WireGuard all hosts

This is meant as a internal authenticated and encrypted network which we
can use for internal services, we don't want to expose to the internet
or when encryption is desired but not easily implementable.

host_vars/accounts.archlinux.org

@@ -1,2 +0,0 @@
----
-filesystem: btrfs

host_vars/accounts.archlinux.org/misc

@@ -0,0 +1,4 @@
+---
+filesystem: btrfs
+wireguard_address: 10.0.0.16
+wireguard_public_key: 8CbVXc2+FllLpZb/sv/csHzqaOOsasJlV0gmkIzhBXo=

host_vars/accounts.archlinux.org/vault_wireguard.yml

@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+33323763616365653362633239316230356233346361653863363765383130303035386333643832
+6637323065373731633063333065383461613537383462630a336561616238643339353366373061
+36316264303337336462653330623236316434663364616434373531393139343237623235343731
+6630623763376636360a393064373336333135323938646462303938386430383033323131346165
+37663532343234366533353065663731393764323833393065383835303163666234613834633830
+32363133646239316163343464643364313135643263333666383633356130363162336338633231
+32336639626138383532333532343839613161366133616232303030346430656438383639383333
+66626231326564313630

host_vars/america.mirror.pkgbuild.com/misc

@@ -14,3 +14,5 @@ system_disks:
   - /dev/sdb
   - /dev/sdc
 raid_level: "raid5"
+wireguard_address: 10.0.0.27
+wireguard_public_key: aC544PuXq63LgIeOvVD5dw++9XJE47YKUqeRw3ol0Qo=

host_vars/america.mirror.pkgbuild.com/vault_wireguard.yml

@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+30316462376531623136316535643161623535663533376130663738646436633339336135363030
+6138666365643535376161373732346263343237373865380a333035343065623366663630623762
+37646339666230643763313262353362613833303739623530663062653936616434353538313736
+3430633630663762310a623361353137613535303265313365323832643038383731323766633031
+65623863343039333064613536373338376263333433633766366438306639366464383234303334
+31343233386464623137313661376637663562663161656662343563323564613331363861326363
+33623161653962626632303937616437656234623934336165646433376461633034343565306636
+30306464333861613636

host_vars/archlinux.org/misc

@@ -11,3 +11,5 @@ fail2ban_jails:
   postfix: false
   dovecot: false
   nginx_limit_req: false
+wireguard_address: 10.0.0.1
+wireguard_public_key: 0Vx7jfWinpTPHKPxvmKtZlp3hcLebawz+vQM8EIEm1k=

host_vars/archlinux.org/vault_wireguard.yml

@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+33396138393732366231323839666464383363356230393034653837623739666463633165613562
+3038656463616662356637353031633366626263366132630a326561366130393361356663353265
+63333162633432653262313663643931323839303064343663333964653964316631623463303464
+3466613661643264340a323634306365626133336364623562343662356666363135396639323562
+65353932656133373161616431353030646232613230636236323132663539373038386134656439
+31666164343136643065666261393632376135333763323036363630653336323466633835613061
+31373663626265663736666639346531396130336564376561353866663331643139343363346137
+62663431366662646239

host_vars/asia.mirror.pkgbuild.com/misc

@@ -14,3 +14,5 @@ system_disks:
   - /dev/sdb
   - /dev/sdc
 raid_level: "raid5"
+wireguard_address: 10.0.0.26
+wireguard_public_key: Bvia4T68/PCa01MSg+wclUJ1rJ5Hth9khui3y3Tr5EM=

host_vars/asia.mirror.pkgbuild.com/vault_wireguard.yml

@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+33323264633434383735333239373530343739393265333232346364373231653235306434643362
+6637643163343432353631383864313933656461363664610a356533303134343463346261303534
+37346261383837313739396663393061653366623461363636303332383764386138343662623434
+3732633633653835380a626663346139366662353465656131626361373535633664633130323465
+61333364393033613963333231616164623363306463613463333265353038336362366134656533
+36666363303931313565656165353932656436623064346134336364656263313962326166373633
+39366163643734626637633330616361623963373261306234613933653862653732653037373663
+39373433313638333932

host_vars/aur-dev.archlinux.org/misc

@@ -1,3 +1,5 @@
 ---
 filesystem: btrfs
 memcached_socket: "/var/run/aurweb.sock"
+wireguard_address: 10.0.0.3
+wireguard_public_key: E4wLmumdWE1oVjWxPL5FU+BiuPxPdJa6K0wLZVlC0ys=

