feat: redirect all cluster traffic on wirequard
This commit is contained in:
parent
acc6cdc5fa
commit
2c00b9be59
@ -4,3 +4,4 @@ system_arch_local_mirror: "https://arch.{{domain.name}}/repo/archlinux_$arch"
|
|||||||
system_sudoers_group: "serverAdmin"
|
system_sudoers_group: "serverAdmin"
|
||||||
system_ipV6_disable: True
|
system_ipV6_disable: True
|
||||||
system_ip_unprivileged_port_start: 0
|
system_ip_unprivileged_port_start: 0
|
||||||
|
wireguard_mtu: 1420
|
||||||
|
@ -1,10 +1,12 @@
|
|||||||
---
|
---
|
||||||
ansible_host: 10.0.0.1
|
ansible_host: 10.0.0.1
|
||||||
|
#ansible_host: 135.181.150.203
|
||||||
wireguard_address: "10.0.0.1/24"
|
wireguard_address: "10.0.0.1/24"
|
||||||
wireguard_endpoint: "135.181.150.203"
|
wireguard_endpoint: "135.181.150.203"
|
||||||
wireguard_persistent_keepalive: "20"
|
wireguard_persistent_keepalive: "20"
|
||||||
wireguard_allowed_ips: "10.0.0.1/32,10.0.0.3/32,10.0.0.5/32"
|
wireguard_byhost_allowed_ips:
|
||||||
|
gerard: 10.0.0.1,10.0.0.3,10.0.0.5
|
||||||
|
wireguard_allowed_ips: "0.0.0.0/0"
|
||||||
|
|
||||||
wireguard_postup:
|
wireguard_postup:
|
||||||
- iptables -A FORWARD -o %i -j ACCEPT
|
- iptables -A FORWARD -o %i -j ACCEPT
|
||||||
|
Loading…
Reference in New Issue
Block a user