--- # Inventory File for Two-Tier VPN Architecture # # This inventory includes: # 1. ValleyForge - Admin control plane (deploy first from local machine) # 2. VPN1, VPN2, VPN3 - User-facing VPN endpoints (deploy from ValleyForge) all: children: # Admin Control Plane # Deploy ValleyForge FIRST from your local machine admin_control_plane: hosts: valleyforge: ansible_host: 185.112.147.186 # ValleyForge public IP ansible_user: root vars: # ValleyForge-specific variables # Admin VPN network for infrastructure management wg_network: "10.100.0.0/24" wg_server_address: "10.100.0.1/24" # Admin VPN users (your infrastructure team) wg_peers: - name: gozer - name: admin2 - name: admin3 # Firewall: Initially allow SSH from anywhere, then restrict to admin VPN vpn_only_mode: false # Set to true after admin VPN is working # Repository to clone on ValleyForge valleyforge_repo_url: "https://git.hacker.supply/valleyforge/resist-vpn-infra.git" valleyforge_clone_repo: true # User-facing VPN Endpoints # Deploy AFTER ValleyForge is set up # Deploy FROM ValleyForge server vpn_servers: hosts: vpn1: ansible_host: 185.112.147.205 # VPN1 public IP ansible_user: root # vpn2: # ansible_host: 203.0.113.11 # VPN2 public IP (CHANGE THIS!) # ansible_user: root # # vpn3: # ansible_host: 203.0.113.12 # VPN3 public IP (CHANGE THIS!) # ansible_user: root vars: # Common variables for all VPN servers ansible_python_interpreter: /usr/bin/python3 # ValleyForge public IP (for firewall rules) # IMPORTANT: Change this to your actual ValleyForge IP! valleyforge_public_ip: "185.112.147.186" # (CHANGE THIS!)