piframe/ansible/inventory-wireguard

---
wg:
  hosts:
      frame1:
        ansible_host: 10.5.5.100
        wireguard_address: 192.168.254.11/32
      frame2:
        ansible_host: 10.5.5.101
        wireguard_address: 192.168.254.11/32
      controller:
        ansible_connection: local
        wireguard_address: 192.168.254.1/32
        wireguard_endpoint: ""
        wireguard_postup:
          - ip route add 192.168.254.0/24 via 192.168.254.1 dev wg0
          - iptables -t nat -A PREROUTING -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT
          - iptables -A FORWARD -i wg0 -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT
          - iptables -A FORWARD -i wg0 -s 192.168.254.0/24 -d 0.0.0.0/0 -j DROP
          - iptables -A INPUT -i wg0 -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT
          - iptables -A INPUT -i wg0 -s 192.168.254.0/24 -d 0.0.0.0/0 -j DROP
        wireguard_postdown:
          - ip route del 192.168.254.0/24 via 192.168.254.1 dev wg0
          - iptables -D -t nat -A PREROUTING -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT
          - iptables -D -A FORWARD -i wg0 -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT
          - iptables -D -A FORWARD -i wg0 -s 192.168.254.0/24 -d 0.0.0.0/0 -j DROP
          - iptables -D -A INPUT -i wg0 -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT
          - iptables -D -A INPUT -i wg0 -s 192.168.254.0/24 -d 0.0.0.0/0 -j DROP
  vars:
    wireguard_allowed_ips: "172.16.8.10/24"
    wireguard_endpoint: piframefleet.domain.tld
    wireguard_persistent_keepalive: 30
Initial ansible attempts 2020-08-04 05:37:36 +00:00			`---`
			`wg:`
			`hosts:`
			`frame1:`
			`ansible_host: 10.5.5.100`
			`wireguard_address: 192.168.254.11/32`
			`frame2:`
			`ansible_host: 10.5.5.101`
			`wireguard_address: 192.168.254.11/32`
			`controller:`
			`ansible_connection: local`
			`wireguard_address: 192.168.254.1/32`
			`wireguard_endpoint: ""`
			`wireguard_postup:`
			`- ip route add 192.168.254.0/24 via 192.168.254.1 dev wg0`
			`- iptables -t nat -A PREROUTING -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT`
			`- iptables -A FORWARD -i wg0 -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT`
			`- iptables -A FORWARD -i wg0 -s 192.168.254.0/24 -d 0.0.0.0/0 -j DROP`
			`- iptables -A INPUT -i wg0 -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT`
			`- iptables -A INPUT -i wg0 -s 192.168.254.0/24 -d 0.0.0.0/0 -j DROP`
			`wireguard_postdown:`
			`- ip route del 192.168.254.0/24 via 192.168.254.1 dev wg0`
			`- iptables -D -t nat -A PREROUTING -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT`
			`- iptables -D -A FORWARD -i wg0 -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT`
			`- iptables -D -A FORWARD -i wg0 -s 192.168.254.0/24 -d 0.0.0.0/0 -j DROP`
			`- iptables -D -A INPUT -i wg0 -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT`
			`- iptables -D -A INPUT -i wg0 -s 192.168.254.0/24 -d 0.0.0.0/0 -j DROP`
			`vars:`
			`wireguard_allowed_ips: "172.16.8.10/24"`
			`wireguard_endpoint: piframefleet.domain.tld`
			`wireguard_persistent_keepalive: 30`