From feb4db529e315897debba16175ddf9e3b15a9ad2 Mon Sep 17 00:00:00 2001 From: Jean-Marie Mineau Date: Sun, 25 Apr 2021 18:49:28 +0200 Subject: [PATCH] add rossum to hosts and vpn group --- group_vars/all/networking.yaml | 5 ++++ group_vars/all/vpn_vault | 33 +++++++++++++++------------ host_vars/hindley.adh.auro.re/vpn.yml | 5 ++++ host_vars/rossum/networking.yml | 8 +++++++ host_vars/rossum/vpn.yml | 13 +++++++++++ hosts | 4 ++++ 6 files changed, 53 insertions(+), 15 deletions(-) create mode 100644 host_vars/rossum/networking.yml create mode 100644 host_vars/rossum/vpn.yml diff --git a/group_vars/all/networking.yaml b/group_vars/all/networking.yaml index 63557f0..4d4f43e 100644 --- a/group_vars/all/networking.yaml +++ b/group_vars/all/networking.yaml @@ -26,6 +26,11 @@ intranet: ipv4: "172.20.1.3" netmaskv4: 32 comment: "Hellman" + rossum: + domaine: "rossum" + ipv4: "172.20.1.4" + netmaskv4: 32 + comment: "Rossum" guest: domaine: "guest" ipv4: "172.20.200.0" diff --git a/group_vars/all/vpn_vault b/group_vars/all/vpn_vault index 156adfe..c4ad561 100644 --- a/group_vars/all/vpn_vault +++ b/group_vars/all/vpn_vault @@ -1,16 +1,19 @@ $ANSIBLE_VAULT;1.2;AES256;vpn_vault -37633462636161633333306438623761626365623138653733613338316239303533353539366438 -3638386334656338616232333463303739613831646638360a643933346664373035303336393333 -33663439363031626664323464316334316430346138636133646562353132316530343533643564 -3566313834303662630a353636666230333536333066636162356366396331323937616431343538 -37396662353437353037316335373139653431636236666463353465333462303465646163393332 -39313763303935356364396237653435623438316164343766313461646239613933366265663437 -62303336656662363036333136303737613966616137386336653863663234656336376134313831 -38396466633832313338643638656439616232616431333564343433356461303365646237313038 -38373038626564313463383632353335373134313136323135653031346237373166343961353633 -30313439386636636333643264396362303733383239663562623631633932633732623538363232 -35636432376666333166633339306635316234383630316137303865313839333938346163306565 -64353264636166323937306466393539383734613636336361623536313330363537326361393662 -64366330383838386165656636383530323866396663363230623964353363336461646363326663 -61356430396136393630626266366138623932323532663866326264333166663731303732333238 -336462386365303833366562636134663037 +36616135666436303037356364646636346630373464613739363731306135343962626233633132 +3261633566383866373433653733356666353561336566640a616138383236623336313561363433 +32643265396330366635373936373335313562326365623232336234313363373763393461653533 +3431313134383561390a366136396438646639343537636634333965656131353936636363633930 +30303532626130303439393634663565396662653831363332323164333136303337326238393865 +66313931373062343338306230323062366565616336323665616530616331613166303963366534 +65336665653938666564666133346534653833343961623339376330666134616366643362316365 +35356161663065353161663564643234336331393230313635366130386462353132636261386338 +63376332616438646639393063623963633737373032636537313763653663623536666332323838 +37396236623464636334393535656130383064616563636636316465376636386666363962366362 +64343937656435363032613233356566373939393237316361653862363439326134333139386130 +34386531656361326238666233613939366634326261653832643763373766323231316235393133 +32356135633563313361313463373565663865373365386535313333663661646234376563653534 +65316366306432336535393130363563303332613631643061396631303165313230343565333164 +34383532643965653931633032653736376431353133663866356536303364313731323331306439 +65623931366333323831636639333133383830366137336663323661626439346135373837393832 +66343335346435626232636634333037623631626466666130613466646433643661623164323335 +3562633261663563346132313065353762303337626330643032 diff --git a/host_vars/hindley.adh.auro.re/vpn.yml b/host_vars/hindley.adh.auro.re/vpn.yml index 4f99848..c224099 100644 --- a/host_vars/hindley.adh.auro.re/vpn.yml +++ b/host_vars/hindley.adh.auro.re/vpn.yml @@ -21,4 +21,9 @@ vpn_interfaces: allowed_ip: "{{ intranet.subnets.guest.subnets.knuth.ipv4 }}" allowed_mask: "{{ intranet.subnets.guest.subnets.knuth.netmaskv4 }}" comment: "Client laptop: knuth" + - endpoint: "" + public_key: "{{ hostvars['rossum'].vpn_interfaces.wg0.public_key }}" + allowed_ip: "{{ hostvars['rossum'].vpn_interfaces.wg0.ip }}" + allowed_mask: 32 + comment: "Raspi at paris, Rossum" diff --git a/host_vars/rossum/networking.yml b/host_vars/rossum/networking.yml new file mode 100644 index 0000000..837d4ca --- /dev/null +++ b/host_vars/rossum/networking.yml @@ -0,0 +1,8 @@ +--- +interfaces: + wg0: + ipv4: "{{ intranet.subnets.physical.subnets.rossum.ipv4 }}" + netmaskv4: "{{ intranet.netmaskv4 }}" + +ipv4_forwarding: false +ipv6_forwarding: false diff --git a/host_vars/rossum/vpn.yml b/host_vars/rossum/vpn.yml new file mode 100644 index 0000000..1e46f56 --- /dev/null +++ b/host_vars/rossum/vpn.yml @@ -0,0 +1,13 @@ +--- +vpn_interfaces: + wg0: + ip: "{{ interfaces.wg0.ipv4 }}" + private_key: "{{ vpn_vault_rossum_key }}" + public_key: "YNEp3V5wsDLxDR29WhzECOCdOxiOuxuAqUUwS3gJWT4=" + keepalive: true + peers: + - endpoint: "{{ hostvars['hindley.adh.auro.re'].interfaces.enp2s0.ipv4 }}" + public_key: "{{ hostvars['hindley.adh.auro.re'].vpn_interfaces.wg0.public_key }}" + allowed_ip: "{{ hostvars['hindley.adh.auro.re'].vpn_interfaces.wg0.ip }}" + allowed_mask: "{{ interfaces.wg0.netmaskv4 }}" + comment: "hindley" diff --git a/hosts b/hosts index 1942631..47a32d7 100644 --- a/hosts +++ b/hosts @@ -15,6 +15,9 @@ all: proxmox_buster: hosts: hellman.fil.sand.auro.re: + raspbian_buster: + hosts: + rossum: proxy: hosts: hindley.adh.auro.re: @@ -39,3 +42,4 @@ all: azerty.fil.sand.auro.re: hindley.adh.auro.re: hellman.fil.sand.auro.re: + rossum: