Roxedus/Infra
1
0
Fork 0
Code Issues 1 Pull Requests 6 Projects Releases Wiki Activity
main
Infra/ansible/group_vars/cloud_key.yml
Roxedus cdbe3750d5
try usg stuff
2022-10-18 22:04:13 +02:00

73 lines
2.2 KiB
YAML
Raw Permalink Blame History

unifi_site: default
unifi_gateway_config:
firewall:
name:
WAN_LOCAL:
rule:
20:
action: accept
description: WireGuard
destination:
port: "{{ wireguard.usg.wg0.listen_port }}"
protocol: udp
group:
network-group:
remote_user_vpn_network:
description: Remote User VPN subnets
network:
- 10.253.1.0/24
address-group:
RougeDns:
description: IoT
address: 10.0.0.210-10.0.0.230
service:
nat:
rule:
1:
description: Redirect DNS queries to pihole
destination:
address: "!10.0.0.31"
port: "53"
inbound-interface: eth1
inside-address:
address: "10.0.0.31"
port: "53"
log: enable
protocol: tcp_udp
type: destination
source:
group:
address-group: RougeDns
5002:
description: Translate reply back
destination:
address: 10.0.0.31
port: "53"
outbound-interface: eth0
protocol: tcp_udp
type: masquerade
interfaces:
wireguard:
wg0:
address: "{{ wireguard.usg.wg0.address }}"
firewall:
in:
name: LAN_IN
local:
name: LAN_LOCAL
out:
name: LAN_OUT
listen-port: "{{ wireguard.usg.wg0.listen_port }}"
mtu: "1500"
peer:
- key: "{{ wireguard.usg.wg0.peers.phone.public }}"
allowed-ips: "{{ wireguard.usg.wg0.peers.phone.allowed_ips }}"
persistent-keepalive: "{{ wireguard.usg.wg0.persistent_keepalive }}"
endpoint: "{{ wireguard.usg.wg0.endpoint }}:{{ wireguard.usg.wg0.listen_port }}"
- key: "{{ wireguard.usg.wg0.peers.travel.public }}"
allowed-ips: "{{ wireguard.usg.wg0.peers.travel.allowed_ips }}"
persistent-keepalive: "{{ wireguard.usg.wg0.persistent_keepalive }}"
endpoint: "{{ wireguard.usg.wg0.endpoint }}:{{ wireguard.usg.wg0.listen_port }}"
private-key: /config/auth/wireguard/wg.key
route-allowed-ips: "true"
Reference in New Issue View Git Blame Copy Permalink