35 lines
1.5 KiB
YAML
35 lines
1.5 KiB
YAML
# Directory to store WireGuard configuration on the remote hosts
|
|
wireguard_remote_directory: /etc/wireguard
|
|
|
|
wireguard_interface_restart: false
|
|
wireguard_service_enabled: true
|
|
wireguard_service_state: started
|
|
|
|
# We need to keep the NAT mapping open:
|
|
# https://www.wireguard.com/quickstart/#nat-and-firewall-traversal-persistence
|
|
# I've tested 25 seconds, which seems to be too low. The mapping still seems
|
|
# to be broken every once in a while.
|
|
# Or, it might be because PersistentKeepalive is actually also needed on the
|
|
# server but it's being omitted currently. See the issue I opened:
|
|
# https://github.com/githubixx/ansible-role-wireguard/issues/217#issue-2871281915
|
|
wireguard_persistent_keepalive: 15
|
|
|
|
wireguard_ipv6_subnet: "fde0:fb5b:2593::/64"
|
|
# Setting this here doesn't seem to work. We set it during runtime later
|
|
# public_ipv6_subnet: "{{ hostvars[groups['embassy'][0]].ipv6_subnet }}"
|
|
|
|
# We can generate this dynamically, but it really doesn't seem like it's worth
|
|
# the work.
|
|
nat_map:
|
|
moirai-clotho.local:
|
|
vpn_ipv6: "{{ wireguard_ipv6_subnet | ansible.utils.ipaddr('16') }}"
|
|
vps_ipv6: "{{ public_ipv6_subnet | ansible.utils.ipaddr('16') }}"
|
|
|
|
moirai-lachesis.local:
|
|
vpn_ipv6: "{{ wireguard_ipv6_subnet | ansible.utils.ipaddr('17') }}"
|
|
vps_ipv6: "{{ public_ipv6_subnet | ansible.utils.ipaddr('17') }}"
|
|
|
|
moirai-atropos.local:
|
|
vpn_ipv6: "{{ wireguard_ipv6_subnet | ansible.utils.ipaddr('18') }}"
|
|
vps_ipv6: "{{ public_ipv6_subnet | ansible.utils.ipaddr('18') }}"
|