The example address is a private network address because the example
configuration is intended to run in a test jig made up of VirtualBox
-virtual machines and networks, and the VirtualBox user manual uses
-~192.168.15.0~ in its example configuration of a "NAT Network"
-(simulating Front's ISP's network).
-
-Finally, four host addresses are needed frequently in the Ansible
-code. The first two are Core's and Gate's addresses on the private
-Ethernet. The other two are Gate's and the campus Wi-Fi's addresses
-on the wild Ethernet. The following code block chooses host 1 for
-Core and host 2 for Gate on the private Ethernet. On the wild
-Ethernet, host 1 is Gate and host 2 is the access point (or wired
-IoT appliance).
+virtual machines and networks.
+
+Finally, five host addresses are needed frequently in the Ansible
+code. Each is made available in both CIDR and IPv4 address formats.
+Again this is site-independent, non-private boilerplate referenced
+with ~address-vars~ in the =default/main.yml= files.
#+CAPTION: [[file:private/vars.yml][=private/vars.yml=]]
#+BEGIN_SRC conf :tangle private/vars.yml
"{{ wild_net_cidr | ansible.utils.ipaddr('1') }}"
front_wg_addr_cidr:
"{{ public_wg_net_cidr | ansible.utils.ipaddr('1') }}"
+core_wg_addr_cidr:
+ "{{ public_wg_net_cidr | ansible.utils.ipaddr('2') }}"
core_addr: "{{ core_addr_cidr | ansible.utils.ipaddr('address') }}"
gate_addr: "{{ gate_addr_cidr | ansible.utils.ipaddr('address') }}"
"{{ gate_wild_addr_cidr | ansible.utils.ipaddr('address') }}"
front_wg_addr:
"{{ front_wg_addr_cidr | ansible.utils.ipaddr('address') }}"
+core_wg_addr:
+ "{{ core_wg_addr_cidr | ansible.utils.ipaddr('address') }}"
#+END_SRC
WireGuard™ Subnet]] for Front, Core is expected to forward packets from/to the
private networks.
-The following example [[=private/core-wg0.conf=][=private/core-wg0.conf=]] configuration recognizes
-Front by its public key, ~S+6HaT~, looking for it at the institute's
-public IP address and a special port.
-
-#+NAME: =private/core-wg0.conf=
-#+CAPTION: [[file:private/core-wg0.conf][=private/core-wg0.conf=]]
-#+BEGIN_SRC conf :tangle private/core-wg0.conf :tangle-mode u=rw,g=,o=
-[Interface]
-Address = 10.177.87.2
-PostUp = wg set %i private-key /etc/wireguard/private-key
-
-# Front
-[Peer]
-EndPoint = 192.168.15.4:39608
-PublicKey = S+6HaTnOwwhWgUGXjSBcPAvifKw+j8BDTRfq534gNW4=
-AllowedIPs = 10.177.87.1
-AllowedIPs = 10.177.87.0/24
-#+END_SRC
-
-The following tasks install WireGuard™, configure it with
-[[=private/core-wg0.conf=][=private/core-wg0.conf=]], and enable the service.
+The following tasks install WireGuard™, configure it and enable the
+service.
#+CAPTION: [[file:roles_t/core/tasks/main.yml][=roles_t/core/tasks/main.yml=]]
#+BEGIN_SRC conf :tangle roles_t/core/tasks/main.yml
- name: Configure WireGuard™.
become: yes
copy:
+ content: |
+ [Interface]
+ Address = {{ core_wg_addr }}
+ PostUp = wg set %i private-key /etc/wireguard/private-key
+
+ # Front
+ [Peer]
+ EndPoint = {{ front_addr }}:{{ public_wg_port }}
+ PublicKey = {{ front_wg_pubkey }}
+ AllowedIPs = {{ front_wg_addr }}
+ AllowedIPs = {{ public_wg_net_cidr }}
src: ../private/core-wg0.conf
dest: /etc/wireguard/wg0.conf
mode: u=r,g=,o=
projects / Institute.git / commitdiff