From 0f6997e7ab31035e46b0132d860117b0906b3bab Mon Sep 17 00:00:00 2001 From: KemoNine Date: Tue, 4 Aug 2020 22:56:33 +0000 Subject: [PATCH] Fixup inventory --- inventory.example | 65 ++++++++++++++++++++++++----------------------- 1 file changed, 33 insertions(+), 32 deletions(-) diff --git a/inventory.example b/inventory.example index 98dfbb1..c59bdd8 100644 --- a/inventory.example +++ b/inventory.example @@ -5,35 +5,36 @@ all: ansible_host: 10.5.5.177 dispatcher: ansible_connection: local -frames: - hosts: - frame1: -wg: - hosts: - frame1: - wireguard_address: 192.168.254.11/32 - dispatcher: - containerized: true - wireguard_containerized: {{ containerized }} - wireguard_remote_directory: "/opt/wireguard" - wireguard_address: 192.168.254.1/32 - wireguard_allowed_ips: "192.168.254.0/24" - wireguard_table: "off" - wireguard_postup: - - ip route add 192.168.254.0/24 via 192.168.254.1 dev wg0 - - iptables -t nat -A PREROUTING -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT - - iptables -A FORWARD -i wg0 -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT - - iptables -A FORWARD -i wg0 -s 192.168.254.0/24 -d 0.0.0.0/0 -j DROP - - iptables -A INPUT -i wg0 -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT - - iptables -A INPUT -i wg0 -s 192.168.254.0/24 -d 0.0.0.0/0 -j DROP - wireguard_postdown: - - ip route del 192.168.254.0/24 via 192.168.254.1 dev wg0 - - iptables -D -t nat -A PREROUTING -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT - - iptables -D -A FORWARD -i wg0 -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT - - iptables -D -A FORWARD -i wg0 -s 192.168.254.0/24 -d 0.0.0.0/0 -j DROP - - iptables -D -A INPUT -i wg0 -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT - - iptables -D -A INPUT -i wg0 -s 192.168.254.0/24 -d 0.0.0.0/0 -j DROP - vars: - wireguard_port: 51821 - wireguard_endpoint: 10.5.5.246 - wireguard_persistent_keepalive: 30 + children: + frames: + hosts: + frame1: + wg: + hosts: + frame1: + wireguard_address: 192.168.254.11/32 + dispatcher: + containerized: true + wireguard_containerized: {{ containerized }} + wireguard_remote_directory: "/opt/wireguard" + wireguard_address: 192.168.254.1/32 + wireguard_allowed_ips: "192.168.254.0/24" + wireguard_table: "off" + wireguard_postup: + - ip route add 192.168.254.0/24 via 192.168.254.1 dev wg0 + - iptables -t nat -A PREROUTING -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT + - iptables -A FORWARD -i wg0 -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT + - iptables -A FORWARD -i wg0 -s 192.168.254.0/24 -d 0.0.0.0/0 -j DROP + - iptables -A INPUT -i wg0 -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT + - iptables -A INPUT -i wg0 -s 192.168.254.0/24 -d 0.0.0.0/0 -j DROP + wireguard_postdown: + - ip route del 192.168.254.0/24 via 192.168.254.1 dev wg0 + - iptables -D -t nat -A PREROUTING -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT + - iptables -D -A FORWARD -i wg0 -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT + - iptables -D -A FORWARD -i wg0 -s 192.168.254.0/24 -d 0.0.0.0/0 -j DROP + - iptables -D -A INPUT -i wg0 -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT + - iptables -D -A INPUT -i wg0 -s 192.168.254.0/24 -d 0.0.0.0/0 -j DROP + vars: + wireguard_port: 51821 + wireguard_endpoint: 10.5.5.246 + wireguard_persistent_keepalive: 30