ansible/host_vars/vpn-ovh-ng.auro.re.yml

---
wireguard_endpoints:
  - name: saclay
    addrs:
      - 192.168.0.1/28
    listen_port: 5412
    private_key: "{{ vault_wireguard_secrets.ovh.private }}"
    peers:
      - public_key: "{{ vault_wireguard_secrets.gs.public }}"
        allowed_addrs:
          - 192.168.0.2/32
        keepalive: 5
      - public_key: "{{ vault_wireguard_secrets.edc.public }}"
        allowed_addrs:
          - 192.168.0.3/32
        keepalive: 5

nftables_basic_input_rules:
  - proto: tcp
    port: 22
    verdict: accept 
  - proto: udp
    port: 5412
    verdict: accept
...
Configure Wireguard endpoints for vpn(-ovh)?-ng 2021-02-20 17:05:10 +01:00			`---`
			`wireguard_endpoints:`
Configure vpn-ng-backup 2021-02-20 23:41:10 +01:00			`- name: saclay`
Configure Wireguard endpoints for vpn(-ovh)?-ng 2021-02-20 17:05:10 +01:00			`addrs:`
Configure vpn-ng-backup 2021-02-20 23:41:10 +01:00			`- 192.168.0.1/28`
Configure Wireguard endpoints for vpn(-ovh)?-ng 2021-02-20 17:05:10 +01:00			`listen_port: 5412`
Configure vpn-ng-backup 2021-02-20 23:41:10 +01:00			`private_key: "{{ vault_wireguard_secrets.ovh.private }}"`
Configure Wireguard endpoints for vpn(-ovh)?-ng 2021-02-20 17:05:10 +01:00			`peers:`
Configure vpn-ng-backup 2021-02-20 23:41:10 +01:00			`- public_key: "{{ vault_wireguard_secrets.gs.public }}"`
Configure Wireguard endpoints for vpn(-ovh)?-ng 2021-02-20 17:05:10 +01:00			`allowed_addrs:`
Configure vpn-ng-backup 2021-02-20 23:41:10 +01:00			`- 192.168.0.2/32`
			`keepalive: 5`
			`- public_key: "{{ vault_wireguard_secrets.edc.public }}"`
			`allowed_addrs:`
			`- 192.168.0.3/32`
			`keepalive: 5`
Configure Wireguard endpoints for vpn(-ovh)?-ng 2021-02-20 17:05:10 +01:00
			`nftables_basic_input_rules:`
			`- proto: tcp`
			`port: 22`
			`verdict: accept`
			`- proto: udp`
			`port: 5412`
			`verdict: accept`
			`...`