---
interfaces:
  cachan_adm: ens18
  cachan_srv: ens19
  infra: ens20

# Don't route to adm so we redefine local network interfaces
loc_network_interfaces:
  vlan:
    - name: cachan_srv
      id: 2
      gateway: "{{ query('ldap', 'ip', 'routeur-gulp', 'cachan-srv') | ipv4 | first }}"
      dns: "{{ query('ldap', 'ip', 'routeur-gulp', 'cachan-srv') | ipv4 | first }}"
      gateway_v6: "{{ query('ldap', 'ip', 'routeur-gulp', 'cachan-srv') | ipv6 | first }}"
    - name: cachan_adm
      id: 10
      dns: "{{ query('ldap', 'ip', 'routeur-gulp', 'cachan-adm') | ipv4 | first }}"
    - name: infra
      id: 11
      dns: "{{ query('ldap', 'ip', 'routeur-gulp', 'infra') | ipv4 | first }}"

loc_ntp_server:
  open:
    - 172.17.10.0/24
    - 172.16.32.0/22

loc_wireguard:
  tunnels:
    - name: "gulp"
      addresses:
        - "{{ query('ldap', 'ip', 'terenez', 'adm') | ipv4 | first }}/24"
        - "{{ query('ldap', 'ip', 'terenez', 'adm') | ipv6 | first }}/64"
      listen_port: 51820
      private_key: "{{ vault.wireguard_terenez_private_key }}"
      peers:
        - public_key: "{{ vault.wireguard_vol447_public_key }}"
          allowed_ips:
            - "{{ query('ldap', 'network', 'adm') }}"
            - "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64"
          endpoint: "{{ query('ldap', 'ip', 'vol447', 'srv') | ipv4 | first }}:51820"
      post_up: "/sbin/ip link set gulp alias adm"