From 295e45e5f887e00c395c473ce4553604dd07430d Mon Sep 17 00:00:00 2001
From: vincent <vincent@ducamps.win>
Date: Sun, 27 Aug 2023 11:35:56 +0200
Subject: [PATCH] wireguard on staging

---
 ansible/host_vars/gerard-dev   | 15 ++++++++++++++
 ansible/host_vars/merlin-dev   | 37 ++++++++++++++++++++++++++++++++++
 ansible/host_vars/oscar-dev    | 15 ++++++++++++++
 ansible/roles/requirements.yml |  4 +++-
 ansible/staging                |  2 ++
 5 files changed, 72 insertions(+), 1 deletion(-)
 create mode 100644 ansible/host_vars/gerard-dev
 create mode 100644 ansible/host_vars/merlin-dev
 create mode 100644 ansible/host_vars/oscar-dev

diff --git a/ansible/host_vars/gerard-dev b/ansible/host_vars/gerard-dev
new file mode 100644
index 0000000..9e8e135
--- /dev/null
+++ b/ansible/host_vars/gerard-dev
@@ -0,0 +1,15 @@
+---
+wireguard_address: "10.0.1.6/24"
+perrsistent_keepalive: "20"
+wireguard_endpoint: ""
+
+wireguard_postup:
+  - iptables -A FORWARD -i wg0 -j ACCEPT
+  - iptables -A FORWARD -o wg0 -j ACCEPT
+  - iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+
+wireguard_postdown:
+  - iptables -D FORWARD -i wg0 -j ACCEPT
+  - iptables -D FORWARD -o wg0 -j ACCEPT
+  - iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
+
diff --git a/ansible/host_vars/merlin-dev b/ansible/host_vars/merlin-dev
new file mode 100644
index 0000000..6446b7c
--- /dev/null
+++ b/ansible/host_vars/merlin-dev
@@ -0,0 +1,37 @@
+---
+wireguard_address: "10.0.1.4/24"
+wireguard_endpoint: "{{ ansible_default_ipv4.address }}"
+wireguard_persistent_keepalive: "30"
+
+wireguard_postup:
+  - iptables -A FORWARD -o %i -j ACCEPT
+  - iptables -A FORWARD -i %i -j ACCEPT
+  - iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+
+wireguard_postdown:
+  - iptables -D FORWARD -i %i -j ACCEPT
+  - iptables -D FORWARD -o %i -j ACCEPT
+  - iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
+
+wireguard_unmanaged_peers:
+  phone:
+    public_key: ioG35kDFTtip+Acfq+je9qDHYbZij+J6+Pg3T6Z4N0w=
+    allowed_ips: 10.0.1.3/32
+    persistent_keepalive: 0
+  zen:
+    public_key: rYYljQw8InmM95pxCP9KyZ8R+kcicgnjr6E9qtkI1Ag=
+    allowed_ips: 10.0.1.5/32
+    persistent_keepalive: 0
+consul_client_addr: "127.0.0.1 10.0.1.4"
+consul_bind_address: "10.0.1.4"
+consul_ui: True
+consul_iface: "wg0"
+nomad_bind_addr: "10.0.1.4"
+nomad_host_networks:
+  - name: "private"
+    interface: wg0
+  - name: "public"
+    interface: eth0
+  - name: "default"
+    interface: wg0
+vault_listener_address: 10.0.1.4
diff --git a/ansible/host_vars/oscar-dev b/ansible/host_vars/oscar-dev
new file mode 100644
index 0000000..225bc63
--- /dev/null
+++ b/ansible/host_vars/oscar-dev
@@ -0,0 +1,15 @@
+---
+wireguard_address: "10.0.1.2/24"
+perrsistent_keepalive: "30"
+wireguard_endpoint: ""
+
+wireguard_postup:
+  - iptables -A FORWARD -i wg0 -j ACCEPT
+  - iptables -A FORWARD -o wg0 -j ACCEPT
+  - iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+
+wireguard_postdown:
+  - iptables -D FORWARD -i wg0 -j ACCEPT
+  - iptables -D FORWARD -o wg0 -j ACCEPT
+  - iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
+consul_snapshot: True
diff --git a/ansible/roles/requirements.yml b/ansible/roles/requirements.yml
index 4e2b2c9..0766b6b 100644
--- a/ansible/roles/requirements.yml
+++ b/ansible/roles/requirements.yml
@@ -23,7 +23,7 @@
   scm: git
 - src: ssh://git@git.ducamps.win:2222/ansible-roles/user_config.git
   scm: git
-- src: https://github.com/githubixx/ansible-role-wireguard.git
+- src: git@github.com:vincentDcmps/ansible-role-wireguard.git
   scm: git
 - src: ssh://git@git.ducamps.win:2222/ansible-roles/ansible-consul.git
   scm: git
@@ -37,3 +37,5 @@
   scm: git
 - src: ssh://git@git.ducamps.win:2222/ansible-roles/ansible-user.git
   scm: git
+- src: git@github.com:vincentDcmps/ansible-role-nfs.git
+  scm: git
diff --git a/ansible/staging b/ansible/staging
index 6cb3c3f..56fde06 100644
--- a/ansible/staging
+++ b/ansible/staging
@@ -8,6 +8,8 @@ merlin-dev
 [database]
 oscar-dev
 
+[wireguard:children]
+staging
 
 [staging]
 oscar-dev