unifi_site: default unifi_gateway_config: firewall: name: WAN_LOCAL: rule: 20: action: accept description: WireGuard destination: port: "{{ wireguard.usg.wg0.listen_port }}" protocol: udp group: network-group: remote_user_vpn_network: description: Remote User VPN subnets network: - 10.253.1.0/24 address-group: RougeDns: description: IoT address: 10.0.0.210-10.0.0.230 service: nat: rule: 1: description: Redirect DNS queries to pihole destination: address: "!10.0.0.31" port: "53" inbound-interface: eth1 inside-address: address: "10.0.0.31" port: "53" log: enable protocol: tcp_udp type: destination source: group: address-group: RougeDns 5002: description: Translate reply back destination: address: 10.0.0.31 port: "53" outbound-interface: eth0 protocol: tcp_udp type: masquerade interfaces: wireguard: wg0: address: "{{ wireguard.usg.wg0.address }}" firewall: in: name: LAN_IN local: name: LAN_LOCAL out: name: LAN_OUT listen-port: "{{ wireguard.usg.wg0.listen_port }}" mtu: "1500" peer: - key: "{{ wireguard.usg.wg0.peers.phone.public }}" allowed-ips: "{{ wireguard.usg.wg0.peers.phone.allowed_ips }}" persistent-keepalive: "{{ wireguard.usg.wg0.persistent_keepalive }}" endpoint: "{{ wireguard.usg.wg0.endpoint }}:{{ wireguard.usg.wg0.listen_port }}" - key: "{{ wireguard.usg.wg0.peers.travel.public }}" allowed-ips: "{{ wireguard.usg.wg0.peers.travel.allowed_ips }}" persistent-keepalive: "{{ wireguard.usg.wg0.persistent_keepalive }}" endpoint: "{{ wireguard.usg.wg0.endpoint }}:{{ wireguard.usg.wg0.listen_port }}" private-key: /config/auth/wireguard/wg.key route-allowed-ips: "true"