host_vars/aur-dev.archlinux.org/vault_wireguard.yml

@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+35373338643430383735666136303462623436376563373865613234336666303166616434333062
+6266353665626536613135303662316165303933336338360a383665313933613532306266306265
+62633635613337306230623866666635616561613162386463653038643533396465373532613731
+6637363030396430380a613137623063666166393733363835323232353131396534326432616230
+64353532633266396264356461313533313838666166633436343839663532346336323036663461
+64613063643764633330383962646665613931303262306232323931353137396635316662623331
+62356530616466346239316262653037306635613363316634383738336166306664643366623664
+36386336383837623130

host_vars/aur.archlinux.org/misc

@@ -1,3 +1,5 @@
 ---
 filesystem: btrfs
 memcached_socket: "/var/run/aurweb.sock"
+wireguard_address: 10.0.0.2
+wireguard_public_key: TPLeGQ7qU6ZNtcgDbEV0SSYScvK+XS5igcPdGSXo6UA=

host_vars/aur.archlinux.org/vault_wireguard.yml

@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+35363236323535383430323830613237333164626435346232383939313331383762393734373563
+3931386663623766333861363632646561343363343939650a333134663238346663666235646239
+32376162333866343336636338346530373062656261313337663463633566643134353930313266
+6332313361353561360a383136666164363762383934633263643634373131333566616137646363
+36626538393565353730623632643363393433333464313430386265666434663031613263326333
+66303134646332316336303436343165303162623536383236633138333364343262396537623036
+32616631393963623066353261653236343065356136653662613962626138666436346433336261
+32373837363436666234

host_vars/bbs.archlinux.org

@@ -1,2 +0,0 @@
----
-filesystem: btrfs

host_vars/bbs.archlinux.org/misc

@@ -0,0 +1,4 @@
+---
+filesystem: btrfs
+wireguard_address: 10.0.0.17
+wireguard_public_key: i65GF9BaoTDvTXLJBpZWbuu2jV3F2mc0tH16Y6cQY1g=

host_vars/bbs.archlinux.org/vault_wireguard.yml

@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+30313339663933346136303730396535623437363431643439643163383638336366393961356537
+6135306633366235343262343462643565343633353236660a333432653666626564613134313233
+39396335383536303263353436653265373163393439636639383030633630636161653165306238
+3630393533383231340a623466396335306538656535386233313633623836336332666331323230
+33386631626430306431373035306261653964613064666462303132316537663664643263373833
+65656565306233323464373365656661626431373136663539363239663037363836393262643932
+37653064633534666539656666303434396163326666636161653363636365386661626232333138
+31626630363439346461

host_vars/bugs.archlinux.org

@@ -1,2 +0,0 @@
----
-filesystem: btrfs

host_vars/bugs.archlinux.org/misc

@@ -0,0 +1,4 @@
+---
+filesystem: btrfs
+wireguard_address: 10.0.0.19
+wireguard_public_key: Y5sWHwa/Hy6A7ga6lOU8uD/i/ZHZEBlkw2EW/CFE4ys=

host_vars/bugs.archlinux.org/vault_wireguard.yml

@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+30393733656630383333323036613031653966633339653535623763303031663335353535386633
+3061316664646533343765633766653337373736343236630a383566393435396138613363383937
+30313137643061643034653835343935353438646236393066636631376464386664623436383932
+3937333264303436310a326664633066333735646365333561346134353862393930303433346266
+35373936393337343530383966373636366239653437303466393465376339396432376339616538
+64373463393665323732663930666265343764346232636535393866323036323466336633346338
+65343638636566353264653930656638343032343539303763306461306363303865373836363331
+65313837396133323539

host_vars/build.archlinux.org/misc

@@ -12,3 +12,5 @@ system_disks:
   - /dev/nvme0n1
 
 archbuild_fs: 'btrfs'
+wireguard_address: 10.0.0.18
+wireguard_public_key: /P8QGSFgvRETkYdsvAtNQWWT3pE7FpouCz+x1N4yIm4=

host_vars/build.archlinux.org/vault_wireguard.yml

@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+31396131356132383730343334323834623361633934373162346361366631306163383636356633
+3938336234613135353362643463306437303961313466630a646464376262376330373761633435
+62373031616661653533363536383136646231323566366663316363353439663534383331353934
+3330333130653839390a353035393062353364356264333063393461313135343233653462626136
+37623039623037303064356162313665366331666635356530633038336631643166373233333366
+65653161303666306337346435383837323966626665623863323866393339343963373863626336
+36633330373735643632383962376265323538393562373433373466323163613635353438643862
+30323131663936653134

