bundles/wireguard: add netdev and network files, add iptables rules
All checks were successful
bundlewrap/pipeline/head This commit looks good
All checks were successful
bundlewrap/pipeline/head This commit looks good
This commit is contained in:
parent
e2490df48e
commit
58ca3fa9ae
GPG key ID:
12E3D2136B818350
8 changed files with 168 additions and 8 deletions
|
|
@ -11,6 +11,7 @@ nodes['home.router'] = {
|
|||
'dhcpd',
|
||||
'vnstat',
|
||||
'wide-dhcp6c',
|
||||
'wireguard',
|
||||
},
|
||||
'groups': {
|
||||
'debian-buster',
|
||||
|
|
@ -41,9 +42,6 @@ nodes['home.router'] = {
|
|||
# day.
|
||||
'restart_pppd': '23 2 * * * root systemctl restart pppoe',
|
||||
},
|
||||
'icinga_options': {
|
||||
'hostname': 'franzi-home.kunbox.net',
|
||||
},
|
||||
'iptables': {
|
||||
'custom_rules': [
|
||||
# This is a router. Allow forwarding traffic for all internal networks.
|
||||
|
|
@ -133,5 +131,18 @@ nodes['home.router'] = {
|
|||
'enp1s0.42': '1',
|
||||
},
|
||||
},
|
||||
'wireguard': {
|
||||
# TODO autogenerate?
|
||||
'my_ip': '172.19.137.2/32',
|
||||
'subnets': {
|
||||
'172.19.138.0/24',
|
||||
'172.19.139.0/24',
|
||||
},
|
||||
'peers': {
|
||||
'ovh.wireguard': {
|
||||
'do_not_initiate_a_connection_from_your_side': True,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ nodes['ovh.icinga2'] = {
|
|||
'icinga2',
|
||||
'php',
|
||||
'postgresql',
|
||||
'wireguard',
|
||||
'zfs',
|
||||
},
|
||||
'groups': {
|
||||
|
|
@ -14,7 +15,7 @@ nodes['ovh.icinga2'] = {
|
|||
'eth0': {
|
||||
'ips': {
|
||||
'51.195.44.8',
|
||||
'2001:41d0:701:1100::2618/64'
|
||||
'2001:41d0:701:1100::2618/128'
|
||||
},
|
||||
'gateway4': '51.195.44.1',
|
||||
'gateway6': '2001:41d0:701:1100::1'
|
||||
|
|
@ -53,6 +54,12 @@ nodes['ovh.icinga2'] = {
|
|||
'xml',
|
||||
},
|
||||
},
|
||||
'wireguard': {
|
||||
'my_ip': '172.19.137.3/32',
|
||||
'peers': {
|
||||
'ovh.wireguard': {},
|
||||
},
|
||||
},
|
||||
'zfs': {
|
||||
'pools': {
|
||||
'tank': {
|
||||
|
|
|
|||
|
|
@ -1,5 +1,7 @@
|
|||
nodes['ovh.wireguard'] = {
|
||||
'bundles': set(),
|
||||
'bundles': {
|
||||
'wireguard',
|
||||
},
|
||||
'groups': {
|
||||
'debian-buster',
|
||||
},
|
||||
|
|
@ -8,7 +10,7 @@ nodes['ovh.wireguard'] = {
|
|||
'eth0': {
|
||||
'ips': {
|
||||
'51.195.47.180',
|
||||
'2001:41d0:701:1100::20da/64'
|
||||
'2001:41d0:701:1100::20da/128'
|
||||
},
|
||||
'gateway4': '51.195.44.1',
|
||||
'gateway6': '2001:41d0:701:1100::1'
|
||||
|
|
@ -21,5 +23,10 @@ nodes['ovh.wireguard'] = {
|
|||
'cpu': 1,
|
||||
'ram': 2,
|
||||
},
|
||||
'wireguard': {
|
||||
'network': '172.19.136.0/22',
|
||||
'my_ip': '172.19.137.1/32',
|
||||
'psk': vault.random_bytes_as_base64_for('ovh.icinga2 wireguard psk'),
|
||||
},
|
||||
},
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue