
 run_playbook                                  |  2 +-
 9 files changed, 56 insertions(+), 12 deletions(-)
 create mode 100644 group_vars/all/networking.yaml

diff --git a/group_vars/all/networking.yaml b/group_vars/all/networking.yaml
new file mode 100644
index 0000000..63557f0
--- /dev/null
+++ b/group_vars/all/networking.yaml
@@ -0,0 +1,40 @@
+---
+intranet:
+  domaine: "intra"
+  ipv4: "172.20.0.0"
+  netmaskv4: 16
+  comment: "The intranet"
+  subnets:
+    physical:
+      domaine: "phy"
+      ipv4: "172.20.1.0"
+      netmaskv4: 24
+      comment: "Physical machines"
+      subnets:
+        hindley:
+          domaine: "hindley"
+          ipv4: "172.20.1.1"
+          netmaskv4: 32
+          comment: "Hindley"
+        azerty:
+          domaine: "azerty"
+          ipv4: "172.20.1.2"
+          netmaskv4: 32
+          comment: "Azerty"
+        hellman:
+          domaine: "hellman"
+          ipv4: "172.20.1.3"
+          netmaskv4: 32
+          comment: "Hellman"
+    guest:
+      domaine: "guest"
+      ipv4: "172.20.200.0"
+      netmaskv4: 24
+      comment: "Gest machines"
+      subnets:
+        knuth:
+          domaine: "knuth"
+          ipv4: "172.20.200.1"
+          netmaskv4: 32
+          comment: "Knuth"
+
diff --git a/group_vars/all/vpn.yml b/group_vars/all/vpn.yml
index f3669b7..b1a317d 100644
--- a/group_vars/all/vpn.yml
+++ b/group_vars/all/vpn.yml
@@ -1,3 +1,6 @@
 ---
 vpn_port: 51820
 vpn_keepalive_period: 25
+
+vpn_guest_keys:
+  knuth: "NVKyKcX6PEEApSZvAwnT9gfMmMo6o5Go5FtzEPvh+y8="
diff --git a/host_vars/azerty.fil.sand.auro.re/networking.yml b/host_vars/azerty.fil.sand.auro.re/networking.yml
index 0719e26..06bd946 100644
--- a/host_vars/azerty.fil.sand.auro.re/networking.yml
+++ b/host_vars/azerty.fil.sand.auro.re/networking.yml
@@ -4,8 +4,8 @@ interfaces:
     ipv4: "10.50.1.221"
     netmaskv4: 16
   wg0:
-    ipv4: "172.20.1.2"
-    netmaskv4: 16
+    ipv4: "{{ intranet.subnets.physical.subnets.azerty.ipv4 }}"
+    netmaskv4: "{{ intranet.netmaskv4 }}"
 
 ipv4_forwarding: false
 ipv6_forwarding: false
diff --git a/host_vars/hellman.fil.sand.auro.re/networking.yml b/host_vars/hellman.fil.sand.auro.re/networking.yml
index 78314de..62e30f5 100644
--- a/host_vars/hellman.fil.sand.auro.re/networking.yml
+++ b/host_vars/hellman.fil.sand.auro.re/networking.yml
@@ -4,8 +4,8 @@ interfaces:
     ipv4: "10.50.2.17"
     netmaskv4: 16
   wg0:
-    ipv4: "172.20.1.3"
-    netmaskv4: 16
+    ipv4: "{{ intranet.subnets.physical.subnets.hellman.ipv4 }}"
+    netmaskv4: "{{ intranet.netmaskv4 }}"
 
 ipv4_forwarding: false
 ipv6_forwarding: false
diff --git a/host_vars/hindley.adh.auro.re/networking.yml b/host_vars/hindley.adh.auro.re/networking.yml
index d11b050..0f62177 100644
--- a/host_vars/hindley.adh.auro.re/networking.yml
+++ b/host_vars/hindley.adh.auro.re/networking.yml
@@ -4,8 +4,8 @@ interfaces:
     ipv4: "45.66.110.3"
     netmaskv4: 24
   wg0:
-    ipv4: "172.20.1.1"
-    netmaskv4: 16
+    ipv4: "{{ intranet.subnets.physical.subnets.hindley.ipv4 }}"
+    netmaskv4: "{{ intranet.netmaskv4 }}"
 
 ipv4_forwarding: true
 ipv6_forwarding: false
diff --git a/host_vars/hindley.adh.auro.re/vpn.yml b/host_vars/hindley.adh.auro.re/vpn.yml
index 9088190..4f99848 100644
--- a/host_vars/hindley.adh.auro.re/vpn.yml
+++ b/host_vars/hindley.adh.auro.re/vpn.yml
@@ -17,7 +17,8 @@ vpn_interfaces:
       allowed_mask: 32
       comment: "hellman"
     - endpoint: ""
-      public_key: "NVKyKcX6PEEApSZvAwnT9gfMmMo6o5Go5FtzEPvh+y8="
-      allowed_ip: "172.20.200.1"
-      allowed_mask: 32
+      public_key: "{{ vpn_guest_keys.knuth }}"
+      allowed_ip: "{{ intranet.subnets.guest.subnets.knuth.ipv4 }}"
+      allowed_mask: "{{ intranet.subnets.guest.subnets.knuth.netmaskv4 }}"
       comment: "Client laptop: knuth"
+
diff --git a/roles/vpn/handlers/main.yml b/roles/vpn/handlers/main.yml
index d9fb8b1..a0e5595 100644
--- a/roles/vpn/handlers/main.yml
+++ b/roles/vpn/handlers/main.yml
@@ -6,4 +6,4 @@
     state: restarted
   loop:
     - "{{ lookup('dict', vpn_interfaces) }}"
-  no_log: true
+  no_log: false
diff --git a/roles/vpn/tasks/main.yml b/roles/vpn/tasks/main.yml
index d7e9749..14b5526 100644
--- a/roles/vpn/tasks/main.yml
+++ b/roles/vpn/tasks/main.yml
@@ -46,4 +46,4 @@
     enabled: yes
   loop:
     - "{{ lookup('dict', vpn_interfaces) }}"
-  no_log: true
+  no_log: false
diff --git a/run_playbook b/run_playbook
index 164c308..9b8905f 100755
--- a/run_playbook
+++ b/run_playbook
@@ -2,4 +2,4 @@
 
 eval `ssh-agent -s`
 ssh-add
-ansible-playbook $1
+ansible-playbook $*