host_vars/dashboards.archlinux.org

@@ -1,4 +0,0 @@
----
-filesystem: btrfs
-ipv4_address: 157.90.255.107
-prometheus_domain: dashboards.archlinux.org

host_vars/dashboards.archlinux.org/misc

@@ -0,0 +1,6 @@
+---
+filesystem: btrfs
+ipv4_address: 157.90.255.107
+prometheus_domain: dashboards.archlinux.org
+wireguard_address: 10.0.0.33
+wireguard_public_key: lLZtvFIrmtUXRXmw+qQC8LZ00NzN1wlvcI4grNWt2lE=

host_vars/dashboards.archlinux.org/vault_wireguard.yml

@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+32316238313666326461626231613030353366386164303430623436363762396564363738356266
+3433653635376539393737663535356234343066626439340a323031393966373963313438393663
+30383339326336346237313564643238303561363430336530356663323963393365646365383763
+3633386165623532660a333863386535656237343431623730373539366664306237613532393565
+37646132656639343862653637623031633965363437653664623635363534373464326439373562
+65656230306233326538616533653634343163626665356536653565356162363035653564366232
+65643164353365633931666433613733306265393033353437643263373839383035663764363935
+32626263386661623136

host_vars/europe.mirror.pkgbuild.com/misc

@@ -14,3 +14,5 @@ system_disks:
   - /dev/sdb
   - /dev/sdc
 raid_level: "raid5"
+wireguard_address: 10.0.0.28
+wireguard_public_key: rg3PyaA3nXNZt2C8l4tvzMiTOT47a/jU11WR3EzU0Co=

host_vars/europe.mirror.pkgbuild.com/vault_wireguard.yml

@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+36323530653365303339343530633765373330636163663035633534303332373033616137326439
+3232663238353661386533383364613765653333616561610a646431383362646666306436366661
+66653865633834656135643764656133373931373833386662393266636438626135636135613339
+6634356364313835350a303837313139323263396438613665383736343461396161373035316532
+32626531613638313563653766623763386332353766643131336466623566666466393630623635
+30633532643737646635313630636462313335326630326430386136366363353334356563346262
+33626136363732313036373433383466346235393865623239326566313535346237363339396635
+31363733333965393738

host_vars/gemini.archlinux.org/misc

@@ -17,3 +17,5 @@ system_disks:
 raid_level: "raid6"
 
 archive_domain: archive.archlinux.org
+wireguard_address: 10.0.0.20
+wireguard_public_key: 6foPuhPBEUi+tPP7PjFT1nKpEksyyqT8zAX+yOjWDVo=

host_vars/gemini.archlinux.org/vault_wireguard.yml

@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+65393031333063396465303139613939623236396233326261323265626133313630636436373934
+3837366263646666303131663637666230393334333836310a636463633730373234656431303462
+64343537613663343432653661373732326535363361333037306365383631326536353835323238
+3337623762633732650a343139616436323162383730636538663536346164656233666335363531
+62643838636236323762303263316139306130666534386237653834623632306536366530383433
+62646166316266333831343637303463643935373437623036613632373138633866643562653832
+64333263616637333561656131373635313136393938633230306264666538396139343435353762
+61636131653564623661

host_vars/gitlab.archlinux.org/misc

@@ -2,3 +2,5 @@
 filesystem: btrfs
 gitlab_backupdir: /srv/gitlab/data/backups
 additional_addresses: ["116.203.6.156/32", "2a01:4f8:c2c:5d2d::2/64"]
+wireguard_address: 10.0.0.5
+wireguard_public_key: EbZisS0fwM6B8Nkugy1lyox+A8L13hniucVIPVCK5R0=

host_vars/gitlab.archlinux.org/vault_wireguard.yml

@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+36336564373231613339326361383934653537653534656639376133326238663965633135353266
+6331303335636232356237326362383566613632646237650a393536363063613732616666353164
+30643636376330373033323366663337393232353062666330613161643763313537643165623533
+3766303365626265310a366333383863376530373861313063396430643738346662636536363936
+31386138386362303465616664366639323439323064346235653137323266623062653763613834
+31666530323236366466616431653736333332346266666633376233626439663264376536643461
+37333739386266336634653438366339666133353064373339313761356135313662636365663334
+65616337663531336435

host_vars/homedir.archlinux.org

@@ -1,2 +0,0 @@
----
-filesystem: btrfs

host_vars/homedir.archlinux.org/misc

@@ -0,0 +1,4 @@
+---
+filesystem: btrfs
+wireguard_address: 10.0.0.13
+wireguard_public_key: 0MrXhX6fmtetZ1Rnu93+rQ8yWgOmxrwyY/hXSsy98FI=

