--- firewall_allowed_tcp_ports: - 443 - 80 firewall_allowed_udp_ports: - 1194 firewall_ipset_syslog: - 10.255.0.0/24 autossh_authorized_keys: - key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOvKqDI6VUYFgMUC54pVr5U8CX+Xl2ewV7PIYkTiQ70o - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDrte7/aVUhovxsFTF9olsO6V3TiHStlF5XFN1u8uKmYmJ9jfvosOLPAv4KHvVDuOww79JPUXrsSkemC/AM9tlHycBf4+4R8q9o7aL0MNzB1ZaiBCvgx+Wn54QgktM/V7e4yl4LCtjxbscspYCJFtqjWuC85c4d8p7Gwq3t7+wbO3TGZAx1ETdqKjhecTCJpjlvUIYDZlCkXMtmhB52ntTu9/GBXD5mAdTCqyq5aTAxGbt56LCmM0Z2qjAxVWRdJK93C2dQ4OPzWnvc2IWR2EazOLDep8jSz4XOzUlfQCeKfFsEvUJZJi7BtcgVKBvL+e8SmwZNG+SdCmFFJxoXVmat autossh_config: [] rsyslog_inputs: - name: imtcp params: port: 514 - name: imudp params: port: 514 - name: imrelp params: port: 2514 rsyslog_outputs: [] telegraf_config_d: - name: ping config: inputs.ping: - urls: - ping-home.kill0.net interface: eth0 count: 10 ipv6: false binary: ping4 - urls: - ping6-home.kill0.net interface: eth0 count: 10 ipv6: true name_override: ping6 binary: ping6 - urls: - 10.255.0.1 count: 10 ipv6: false binary: ping4 openvpn_ip_forward: 1 openvpn_config: server: port: 1194 proto: udp dev: tun server: 10.8.0.0 255.255.255.0 ifconfig-pool-persist: /var/log/openvpn/ipp.txt keepalive: 10 120 cipher: AES-256-CBC persist-key: persist-tun: tun-ipv6: status: /var/log/openvpn/openvpn-status.log verb: 3 explicit-exit-notify: 1 ca: "{{ openvpn_etc_path }}/server/ca.pem" cert: "{{ openvpn_etc_path }}/server/cert.pem" key: "{{ openvpn_etc_path }}/server/key.pem" dh: "{{ openvpn_etc_path }}/server/dh.pem" tls-auth: "{{ openvpn_etc_path }}/server/ta.key 0" client-config-dir: "{{ openvpn_etc_path }}/server/ccd" route: - 172.16.0.0 255.255.0.0 - 192.168.255.0 255.255.255.0 - 10.8.0.0 255.255.255.0 push: - route 10.8.0.0 255.255.255.0 openvpn_dh_params: server: dh.pem: | -----BEGIN DH PARAMETERS----- MIIBCAKCAQEAwmTargQ4ki0rYdoPifubzjBWklJXYzsQUU2TbGvuP0ug2weMOA4D XSmlyJFUmSsSEUxDCG5PXcIdvNHISTX2PiUqf3OhCGghxIbAQwbCdqqs/VnZYt0C P/M5DJD4hsF8OTrdDG9b5mK3XmB40o9K3xkptfQvoN1ecjhRQ+zgNZcnkOfd0XFB