пре 2 година · ebefc175cb
--- a/group_vars/dhcp.yml
+++ b/group_vars/dhcp.yml
@@ -6,6 +6,7 @@ dns_over_https: false
 
				 gateway_server_ip: 10.0.0.2
			
 
				 actual_gateway_ip: 10.0.0.1
			
 
				 wireguard_server_ip: 10.0.0.8 # static route to webers through this server
			
 
				+gateway_internal_interface: enp3s0
			
 
				 # TODO split out static route in dhcpd.conf.j2 (currently hardcoded)
			
 
				 
			
 
				 
			
@@ -38,7 +39,8 @@ status_services:
 
				 reservations:
			
 
				   - type: default
			
 
				     name: gateway
			
 
				-    mac: 1c:69:7a:0f:d3:a4
			
 
				+    mac: 00:e0:4c:68:01:ad # internal
			
 
				+    #mac: 1c:69:7a:0f:d3:a4 # old nuc
			
 
				     ip: 10.0.0.2
			
 
				 
			
 
				   - type: default
			
@@ -163,11 +165,6 @@ reservations:
 
				     mac: f0:57:a6:87:50:23
			
 
				     ip: 10.0.0.55
			
 
				 
			
 
				-  - type: secured
			
 
				-    name: zimaboard1
			
 
				-    mac: 00:e0:4c:68:01:ad
			
 
				-    ip: 10.0.0.60
			
 
				-
			
 
				   - type: cloudflare
			
 
				     name: julie-macbook
			
 
				     mac: b8:8d:12:36:f1:16
			
--- a/roles/name-resolution/tasks/main.yml
+++ b/roles/name-resolution/tasks/main.yml
@@ -125,11 +125,13 @@
 
				 
			
 
				 - set_fact:
			
 
				     ethernet: "{{ (ansible_interfaces | reject('search', 'podman') | list | sort)[0] }}"
			
 
				+  when:
			
 
				+    - gateway_internal_interface is not defined
			
 
				 
			
 
				-- name: Configure static IP on {{ ethernet }}
			
 
				+- name: Configure static IP on {{ ethernet | default(gateway_internal_interface) }}
			
 
				   nmcli:
			
 
				-    conn_name: "{{ ethernet }}"
			
 
				-    ifname: "{{ ethernet }}"
			
 
				+    conn_name: "{{ ethernet | default(gateway_internal_interface) }}"
			
 
				+    ifname: "{{ ethernet | default(gateway_internal_interface) }}"
			
 
				     type: ethernet
			
 
				     state: present
			
 
				     ip4: "{{ gateway_server_ip }}/24"
			
--- a/roles/wg-gateway/tasks/main.yml
+++ b/roles/wg-gateway/tasks/main.yml
@@ -4,6 +4,15 @@
 
				     name: wireguard-tools
			
 
				     state: installed
			
 
				 
			
 
				+- name: Select a random endpoint
			
 
				+  set_fact:
			
 
				+    wg_info: "{{ vaulted_wg_info | shuffle | first }}"
			
 
				+
			
 
				+- name: Record new endpoint config
			
 
				+  set_fact:
			
 
				+    wg_public_key: "{{ wg_info.pubkey }}"
			
 
				+    wg_endpoint: "{{ wg_info.endpoint }}"
			
 
				+
			
 
				 - name: Copy wireguard config
			
 
				   template:
			
 
				     src: wg.conf.j2
			
@@ -21,10 +30,12 @@
 
				     permanent: yes
			
 
				     state: enabled
			
 
				 
			
 
				-- name: Add {{ ansible_interfaces | sort | first }} to internal zone
			
 
				+- name: Add {{ gateway_internal_interface }} to internal zone
			
 
				+#- name: Add {{ ansible_interfaces | sort | first }} to internal zone
			
 
				   firewalld:
			
 
				     zone: internal
			
 
				-    interface: "{{ ansible_interfaces | sort | first }}"
			
 
				+    interface: "{{ gateway_internal_interface }}"
			
 
				+    #interface: "{{ ansible_interfaces | sort | first }}"
			
 
				     permanent: yes
			
 
				     state: enabled