host_vars/homedir.archlinux.org/vault_wireguard.yml

@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+30343332326135613735616630323036646334643238393634666563323936343934656433396161
+3936613433346639336231613930636562363832366464640a623836343162323739333335323036
+31643366326366663366306666323139626335666532643436316564373264643533323237366165
+6636363865643334630a373431373236656261366539646565356636653765346434353036323333
+31343339393262343739616662616235643230613530346330366236653238316662656463613639
+30303338626666663037396661653132353531323836336162363432346364343730303835393635
+61383736356233353736363462333632333463313231613362343938623338396135633737313839
+34623634333935303333

host_vars/lists.archlinux.org

@@ -1,3 +0,0 @@
----
-filesystem: btrfs
-ipv4_address: 95.217.236.249

host_vars/lists.archlinux.org/misc

@@ -0,0 +1,5 @@
+---
+filesystem: btrfs
+ipv4_address: 95.217.236.249
+wireguard_address: 10.0.0.34
+wireguard_public_key: t6Er4qAMe/lWNnAByWdXhbUwXKYfj9CkkJgMp28UQl8=

host_vars/lists.archlinux.org/vault_wireguard.yml

@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+30356338396364333231613238656433373562613936633837623136366633396665363330373137
+6565326632323834623532613235303861366436363564620a323363303761333161666663663466
+64623361636638643565396634653033666666363130623163343730366337383231336139623261
+3865623264653563350a306230393265396632343664646336316630663163363530306666383837
+62373035306231626461353334393935396661303162633265396132666132663536313062373538
+35383935333761323733383264333538623063646538316137353732636164666661653933396362
+61313930656238343866656661343036306136393033353163306339636330313235646630626530
+39326339326137376230

host_vars/mail.archlinux.org/misc

@@ -11,3 +11,5 @@ fail2ban_jails:
 ipv4_address: "95.216.189.61"
 ipv6_address: "2a01:4f9:c010:3052::1"
 dns_servers: ["127.0.0.1"]
+wireguard_address: 10.0.0.14
+wireguard_public_key: +RJ/ZNRmw2uCHxSjJZHftk7lWUl5nJ6VSZww8GPwhEI=

host_vars/mail.archlinux.org/vault_wireguard.yml

@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+38396238623261393535393638366230386563663339363064396239303463656536303334393066
+3665373931353031353934383763343133306530323439330a633235633534356662363038303738
+32363565613037633532363830303639366563323939636239613231393739363461383438666665
+6261656134363135610a373636393038366361393336366363653335646234656662346333333630
+65616235313863646433653536633536306361626331626665333562656132336434343637333139
+38623666336336306632363839623937653436336431623231303435363665373465653139336463
+30316262303864623335623837613933336561663436343331333837656466643639353939386664
+32616663303163616262

host_vars/man.archlinux.org/misc

@@ -5,3 +5,5 @@ fail2ban_jails:
   postfix: false
   dovecot: false
   nginx_limit_req: true
+wireguard_address: 10.0.0.32
+wireguard_public_key: PkAuiYdsDs4eI9JytK8MUCK1umDblQHg1SH+Z80zs30=

host_vars/man.archlinux.org/vault_wireguard.yml

@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+30353562373861623035343865306463663663636631633533393535316335363866396430313832
+6530363163656633663332353462613761663035363133310a326531663730303138656265653131
+39643362643066343664316564333035623439643566353538656338623233333132396465633466
+3663393534623766620a366532336565633665346433333133303130353334376335646363646163
+64383230373464373764643133643161336264393934383962353662343261303965353139343430
+62383835333562626430663431376638323534363735643036633664616136373739326136376264
+63363337343932353635306232366162346561343133663430313635316536396162386166363732
+33306330663239363665

host_vars/matrix.archlinux.org

@@ -1,2 +0,0 @@
----
-filesystem: btrfs

host_vars/matrix.archlinux.org/misc

@@ -0,0 +1,4 @@
+---
+filesystem: btrfs
+wireguard_address: 10.0.0.15
+wireguard_public_key: QWkTL58mJd0+Lz5AvGVmbdSSk29y/W60WUdhTgyGLCk=

host_vars/matrix.archlinux.org/vault_wireguard.yml

@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+65373066316239376138383430386530343036303137383361363738356166303463643035336534
+3364393039343135633265353937383866303263313530330a333134356665623238363463363534
+31356462393438303737636231336666386535356635653138366338393530633763396436626630
+6635636464633537610a663039396264336432393232633163653138633862643530643839326536
+37373339353538306638303339623566623164653832333831386538613034343534313731356166
+32383333333131343037366133386138353262353061383531373765393439376238626338393531
+65346337393233653338646663303633393965373438636530346266663130343530386336396139
+34366262326138643662