myPPSBy/9fK6e6N1SnGN7Ao7AJ3VFLpT77hHaW6wZ+hOxWlmjroIlT5FRyvtEATE 2N697E6kWV+1jfyfd8ocu+QfnFbccshJY88OhZ4xddHquFhKMT68TCg43nefQCk7 tnJAVcpUfS6AqhwZRysWNRJfG/NiPsMxIwIBAg== -----END DH PARAMETERS----- openvpn_certificates: server: cert.pem: | subject=C = US, CN = jump0.kill0.net issuer=C = US, O = chill9, CN = chill9 Sub CA notBefore=May 18 01:58:38 2020 GMT notAfter=May 18 01:58:38 2021 GMT X509v3 Subject Alternative Name: DNS:jump0.kill0.net, DNS:vpn-jump0.kill0.net -----BEGIN CERTIFICATE----- MIIGPzCCBCegAwIBAgIQc/QIYhesJteIltoVW79aOzANBgkqhkiG9w0BAQsFADA2 MQswCQYDVQQGEwJVUzEPMA0GA1UECgwGY2hpbGw5MRYwFAYDVQQDDA1jaGlsbDkg U3ViIENBMB4XDTIwMDUxODAxNTgzOFoXDTIxMDUxODAxNTgzOFowJzELMAkGA1UE BhMCVVMxGDAWBgNVBAMMD2p1bXAwLmtpbGwwLm5ldDCCAiIwDQYJKoZIhvcNAQEB BQADggIPADCCAgoCggIBAOsnQorA2CsepW3m/Sv+7H4ngosGHw/t9LfxAdx+og7t LNAZ/CIvO4bSjfkRQtCF3+FX7dXPAgkzL0RgDDRD3e3tt54Vo/solxBfHHhkHaWf JifN8icpkMWukc0pzY+H3XW28rWDYdrBmCkHGoebnf51BcoIJ5mVBMgOE3E86Kih 615NhXg5pF58+Myz5xFdaTOmoj4J0F1ccZGwJWJrkh2YdMGUHH3YSRASP5N2P5Pb mJ0pLo7C3MH3tZ6Nl8K+RUvtwXCBouthkbs0e02HsQFuLEv2f32NMZU7OUB9Vi8N wxUQ0I/2t3T3BaNxFLlEAzjqAzZr5pwOpSasBTbxsglWaYou8DhIwLEUOUzIh/xN kd+9EVymZ2yqYOlWaPvCmgmhZPeqipd3WAPdtHiYxWfgG0obtVh3qH+JI4P0u7Tu Mb8+TcL3tAfyJDkmY7qepdd3zVj0ldcIQ9k9DRu76WE11aXjSl9YYSBvTuHPN6sd 3c+oJ5Ew74hI3AtDf5M6FsqTTdTgkNiqV+f7IRr2+4yip5o4Ez6YZCSSjeUHN9AJ DqVhO3Ar7/vVcq0eFVvUTWVuQD+52sNvCeWh9Skayar2Yw51+gAlh4UGJTR+21jp cnOk4+FT6VOCN/4nmJ9NkwZCCEmj76ygnJ1Ldovc9S8ijf/K103axwweXK9jU3FT AgMBAAGjggFWMIIBUjBtBggrBgEFBQcBAQRhMF8wLgYIKwYBBQUHMAKGImh0dHA6 Ly9zdWItY2Eua2lsbDAubmV0L3N1Yi1jYS5jcnQwLQYIKwYBBQUHMAGGIWh0dHA6 Ly9vY3NwLnN1Yi1jYS5raWxsMC5uZXQ6OTA4MTAfBgNVHSMEGDAWgBSThtPAfR0F GyRrzaVVpnRPYVvpJTAMBgNVHRMBAf8EAjAAMDMGA1UdHwQsMCowKKAmoCSGImh0 dHA6Ly9zdWItY2Eua2lsbDAubmV0L3N1Yi1jYS5jcmwwHQYDVR0lBBYwFAYIKwYB BQUHAwIGCCsGAQUFBwMBMA4GA1UdDwEB/wQEAwIFoDAdBgNVHQ4EFgQUvXkDkHzz QVyDDrfckIPVGVmKjGgwLwYDVR0RBCgwJoIPanVtcDAua2lsbDAubmV0ghN2cG4t anVtcDAua2lsbDAubmV0MA0GCSqGSIb3DQEBCwUAA4ICAQBNhV+pSeuYyo7bL4KU 4u4Q5tqfnqAz67skUhL+T3D5unA3WLg/SlUYUM1qfPolej4J+sFf6HWJrsXeayhR