blob: 067a9deafd6140954c8b699ce170d8ec7840a59e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
# NOTE: This is an example hosts.yml, you will need to edit to fit your needs
hosts:
floatapp1:
ansible_host: floatapp1.float.bitmask.net
groups: [backend]
ips:
- 37.218.241.84
# The 'ip_vpn0' is for the internal network overlay only. Assign an unique
# value for each host
ip_vpn0: 172.16.1.1
floatrp1:
ansible_host: floatrp1.float.bitmask.net
groups: [frontend]
ips:
- 37.218.241.85
# The 'ip_vpn0' is for the internal network overlay only. Assign an unique
# value for each host
ip_vpn0: 172.16.1.2
gateway1:
ansible_host: gateway1.float.bitmask.net
groups: [openvpn]
ips:
- 37.218.242.191
# The 'ip_vpn0' is for the internal network overlay only. Assign an unique
# value for each host
ip_vpn0: 172.16.1.3
# Set the egress source address for ipv4. This address should be distinct
# from the 'ip' value above to prevent traffic leaks.
egress_ip: 37.218.242.216
location: Amsterdam
gateway2:
ansible_host: gateway2.float.bitmask.net
groups: [openvpn]
ip_vpn0: 172.16.1.4
ips:
- 204.13.164.252
# If the gateway has ipv6, assign it an address here. This address will be
# used as the incoming ipv6 address for the gateway.
- 2620:13:4000:4000:8080::252
# Set the egress source address for ipv4. This address should be distinct
# from the 'ip' value above to prevent traffic leaks.
egress_ip: 204.13.164.84
# For each gateway that has ipv6, you should allocate two ipv6 netblocks for
# each gateway, one for TCP and one for UDP connections. These ipv6
# netblocks should be in a different network than the ip6 address that you
# configured above. These are used by Openvpn to allocate client IPs, and
# they will be used for egress source addresses.
openvpn_tcp_network6: "2620:13:4000:eeee:eeee:eeee:eeee:0000/116"
openvpn_udp_network6: "2620:13:4000:ffff:ffff:ffff:ffff:0000/116"
location: Seattle
group_vars:
all:
ansible_user: root
ansible_become: false
testing: false
disable_restricted_sysctl: true
|
