Ansible configuration for PiFrame devices -- used by PiFrameFleet for fleet management
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

52 lines
2.0 KiB

---
all:
hosts:
frame1:
ansible_host: 192.168.0.11
dispatcher:
ansible_connection: local
dispatchers:
hosts:
dispatcher:
frames:
hosts:
frame1:
vars:
frame_timezone: UTC
monit_wireguard: true
monit_wireguard_ip: 192.168.254.1
rtty_server: 192.168.254.1
munin_server: 192.168.254.1
wireguard_postup:
- ip route add 192.168.254.0/24 dev wg0
wireguard_postdown:
- ip route del 192.168.254.0/24 dev wg0
wg:
hosts:
frame1:
wireguard_address: 192.168.254.11/32
dispatcher:
containerized: true
wireguard_containerized: "{{ containerized }}"
wireguard_remote_directory: "/opt/wireguard"
wireguard_address: 192.168.254.1/32
wireguard_allowed_ips: "192.168.254.0/24"
wireguard_postup:
- ip route add 192.168.254.0/24 via 192.168.254.1 dev wg0
- iptables -t nat -A PREROUTING -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT
- iptables -A FORWARD -i wg0 -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT
- iptables -A FORWARD -i wg0 -s 192.168.254.0/24 -d 0.0.0.0/0 -j DROP
- iptables -A INPUT -i wg0 -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT
- iptables -A INPUT -i wg0 -s 192.168.254.0/24 -d 0.0.0.0/0 -j DROP
wireguard_postdown:
- ip route del 192.168.254.0/24 via 192.168.254.1 dev wg0
- iptables -D -t nat -A PREROUTING -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT
- iptables -D -A FORWARD -i wg0 -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT
- iptables -D -A FORWARD -i wg0 -s 192.168.254.0/24 -d 0.0.0.0/0 -j DROP
- iptables -D -A INPUT -i wg0 -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT
- iptables -D -A INPUT -i wg0 -s 192.168.254.0/24 -d 0.0.0.0/0 -j DROP
vars:
wireguard_table: "off"
wireguard_port: 51821
wireguard_endpoint: 192.168.0.2
wireguard_persistent_keepalive: 30