73 lines
2.6 KiB
YAML
73 lines
2.6 KiB
YAML
# Directory to store WireGuard configuration on the remote hosts
|
|
wireguard_remote_directory: /etc/wireguard
|
|
|
|
wireguard_interface_restart: false
|
|
# wireguard_service_enabled: false
|
|
# wireguard_service_state: stopped
|
|
wireguard_service_enabled: true
|
|
wireguard_service_state: started
|
|
|
|
# We need to keep the NAT mapping open:
|
|
# https://www.wireguard.com/quickstart/#nat-and-firewall-traversal-persistence
|
|
# It seems like we do need this on the server for server->client, but it's
|
|
# being omitted currently. See the issue I opened:
|
|
# https://github.com/githubixx/ansible-role-wireguard/issues/217#issue-2871281915
|
|
wireguard_persistent_keepalive: 25
|
|
|
|
wireguard_ipv6_subnet: "fde0:fb5b:2593::/64"
|
|
wireguard_ipv4_subnet: "10.4.4.0/24"
|
|
# Setting this here doesn't seem to work. We set it during runtime later
|
|
# public_ipv6_subnet: "{{ hostvars[groups['embassy'][0]].ipv6_subnet }}"
|
|
|
|
# We can generate this dynamically, but it really doesn't seem like it's worth
|
|
# the work.
|
|
nat_map:
|
|
moirai-clotho.local:
|
|
vpn_ipv6: "{{ wireguard_ipv6_subnet | ansible.utils.ipaddr('16') }}"
|
|
vpn_ipv4: "{{ wireguard_ipv4_subnet | ansible.utils.ipaddr('16') }}"
|
|
vps_ipv6: "{{ public_ipv6_subnet | ansible.utils.ipaddr('16') }}"
|
|
vps_ipv4: "{{ ansible_default_ipv4.address }}"
|
|
|
|
# With IPv6, we don't have to map different internal/external ports because
|
|
# we have separate port spaces on separate IPv6 addresses
|
|
ipv6_port_ranges:
|
|
# Anything that's accepted into the --dport argument of iptables is a
|
|
# valid entry.
|
|
- 2022
|
|
- 16261:16262
|
|
- 20000:20100
|
|
|
|
# With IPv4, we do, because we share a single public IPv4 address
|
|
# ipv4_port_mapping:
|
|
# - external_port: 20050
|
|
# internal_port: 20050
|
|
|
|
moirai-lachesis.local:
|
|
vpn_ipv6: "{{ wireguard_ipv6_subnet | ansible.utils.ipaddr('17') }}"
|
|
vpn_ipv4: "{{ wireguard_ipv4_subnet | ansible.utils.ipaddr('17') }}"
|
|
vps_ipv6: "{{ public_ipv6_subnet | ansible.utils.ipaddr('17') }}"
|
|
vps_ipv4: "{{ ansible_default_ipv4.address }}"
|
|
|
|
ipv6_port_ranges:
|
|
- 2022
|
|
- 16261:16262
|
|
- 20000:20100
|
|
|
|
ipv4_port_mapping:
|
|
# Project Zomboid
|
|
- external_port: 16261
|
|
internal_port: 16261
|
|
- external_port: 16262
|
|
internal_port: 16262
|
|
|
|
moirai-atropos.local:
|
|
vpn_ipv6: "{{ wireguard_ipv6_subnet | ansible.utils.ipaddr('18') }}"
|
|
vpn_ipv4: "{{ wireguard_ipv4_subnet | ansible.utils.ipaddr('18') }}"
|
|
vps_ipv6: "{{ public_ipv6_subnet | ansible.utils.ipaddr('18') }}"
|
|
vps_ipv4: "{{ ansible_default_ipv4.address }}"
|
|
|
|
ipv6_port_ranges:
|
|
- 2022
|
|
- 16261:16262
|
|
- 20000:20100
|