host_vars/md.archlinux.org

@@ -1,2 +0,0 @@
----
-filesystem: btrfs

host_vars/md.archlinux.org/misc

@@ -0,0 +1,4 @@
+---
+filesystem: btrfs
+wireguard_address: 10.0.0.31
+wireguard_public_key: eCIzf+ckdWPvJYjNaxdlLRH9kq9mfJZswA8KwCmtJgQ=

host_vars/md.archlinux.org/vault_wireguard.yml

@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+30356136643164646266366536663932326536356132373763303364643762666433656435343033
+3734353332633866363031623831306432313565616464640a326238656163386534383762653335
+35653766323363343863613265666164333563386664313431303134663564333465343935613265
+6331633364616165610a656136616338343038373566376638623965653764343937636430623564
+32383438393537383034633665383062636138326663623435616565393539646137653736363539
+34646631393964313666383039623031663938343066393936393237313633336666656433353832
+66663033616133616333356238386338373363666430336263356533306165303236613261363161
+34383263623230356634

host_vars/mirror.pkgbuild.com/misc

@@ -7,3 +7,5 @@ ipv4_address: "78.46.209.220"
 ipv4_netmask: "/32"
 ipv6_address: "2a01:4f8:c2c:c62f::1"
 ipv6_netmask: "/64"
+wireguard_address: 10.0.0.12
+wireguard_public_key: auE2J1+MYo59uZIwADncjCfSX7/Q0YdvmG+CVIgvtgo=

host_vars/mirror.pkgbuild.com/vault_wireguard.yml

@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+37653134356362333735633438663031313830356165306335316266613535316431643033346266
+3930663733613166343564306164643136383933336637630a333730373039383939313262313237
+66333434616638373537666339613530386463366635343433613936613739663962386162353461
+3933373038323935650a316332313835613836353361386138656632373131343131633865653433
+35623566646130303864623163303364663663353439306130646437363961336232386336336261
+31653030653732613330613031656238333736346664353635623963656537313764323035623833
+32626163393235376434363330633562363931383535656462656665356533373630343537333162
+34386636613431353763

host_vars/monitoring.archlinux.org/misc

@@ -1,3 +1,5 @@
 ---
 filesystem: btrfs
 ipv4_address: 95.217.220.31
+wireguard_address: 10.0.0.4
+wireguard_public_key: LR3lPa9ABwUkvbm3NqdxeAqX+NOG8FpbICG/+1Ra5lg=

host_vars/monitoring.archlinux.org/vault_wireguard.yml

@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+63643864656332633231356361366265386330656137363764613763626262323762613765393639
+6533356361343062373664383534383333383535613430370a313936643437646134396663366535
+61313364623732393864373230383164333532306235666130613761383035376236343763303131
+3364393437313339350a353964336464623738613731326666366435386132303232333262623335
+63353332313037633563646537653438306531616161636663656662316464663063303239363634
+38623039623836633134623836646161663838623462656236363231346437646562353831383935
+64396364373037393332323861303233376237326538613534653631626334346434303461373338
+65636563643731373939

host_vars/patchwork.archlinux.org/misc

@@ -10,3 +10,5 @@ fail2ban_jails:
   dovecot: false
   nginx_limit_req: false
 
+wireguard_address: 10.0.0.23
+wireguard_public_key: DVeDuKQKf4FzfgS8hp3iZj1tD7gi3SJm8GqDfA+XZn4=

host_vars/patchwork.archlinux.org/vault_wireguard.yml

@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+64333433393562363961663030376336616636383433633639346463656633396233323939633161
+6463623464623533343162613738656363653233336463300a333634326263353865333134303835
+34663464363166316131373835326439623662343661373235333261663061396363383966653963
+3836326233313832640a623262393561316466303332393839643438313762616434343866316264
+37323561613234633130613863326530316136613362386636313034666637353330633539653234
+36353363393565653834373631326339663762666463333637323233303135653630306363373162
+30393366323931663464666561646266373166326636656366323831333131356261363638393231
+32636164616637643632

host_vars/phrik.archlinux.org/misc

@@ -8,3 +8,5 @@ arch_users:
     groups:
       - tu
 arch_groups: []
+wireguard_address: 10.0.0.9
+wireguard_public_key: ETzZyW9HAwDmJffZOiLH+DF+wl7bR37NYDEtn/zm+hk=