kcork3NlHTjxB9G3aVvG63FJHr0zB9t5whnyepGsmF8lxwK47pXz9CCYEKcsSByD eSBiibCqBaxj4N72yFIuIq5QN4AkXUM+WzIVlC98OqKB/IDtzcTRTBmWmIJIWHuC hr3Emz8s1RNhpsLBlfP2CqsI+RXxGYNS+6VEGnNLRdm+oqa/jTdTyuPQ6TMmNOfx b9JYr41j7Ps0451NzSyWoyxYc8sg58X/t3cPmsx4mgW4qlo9q72kkkKAkiO600C6 pKKcyFVj4i8VakrUOGRf/jWB76X08ub67pShXYW3ItqPP39zZJ6KvFYCOldVyltJ /yP18KtFOnkPJ2VxZD+O3MlHA1RILhach3gCICS/VSaJHuPs4dFaiQrc9MxTkzt0 QikPvNgkprOIj1BU+VtBIM5eInyfFDVM+hRvp7zOoPQRUqwCn6iBkcgYhTD/cgPh 45BsmsOC5Z9NfNlpEzE0u6ObZFcwAp9fg9mPeU/wbW1M8JgcWXjGN37D6gT6cVGk oKUidap16UL6NLgFlIcMSZcfMM0oI2JZyaOCLGvdKmZibpx237SrAnFLYXBJx9Ny cjkBmYeslLjtUPqu9OrqjuiiLw== -----END CERTIFICATE----- subject=C = US, O = chill9, CN = chill9 Sub CA issuer=C = US, O = chill9, CN = chill9 Root CA notBefore=May 17 01:19:29 2020 GMT notAfter=May 15 01:19:29 2030 GMT -----BEGIN CERTIFICATE----- MIIGnjCCBIagAwIBAgIQdRhWyOcUQ+uIEypQfJLvqjANBgkqhkiG9w0BAQsFADA3 MQswCQYDVQQGEwJVUzEPMA0GA1UECgwGY2hpbGw5MRcwFQYDVQQDDA5jaGlsbDkg Um9vdCBDQTAeFw0yMDA1MTcwMTE5MjlaFw0zMDA1MTUwMTE5MjlaMDYxCzAJBgNV BAYTAlVTMQ8wDQYDVQQKDAZjaGlsbDkxFjAUBgNVBAMMDWNoaWxsOSBTdWIgQ0Ew ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCsP549Xs/Dzfw3HHGhDlIT dFun9cqsCmyaXJSMOFZqZSyGJg4WASJRW797lnQlsOfLk7x8fR7I1CkWF9x3KDVi A9MvJTlFgdYGF27LNGP7zo3ZNB99oA+NtHhoIhclprzT4qmHSk6tz31uJV42jNBH km3m4wqH3NlqOqWbkw8nC9yF0/qCz1UyG/wSIQr3UpN5c96WWE3Bt6rKW7vEZ//i t4nDzRV+pttv5O/L5DQdhG01NKD0XxH0q8SocdTPIsDO0ZUQwVFYcxJYB0pPab8V Uk4+bzb8hN+mO2vyO5DK01efiNVfMZ7NDxQXvU6cMs4c+S/BtC9PWO0hR0hJm/hw vg1RdhyfOVATVfviiEG8YQdl8sIHk3qYGdGJyrZHIOlssgnKdeGlLHbYXtHPFAk/ gvZMtR2t0VKXVQR03Yz5llF9okKCAbmHmntLFcM5hHJxEl0phqbLLcBh+130Qb7q K/CRSHnPfzL04KW9cw5b0cNOn728M5Fj2Q8IQvY5m0NYDbaZf0qF34OyixtGIE8n dJupLDSp6KkHlrIfedpgNwi16y5cy4Uw/aTCGcIO/WZZO6Q59R+xlobw8VQc4V/i pqSiQK0wEuDtq9uw7r+GV9BDoxfmbHygeKFV+Ee9UXQ/FMPhItSQTMlFhrci6U75 e+iOnmh3AkldPZ3Z6TpfsQIDAQABo4IBpTCCAaEwcAYIKwYBBQUHAQEEZDBiMDAG CCsGAQUFBzAChiRodHRwOi8vcm9vdC1jYS5raWxsMC5uZXQvcm9vdC1jYS5jcnQw LgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLnJvb3QtY2Eua2lsbDAubmV0OjkwODAw