centralize the declaration of the intranet ip plan

networking
Jean-Marie Mineau 3 years ago
parent 3804edfa0a
commit b7ff3a6419
Signed by: histausse
GPG Key ID: 67486F107F62E9E9

@ -0,0 +1,40 @@
---
intranet:
domaine: "intra"
ipv4: "172.20.0.0"
netmaskv4: 16
comment: "The intranet"
subnets:
physical:
domaine: "phy"
ipv4: "172.20.1.0"
netmaskv4: 24
comment: "Physical machines"
subnets:
hindley:
domaine: "hindley"
ipv4: "172.20.1.1"
netmaskv4: 32
comment: "Hindley"
azerty:
domaine: "azerty"
ipv4: "172.20.1.2"
netmaskv4: 32
comment: "Azerty"
hellman:
domaine: "hellman"
ipv4: "172.20.1.3"
netmaskv4: 32
comment: "Hellman"
guest:
domaine: "guest"
ipv4: "172.20.200.0"
netmaskv4: 24
comment: "Gest machines"
subnets:
knuth:
domaine: "knuth"
ipv4: "172.20.200.1"
netmaskv4: 32
comment: "Knuth"

@ -1,3 +1,6 @@
---
vpn_port: 51820
vpn_keepalive_period: 25
vpn_guest_keys:
knuth: "NVKyKcX6PEEApSZvAwnT9gfMmMo6o5Go5FtzEPvh+y8="

@ -4,8 +4,8 @@ interfaces:
ipv4: "10.50.1.221"
netmaskv4: 16
wg0:
ipv4: "172.20.1.2"
netmaskv4: 16
ipv4: "{{ intranet.subnets.physical.subnets.azerty.ipv4 }}"
netmaskv4: "{{ intranet.netmaskv4 }}"
ipv4_forwarding: false
ipv6_forwarding: false

@ -4,8 +4,8 @@ interfaces:
ipv4: "10.50.2.17"
netmaskv4: 16
wg0:
ipv4: "172.20.1.3"
netmaskv4: 16
ipv4: "{{ intranet.subnets.physical.subnets.hellman.ipv4 }}"
netmaskv4: "{{ intranet.netmaskv4 }}"
ipv4_forwarding: false
ipv6_forwarding: false

@ -4,8 +4,8 @@ interfaces:
ipv4: "45.66.110.3"
netmaskv4: 24
wg0:
ipv4: "172.20.1.1"
netmaskv4: 16
ipv4: "{{ intranet.subnets.physical.subnets.hindley.ipv4 }}"
netmaskv4: "{{ intranet.netmaskv4 }}"
ipv4_forwarding: true
ipv6_forwarding: false

@ -17,7 +17,8 @@ vpn_interfaces:
allowed_mask: 32
comment: "hellman"
- endpoint: ""
public_key: "NVKyKcX6PEEApSZvAwnT9gfMmMo6o5Go5FtzEPvh+y8="
allowed_ip: "172.20.200.1"
allowed_mask: 32
public_key: "{{ vpn_guest_keys.knuth }}"
allowed_ip: "{{ intranet.subnets.guest.subnets.knuth.ipv4 }}"
allowed_mask: "{{ intranet.subnets.guest.subnets.knuth.netmaskv4 }}"
comment: "Client laptop: knuth"

@ -6,4 +6,4 @@
state: restarted
loop:
- "{{ lookup('dict', vpn_interfaces) }}"
no_log: true
no_log: false

@ -46,4 +46,4 @@
enabled: yes
loop:
- "{{ lookup('dict', vpn_interfaces) }}"
no_log: true
no_log: false

@ -2,4 +2,4 @@
eval `ssh-agent -s`
ssh-add
ansible-playbook $1
ansible-playbook $*

Loading…
Cancel
Save