61 lines
2.0 KiB
YAML
61 lines
2.0 KiB
YAML
---
|
|
# Inventory File for Two-Tier VPN Architecture
|
|
#
|
|
# This inventory includes:
|
|
# 1. ValleyForge - Admin control plane (deploy first from local machine)
|
|
# 2. VPN1, VPN2, VPN3 - User-facing VPN endpoints (deploy from ValleyForge)
|
|
|
|
all:
|
|
children:
|
|
# Admin Control Plane
|
|
# Deploy ValleyForge FIRST from your local machine
|
|
admin_control_plane:
|
|
hosts:
|
|
valleyforge:
|
|
ansible_host: 185.112.147.186 # ValleyForge public IP
|
|
ansible_user: root
|
|
|
|
vars:
|
|
# ValleyForge-specific variables
|
|
# Admin VPN network for infrastructure management
|
|
wg_network: "10.100.0.0/24"
|
|
wg_server_address: "10.100.0.1/24"
|
|
|
|
# Admin VPN users (your infrastructure team)
|
|
wg_peers:
|
|
- name: gozer
|
|
- name: admin2
|
|
- name: admin3
|
|
|
|
# Firewall: Initially allow SSH from anywhere, then restrict to admin VPN
|
|
vpn_only_mode: false # Set to true after admin VPN is working
|
|
|
|
# Repository to clone on ValleyForge
|
|
valleyforge_repo_url: "https://git.hacker.supply/valleyforge/resist-vpn-infra.git"
|
|
valleyforge_clone_repo: true
|
|
|
|
# User-facing VPN Endpoints
|
|
# Deploy AFTER ValleyForge is set up
|
|
# Deploy FROM ValleyForge server
|
|
vpn_servers:
|
|
hosts:
|
|
vpn1:
|
|
ansible_host: 185.112.147.205 # VPN1 public IP
|
|
ansible_user: root
|
|
|
|
# vpn2:
|
|
# ansible_host: 203.0.113.11 # VPN2 public IP (CHANGE THIS!)
|
|
# ansible_user: root
|
|
#
|
|
# vpn3:
|
|
# ansible_host: 203.0.113.12 # VPN3 public IP (CHANGE THIS!)
|
|
# ansible_user: root
|
|
|
|
vars:
|
|
# Common variables for all VPN servers
|
|
ansible_python_interpreter: /usr/bin/python3
|
|
|
|
# ValleyForge public IP (for firewall rules)
|
|
# IMPORTANT: Change this to your actual ValleyForge IP!
|
|
valleyforge_public_ip: "185.112.147.186" # (CHANGE THIS!)
|