HwYDVR0jBBgwFoAUcUb1TFf68x7gTS4RnYurKV2YeRswEgYDVR0TAQH/BAgwBgEB /wIBADA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vcm9vdC1jYS5raWxsMC5uZXQv cm9vdC1jYS5jcmwwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA4GA1Ud DwEB/wQEAwIBBjBzBgNVHR4EbDBqoDYwC4IJa2lsbDAubmV0MAuCCWtpbGwwLmNv bTAMggpjaGlsbDkubmV0MAyCCmNoaWxsOS5jb22hMDAKhwgAAAAAAAAAADAihyAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAdBgNVHQ4EFgQUk4bTwH0d BRska82lVaZ0T2Fb6SUwDQYJKoZIhvcNAQELBQADggIBAENgGWgn3geR6Ciz9YsE x4594ew+JJ9uiiPoHSUxw95NuVa2WpB1/UZoL93lm3sEqqzR6FYEeP5JWuvlrw4Q TJpzXBo/0Ik5BX2eTcW1HlhXxHV0HnzjKd8eldxDsY78ve46d9DfHLYk4zdn7OVj TLVokJvbL9jEIOfH2OJu8Ow+5jNmKQzmv4aNmG9RHoqDkgBmRgbrWJkhZ9xVqSb4 jKBDsNovLkkW2Xm0RxJVc9B3sE15aDq06UeT1BfCXL7xH1ABjX5tV4LegJUsaTlU EMOyXYdxoEnqKw/f7Qns/lsq6Gzbx+RDXnShBPsrJX/TTcqc/KETu1z6zwxnb4PO uwK1VHUcOB27hA6STfe9HqiJwdSSQG1aFmk+nCN0IqeC7oXS8z27Lbjzx182osAZ F7oLtdctWav9sAo03M3MLapdgzM66weNzdfw7z6vsxE6qxB+4U95IplVAaWCqFfr USrr4BmYi6yD9xbGT8f0diQ7DsA0ki8QPpZD6bzlUoO5pZ+qv49wFh+1wb4gjEYi ReBLvIHjVYL1GPSR1vrCzP+/i0Rhc+8sHgC2lpuUj4E2swBBuHhUsgSpaCcvV5ID qCBR4ak3EYuWzKYJCakhauIW8G7QDhO1XuPKqOk93qRpwZveUFMQjDa2xDEElxZJ utoYQ7uVeeWbAD+clJpc2kky -----END CERTIFICATE----- ca.pem: | subject=C = US, O = chill9, CN = chill9 Sub CA issuer=C = US, O = chill9, CN = chill9 Root CA notBefore=May 17 01:19:29 2020 GMT notAfter=May 15 01:19:29 2030 GMT -----BEGIN CERTIFICATE----- MIIGnjCCBIagAwIBAgIQdRhWyOcUQ+uIEypQfJLvqjANBgkqhkiG9w0BAQsFADA3 MQswCQYDVQQGEwJVUzEPMA0GA1UECgwGY2hpbGw5MRcwFQYDVQQDDA5jaGlsbDkg Um9vdCBDQTAeFw0yMDA1MTcwMTE5MjlaFw0zMDA1MTUwMTE5MjlaMDYxCzAJBgNV BAYTAlVTMQ8wDQYDVQQKDAZjaGlsbDkxFjAUBgNVBAMMDWNoaWxsOSBTdWIgQ0Ew ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCsP549Xs/Dzfw3HHGhDlIT dFun9cqsCmyaXJSMOFZqZSyGJg4WASJRW797lnQlsOfLk7x8fR7I1CkWF9x3KDVi A9MvJTlFgdYGF27LNGP7zo3ZNB99oA+NtHhoIhclprzT4qmHSk6tz31uJV42jNBH km3m4wqH3NlqOqWbkw8nC9yF0/qCz1UyG/wSIQr3UpN5c96WWE3Bt6rKW7vEZ//i t4nDzRV+pttv5O/L5DQdhG01NKD0XxH0q8SocdTPIsDO0ZUQwVFYcxJYB0pPab8V Uk4+bzb8hN+mO2vyO5DK01efiNVfMZ7NDxQXvU6cMs4c+S/BtC9PWO0hR0hJm/hw