host_vars/phrik.archlinux.org/vault_wireguard.yml

@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+32656662326630313831356139366466663166376130613430616262373534633166666163363230
+3534613335663264383064316639643761643563643565620a316231646462646465636635343164
+62303737623663333762656632613930666164353661626134326461646137323337666139303634
+3037376139653062320a393635623332346330383961363733663363326263393234353163613564
+39646264336664626634303934306135663031323532303239396234396330623338326665303336
+35353261643462373038666366353134323832343336313337633965646431306435643036643432
+38643966323264303066306464316362613263316136633432643033383266323964376162636337
+35386238623531646433

host_vars/quassel.archlinux.org

@@ -1,2 +0,0 @@
----
-filesystem: btrfs

host_vars/quassel.archlinux.org/misc

@@ -0,0 +1,4 @@
+---
+filesystem: btrfs
+wireguard_address: 10.0.0.10
+wireguard_public_key: 4SFiwJRHbGSDtEypEDhS6ar2jmwfBwthPSGHZ8XShXY=

host_vars/quassel.archlinux.org/vault_wireguard.yml

@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+33636638333066356431343838623962633836623666653839333836353633383761653430633236
+6265626635376236363365666235323839636634353235390a303738313061303661623132323236
+30363436316465376431333661306534356334313431396664646464653330383461666238623264
+3136393965343532320a333631353439383434336263353664386139353230633038626266313131
+33653534626562663065333262323364643962323264633839373164656163383030326264393434
+37343563383034663933623163346263663433633736376232386339386339656333373736616135
+30616638656161623232636337633636396232323363656162323166646139646633616261356163
+65626262353964313164

host_vars/redirect.archlinux.org

@@ -1,2 +0,0 @@
----
-filesystem: btrfs

host_vars/redirect.archlinux.org/misc

@@ -0,0 +1,4 @@
+---
+filesystem: btrfs
+wireguard_address: 10.0.0.25
+wireguard_public_key: n11Ps2sc0Cxsi1sLaYFq7dkhlDtTnOZCGovRYbzDGR8=

host_vars/redirect.archlinux.org/vault_wireguard.yml

@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+38383865396661663065313039333236336262643966333431663363613462393538373336613063
+6238343362303664303262373135373536323166383530630a656639373835333037326638303538
+32616131323438633464656233636461656139393734653731373933326666386539333162346530
+6165343632613931610a363561363734633264643631346265383462353565633436646439616536
+37633863623563316364643530616461623531636462373766356239343139323463653338386431
+61653530346564303435663735303531643131386638633032363864363132383834626532623966
+65363665356461666364333465653832636565643835373136376634333132373531666165653132
+37646430343637336666

host_vars/repro1.pkgbuild.com/misc

@@ -16,3 +16,5 @@ configure_network: true
 rebuilderd_workers:
  - repro11
  - repro12
+wireguard_address: 10.0.0.21
+wireguard_public_key: ajhueWT62CpFWcO89uQB2bvouM+7pcFGTELoE6nc9DM=

host_vars/repro1.pkgbuild.com/vault_wireguard.yml

@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+61643561323731613730376231656163656335623032363335353433306538383261663935323163
+3135633763393631303862306336623264613764663231300a363434393736636561623431623763
+66373638373133356464613566643362623065336131346631353931623530633466326362396235
+3137613364326435610a633262643836383233303439356636323130653766656462303938656365
+66323130393666653530323261633736313035356435623663353333633537626361326339316332
+65643431323231366338376338626536393266363763633365386436663031346136316363333037
+66316636363864303734616534366437633530333366336661363965313333306561376433656536
+37663762633666633036

host_vars/repro2.pkgbuild.com/misc

@@ -20,3 +20,5 @@ rebuilderd_workers:
  - repro22
  - repro23
  - repro24
+wireguard_address: 10.0.0.29
+wireguard_public_key: PQDUQxGH6n3PY/dqlDk6DsSV5XBYQvJWJbVJldEuYic=

host_vars/repro2.pkgbuild.com/vault_wireguard.yml

@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+63333630393633666136626330353132373030376661313230646461643363303437393539623030
+3063616536373038613064366538383463616136646134310a316539383338623737326238333361
+65623337373637653139633637373534306363666335383263393630346437643965303862303930
+3039383936616534300a623433373066366538363132626235663964623439333435653837383337
+37653638616238653166616362613232663766643437383564383139643235666235666361306463
+66373539363030643761643064663531616432633666663931633930666530663736323935636334
+33366564623633326331346566663730323763643665393933656466393563613961653665633664
+63316230326632326532

