--- ansible_host: 10.0.0.4 #ansible_host: 65.21.2.14 default_interface: "ens3" wireguard_address: "10.0.0.4/24" wireguard_endpoint: "65.21.2.14" wireguard_persistent_keepalive: "20" wireguard_byhost_allowed_ips: oscar: "0.0.0.0/0" bleys: "0.0.0.0/0" wireguard_allowed_ips: "10.0.0.4/32,10.0.0.3,10.0.0.5" wireguard_postup: - iptables -A FORWARD -o %i -j ACCEPT - iptables -A FORWARD -i %i -j ACCEPT - iptables -t nat -A POSTROUTING -o {{ default_interface }} -j MASQUERADE - sysctl -w net.ipv4.ip_forward=1 - resolvectl dns %i 192.168.1.4 192.168.1.41; resolvectl domain %i '~ducamps.win' '~ducamps.eu' '~{{ consul_domain }}' wireguard_postdown: - iptables -D FORWARD -i %i -j ACCEPT - iptables -D FORWARD -o %i -j ACCEPT - iptables -t nat -D POSTROUTING -o {{ default_interface }} -j MASQUERADE - sysctl -w net.ipv4.ip_forward=0 wireguard_unmanaged_peers: phone: public_key: IYKgrQ2VJUbOnupSqedOfIilsbmBBABZUTRF9ZoTrkc= allowed_ips: 10.0.0.3/32 persistent_keepalive: 0 zen: public_key: rYYljQw8InmM95pxCP9KyZ8R+kcicgnjr6E9qtkI1Ag= allowed_ips: 10.0.0.5/32 persistent_keepalive: 0 wireguard_dns: "192.168.1.4,192.168.1.41" consul_client_addr: "127.0.0.1 10.0.0.4" consul_bind_address: "10.0.0.4" consul_ui: True consul_iface: "wg0" nomad_bind_addr: "10.0.0.4" nomad_host_networks: - name: "private" interface: wg0 - name: "public" interface: ens3 - name: "default" interface: wg0 vault_listener_address: 10.0.0.4 nomad_plugins_podman: True