vg1RdhyfOVATVfviiEG8YQdl8sIHk3qYGdGJyrZHIOlssgnKdeGlLHbYXtHPFAk/ gvZMtR2t0VKXVQR03Yz5llF9okKCAbmHmntLFcM5hHJxEl0phqbLLcBh+130Qb7q K/CRSHnPfzL04KW9cw5b0cNOn728M5Fj2Q8IQvY5m0NYDbaZf0qF34OyixtGIE8n dJupLDSp6KkHlrIfedpgNwi16y5cy4Uw/aTCGcIO/WZZO6Q59R+xlobw8VQc4V/i pqSiQK0wEuDtq9uw7r+GV9BDoxfmbHygeKFV+Ee9UXQ/FMPhItSQTMlFhrci6U75 e+iOnmh3AkldPZ3Z6TpfsQIDAQABo4IBpTCCAaEwcAYIKwYBBQUHAQEEZDBiMDAG CCsGAQUFBzAChiRodHRwOi8vcm9vdC1jYS5raWxsMC5uZXQvcm9vdC1jYS5jcnQw LgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLnJvb3QtY2Eua2lsbDAubmV0OjkwODAw HwYDVR0jBBgwFoAUcUb1TFf68x7gTS4RnYurKV2YeRswEgYDVR0TAQH/BAgwBgEB /wIBADA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vcm9vdC1jYS5raWxsMC5uZXQv cm9vdC1jYS5jcmwwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA4GA1Ud DwEB/wQEAwIBBjBzBgNVHR4EbDBqoDYwC4IJa2lsbDAubmV0MAuCCWtpbGwwLmNv bTAMggpjaGlsbDkubmV0MAyCCmNoaWxsOS5jb22hMDAKhwgAAAAAAAAAADAihyAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAdBgNVHQ4EFgQUk4bTwH0d BRska82lVaZ0T2Fb6SUwDQYJKoZIhvcNAQELBQADggIBAENgGWgn3geR6Ciz9YsE x4594ew+JJ9uiiPoHSUxw95NuVa2WpB1/UZoL93lm3sEqqzR6FYEeP5JWuvlrw4Q TJpzXBo/0Ik5BX2eTcW1HlhXxHV0HnzjKd8eldxDsY78ve46d9DfHLYk4zdn7OVj TLVokJvbL9jEIOfH2OJu8Ow+5jNmKQzmv4aNmG9RHoqDkgBmRgbrWJkhZ9xVqSb4 jKBDsNovLkkW2Xm0RxJVc9B3sE15aDq06UeT1BfCXL7xH1ABjX5tV4LegJUsaTlU EMOyXYdxoEnqKw/f7Qns/lsq6Gzbx+RDXnShBPsrJX/TTcqc/KETu1z6zwxnb4PO uwK1VHUcOB27hA6STfe9HqiJwdSSQG1aFmk+nCN0IqeC7oXS8z27Lbjzx182osAZ F7oLtdctWav9sAo03M3MLapdgzM66weNzdfw7z6vsxE6qxB+4U95IplVAaWCqFfr USrr4BmYi6yD9xbGT8f0diQ7DsA0ki8QPpZD6bzlUoO5pZ+qv49wFh+1wb4gjEYi ReBLvIHjVYL1GPSR1vrCzP+/i0Rhc+8sHgC2lpuUj4E2swBBuHhUsgSpaCcvV5ID qCBR4ak3EYuWzKYJCakhauIW8G7QDhO1XuPKqOk93qRpwZveUFMQjDa2xDEElxZJ utoYQ7uVeeWbAD+clJpc2kky -----END CERTIFICATE----- subject=C = US, O = chill9, CN = chill9 Root CA issuer=C = US, O = chill9, CN = chill9 Root CA notBefore=May 16 17:36:20 2020 GMT notAfter=May 14 17:36:20 2030 GMT -----BEGIN CERTIFICATE----- MIIFOjCCAyKgAwIBAgIQdRhWyOcUQ+uIEypQfJLvqTANBgkqhkiG9w0BAQsFADA3 MQswCQYDVQQGEwJVUzEPMA0GA1UECgwGY2hpbGw5MRcwFQYDVQQDDA5jaGlsbDkg