host_vars/reproducible.archlinux.org

@@ -1,3 +0,0 @@
----
-
-filesystem: btrfs

host_vars/reproducible.archlinux.org/misc

@@ -0,0 +1,5 @@
+---
+
+filesystem: btrfs
+wireguard_address: 10.0.0.6
+wireguard_public_key: F2X4lMxdET35mceNtRVqSxVVbwEUVey5IjveG0yHJ0Q=

host_vars/reproducible.archlinux.org/vault_wireguard.yml

@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+66333666343239333332333131393430363739373462306337353039666162313034336165326336
+6235343465633963633331666438323462656666393739320a303966613934613137346434636334
+30656164616432623135386334356330303432663637356332616134663265333062336334303966
+3232373538363233660a323862353761343265393130303364346436326264313038383062646466
+65356133623361313937643338316439353662633465656538363830306430633732366564383064
+66366362333130663665313130376463356164633331616530373230313936343234316566613362
+62323866653335393264333165373139613938363631643133653963343733383864633365343137
+65666233336233313032

host_vars/runner1.archlinux.org/misc

@@ -15,3 +15,5 @@ system_disks:
 raid_level: "raid1"
 
 configure_network: true
+wireguard_address: 10.0.0.30
+wireguard_public_key: VghPKlYaYYcdt4peH2n9X95ebTamz2MeOI8NvMTmomI=

host_vars/runner1.archlinux.org/vault_wireguard.yml

@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+62323062333663353534663331643633666335323333656438653438336436366161666237653334
+3736633161316335386166353566613239303537666630610a633033323163616136303634653633
+35323065623734353837626536623966343533643031623164666232333562633938373934353736
+3666376635656262610a323430316263633032356163656130376435383638316534336433353533
+66393333643930643737373666343832636236393834356633633330306632326535643038363266
+36366333353335623434356666363931326431323430343633356132653233313130336337373333
+61333833343434666239633566313264393738626665316439323936386263363737326365643465
+66633264626236373338

host_vars/runner2.archlinux.org/misc

@@ -12,3 +12,5 @@ network_interface: "enp1s0f0np0"
 system_disks:
   - /dev/sda
 configure_network: true
+wireguard_address: 10.0.0.7
+wireguard_public_key: 27QE/u1liW2251mHvnika7cZ1Lv8O4h+0S6D2g1jZTE=

host_vars/runner2.archlinux.org/vault_wireguard.yml

@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+34353963613832346662633636386135616336646239323738633263363965366238613133376630
+3639333039323966323338643232343933326231653630620a313562323162363739653434336137
+30393834623432303837653834633965356464393036636332616230346534346464316630613966
+6433633537303165390a613931613832333635666432313734313335376166383034336163633566
+33666531613666623265313535363461636162643166343532333331663133623465623534323462
+37643832633462346462376338633432646162616435623764393338656465383166653430633937
+37613836343061346362656438613232323135656465393061616336396536333865633838313033
+39313936363034343437

host_vars/secure-runner1.archlinux.org/misc

@@ -12,3 +12,5 @@ network_interface: "en*"
 system_disks:
   - /dev/nvme0n1
   - /dev/nvme1n1
+wireguard_address: 10.0.0.8
+wireguard_public_key: 6cb0sL2PgD55IXWr5j/uIn9wCgUL+HT83vWrxWClSBU=

host_vars/secure-runner1.archlinux.org/vault_wireguard.yml

@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+31663637376338646130393262303635666163653066636265666630363131363132646665323735
+6661656235363338333237316439306661643932633036630a353062636430313163393938633437
+63623161356364656462653533306330383765626234383335333861383764373733633038326133
+6232383863353363300a303961663162343236643330326532316162643130613864393534376635
+31633663623632313562383764353465643430346432363130393839326135386532323437326535
+39376561316638666334653239383530653235633332653132613361643732616530613636656531
+32303961303163363861656665316134353435326439623332323139383765623835366162646335
+37623765313065616130

host_vars/security.archlinux.org

@@ -1,7 +0,0 @@
----
-filesystem: btrfs
-
-fail2ban_jails:
-  sshd: true
-  postfix: false
-  dovecot: false

host_vars/security.archlinux.org/misc

@@ -0,0 +1,9 @@
+---
+filesystem: btrfs
+
+fail2ban_jails:
+  sshd: true
+  postfix: false
+  dovecot: false
+wireguard_address: 10.0.0.24
+wireguard_public_key: CENgItOHJI/lLUNcUNpC+1oZJBvX/G+nemAKZYfCSCw=

