feat: redirect all cluster traffic on wirequard

This commit is contained in:
vincent 2024-01-27 09:34:39 +01:00
parent acc6cdc5fa
commit 2c00b9be59
2 changed files with 5 additions and 2 deletions

View File

@ -4,3 +4,4 @@ system_arch_local_mirror: "https://arch.{{domain.name}}/repo/archlinux_$arch"
system_sudoers_group: "serverAdmin" system_sudoers_group: "serverAdmin"
system_ipV6_disable: True system_ipV6_disable: True
system_ip_unprivileged_port_start: 0 system_ip_unprivileged_port_start: 0
wireguard_mtu: 1420

View File

@ -1,10 +1,12 @@
--- ---
ansible_host: 10.0.0.1 ansible_host: 10.0.0.1
#ansible_host: 135.181.150.203
wireguard_address: "10.0.0.1/24" wireguard_address: "10.0.0.1/24"
wireguard_endpoint: "135.181.150.203" wireguard_endpoint: "135.181.150.203"
wireguard_persistent_keepalive: "20" wireguard_persistent_keepalive: "20"
wireguard_allowed_ips: "10.0.0.1/32,10.0.0.3/32,10.0.0.5/32" wireguard_byhost_allowed_ips:
gerard: 10.0.0.1,10.0.0.3,10.0.0.5
wireguard_allowed_ips: "0.0.0.0/0"
wireguard_postup: wireguard_postup:
- iptables -A FORWARD -o %i -j ACCEPT - iptables -A FORWARD -o %i -j ACCEPT