Um9vdCBDQTAeFw0yMDA1MTYxNzM2MjBaFw0zMDA1MTQxNzM2MjBaMDcxCzAJBgNV BAYTAlVTMQ8wDQYDVQQKDAZjaGlsbDkxFzAVBgNVBAMMDmNoaWxsOSBSb290IENB MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAswTensn+vA45WGRp3o/5 LX+wh6PTHAGNluLaZRyUNOg+EunnXAvMBF912D587wLAiC1G9FGOn+8JVws2QITX +U8Y8L2vhnfGQNCQYvqBfJc5PJt3ZZ35to5tdTRJTeVhNWzIA7qOZh8ualFbCDYd m6K74SlfEbvKzS02pYWN6wCVXtGOPl7VoOtjg8cOUX6u1pZpBKQfzq3lgLS2oMp0 VuBJeUMiki/O8nCC10VCXcZ9q4bsUvWH9lJB/IqlKt+bG9TjO+vigb9eOSfaILkM d7NMziP5OQXMjv6NwmJQY7N5TiKWdh9h4G3KS41dr2Oeo+A1FcMEP9nkZb1lX3Ft 9Xzw8jJ99SD36mCEiqndvKA66/pcgMCvPAkkDwoSS+Er4LPcNmY2TVN+mIaF1OaS Dc1EAXUfjnX8mZlclS/AfCg8TIPCc8o6Neg3DECT2j+IC9bgeoLqZLIuzzLNFrG5 aPNhG+24phHqdZvAkdhHWeEh1GS5uMutvV02hF5MrZLz8ou+56feFpUmeuPzQAfR 0Xbz0ot2JdETmcCTcmZBQ+9oP5DIszJt85wCHJ5S5FewUzsXJs1MQue3NLSM5FBS hhOq+w6Pp64aaGKKyPi1GeZ1m31sM6w1yFVTQsqqy28GSjd/fQu55ESQ1sM0UhIo DCUBbNPxycJGh9Ivxii1RqMCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHFG9UxX+vMe4E0uEZ2LqyldmHkbMA0GCSqG SIb3DQEBCwUAA4ICAQCC1jksFZp38JTGFIrNJJ6PgI6xXigtD2Z3KstS1cAIJi/P /3NPu8iTgoyhNiq7a20tojPJGPlumezy3R5twA16UCq8guGFVEEEkJX+wOM0T4p0 jwtcMOeA6GchzS3+u74kk8oIvvw41K5gU2VU/W2axxnejt/HQMAYaMsD/zcNPXrP oHAgEP5i7G7fX0FXqERnLU9lgbtTTTuszBnZHIdaUKSoK0Oji46y15pEdhxkVB6t /BiNPAYM1Pc/Hi366eb6yuY8eJCK94QMQBvYpIjNwThAKclFh8n62KF6gXqj7Hcu UQr1Z55KOuAlAM7fIBsqL4G2Ihs8yBeJe4YZrkdBqBzpJwOYNj7IsUnxgXYQpkVQ u5coTbrB8w4Mw8ak+L2McMAYhG5FIndy9GAFEEanrmyiHJW96MHqTD1xY9TyvdN/ Kt/lsYt0W/y6jknv7hU9uP4X/xkZk8z1D+m4jZHRQpnUPL1eSOUPSJ0t+68GQUVJ NJFmTx/qv1/9lXNy40jecX6sO4ZPLoQydMjwRmSerxki7MP4gxGNuBEpOvoj+ABM MBlD7BhUn5++BZQOLUU+JYr5kNi0WmFFN1v2SpoMyDydTgA+cJsS/TiOeMrY9Szs ZEFa3PSiA1fP03SRKC9tqjc7d6vQU0fE93wzcUCgyyf5mln6NV7cxOfDJNO8gA== -----END CERTIFICATE----- openvpn_ccd: server: fw0: ifconfig-push: 10.8.0.16 10.8.0.1 iroute: - 172.16.0.0 255.255.0.0 - 192.168.255.0 255.255.255.0 mine0: ifconfig-push: 10.8.0.17 10.8.0.1 push: - route 172.16.0.0 255.255.0.0 "Ryan Cavicchioni": ifconfig-push: 10.8.0.200 10.8.0.1 firewall_teleport_node_enabled: false firewall_teleport_proxy_enabled: false firewall_teleport_auth_enabled: false teleport_service_state: stopped teleport_service_enabled: true teleport_roles: [ auth, node, proxy ] teleport_config: auth_service: cluster_name: main enabled: true tokens: - "node:{{ vault_teleport_static_token }}" - "trusted_cluster:{{ vault_teleport_trusted_cluster_static_token }}" teleport: auth_token: "{{ vault_teleport_static_token }}" ca_pin: sha256:4ef484a5949aadedf983bc1f1d43f6f31356ca37f9608267424ddc0d9b68e010 auth_servers: - "jump0.kill0.net:3025" proxy_service: enabled: "yes" https_key_file: /etc/letsencrypt/live/jump0.kill0.net/privkey.pem https_cert_file: /etc/letsencrypt/live/jump0.kill0.net/fullchain.pem wireguard_iptables: wg0: input: true wg1: forward: true nat: source: 192.168.255.0/24 out_iface: eth0 dns: true wireguard_peers: wg0: - comment: mine0.kill0.net public_key: Cm9yZNczjghAh4hV4fSvy3rsmuLsQFZk+ET5CoWxVnI= #endpoint: "{{ lookup('dig', 'mine0.kill0.net./A') }}:{{ wireguard_port }}" endpoint: "mine0.kill0.net:{{ wireguard_port }}" allowed_ips: "{{ hostvars['mine0.kill0.net'].wireguard_interfaces.wg0.address }}" - comment: vpn-home.kill0.net public_key: j5AgKWcXx8we7QVkt6//oQWsGfXj+5IJKt9mx0EpTW0= endpoint: "vpn-home.kill0.net:{{ wireguard_port }}" allowed_ips: 172.16.0.0/16, 10.255.0.2/32 wg1: - comment: pixel-2 public_key: GzQOU0x1POvkY4+6smBGkE/B1XytoVxIJa6zGX8j6Bc= allowed_ips: - 192.168.255.16/32 - 2600:3c00:e000:343::10/128 - comment: work laptop public_key: TRT1SRQd3mFJDJK9tdglqsydXJmkzyrNdUOm4nr7M3k= allowed_ips: - 192.168.255.17/32 - 2600:3c00:e000:343::11/128 - comment: home workstation public_key: ISvgu8zZWjmKyKrJi2mbqoJg2mrvIjPbQRs0Sp+dLzc= allowed_ips: - 192.168.255.18/32 - 2600:3c00:e000:343::12/128 - comment: rick public_key: oFJcRhs7tQ4vPHTjbKwwWirpjx9T9ng7PFj3+iAVYWo= allowed_ips: - 192.168.255.32/32 - 2600:3c00:e000:343::20/128 unbound_interfaces: - 127.0.0.1 - 192.168.255.1 - ::1 - 2600:3c00:e000:343::1 unbound_access_control: - 127.0.0.1 allow - 192.168.255.0/24 allow - ::1 allow - 2600:3c00:e000:343::/64 allow