host_vars/security.archlinux.org/vault_wireguard.yml

@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+35303834303939316362396235336663626233343436626131393033636364316566316161333833
+3734353862653661343034656231653061383365373265340a613263373064353437623963366564
+32333630326332333433363461303334373237383931373837343765323836383337393562643739
+3966396638653131660a336339376564396366393366353664623664633033396332653263633234
+37303361383362623439393331626137326461366334383638653565613166323737663136323262
+35396234346334336338353036363130386639383464313364656464363865303266633965653134
+62326638356131336439663833356438346639396463653862303964386361633431616364653263
+38323934633336653930

host_vars/state.archlinux.org

@@ -1,2 +0,0 @@
----
-filesystem: btrfs

host_vars/state.archlinux.org/misc

@@ -0,0 +1,4 @@
+---
+filesystem: btrfs
+wireguard_address: 10.0.0.11
+wireguard_public_key: cRNS30527OCEgijC7FHrtdXxdNnwWsXP8F1QAoKgAFQ=

host_vars/state.archlinux.org/vault_wireguard.yml

@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+30623966386233383161626338323132623637626439363735393265326463633965353631646165
+6439633062646463326361613632656437613639326632610a363761303462343562646663323831
+62383732393639376532353962626562643866343830343633383031316435323637343061366337
+3762303832653938660a666336613331663436653836616333663366643833656465616432303733
+35646262316639666232646233366337646239613562616431633032393538363438626635313530
+32373465346461646366333466313862643135363366353166396566306335333837626430333934
+33613631363261613364623831363330353236363861363436633064393435333433643561316330
+39343833313863666363

host_vars/wiki.archlinux.org/misc

@@ -7,3 +7,5 @@ fail2ban_jails:
   postfix: false
   dovecot: false
   nginx_limit_req: false
+wireguard_address: 10.0.0.22
+wireguard_public_key: bZeNWMLtyNDaFR7jjWr06nNZt/vV/OKNleV7XZZs+lc=

host_vars/wiki.archlinux.org/vault_wireguard.yml

@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+31326134383434623962343263616233323034636435343437386264386462373065313831643737
+3833643966366266343537656366616565323761643837620a616435346437383363623532396563
+38343931306466633663356637323532303334613638363034303862383563396437356332653331
+6434346434343431640a386436613463343631323435363763383534666430633133636236353832
+37396365643335633532366662353138646234646563633331373435316531343038346132646564
+30366235313237396166623639383432376534656666376362383331323562333937393064333434
+37366637343835636465633537613364353232353462373936636131336333666237343163613130
+62626164633930653337

hosts

@@ -143,6 +143,40 @@ dashboards.archlinux.org
 lists.archlinux.org
 
 [wireguard]
+archlinux.org
+aur.archlinux.org
+aur-dev.archlinux.org
+monitoring.archlinux.org
+gitlab.archlinux.org
+reproducible.archlinux.org
+runner2.archlinux.org
+secure-runner1.archlinux.org
+phrik.archlinux.org
+quassel.archlinux.org
+state.archlinux.org
+mirror.pkgbuild.com
+homedir.archlinux.org
+mail.archlinux.org
+matrix.archlinux.org
+accounts.archlinux.org
+bbs.archlinux.org
+build.archlinux.org
+bugs.archlinux.org
+gemini.archlinux.org
+repro1.pkgbuild.com
+wiki.archlinux.org
+patchwork.archlinux.org
+security.archlinux.org
+redirect.archlinux.org
+asia.mirror.pkgbuild.com
+america.mirror.pkgbuild.com
+europe.mirror.pkgbuild.com
+repro2.pkgbuild.com
+runner1.archlinux.org
+md.archlinux.org
+man.archlinux.org
+dashboards.archlinux.org
+lists.archlinux.org
 
 [kape_servers]
 asia.mirror.pkgbuild.com

playbooks/accounts.archlinux.org.yml

@@ -7,6 +7,7 @@
     - { role: common }
     - { role: tools }
     - { role: firewalld }
+    - { role: wireguard }
     - { role: sshd }
     - { role: root_ssh }
     - { role: prometheus_exporters }

playbooks/all-hosts-basic.yml

@@ -7,6 +7,7 @@
     - { role: common }
     - { role: tools }
     - { role: firewalld }
+    - { role: wireguard }
     # reconfiguring sshd may break the AUR on luna (unchecked)
     # - { role: sshd, tags: ['sshd'] }
     - { role: root_ssh }

playbooks/archive-mirrors.yml

@@ -6,6 +6,7 @@
     - { role: common }
     - { role: tools }
     - { role: firewalld }
+    - { role: wireguard }
     - { role: hardening }
     - { role: sshd }
     - { role: root_ssh }

playbooks/archlinux.org.yml

@@ -39,3 +39,4 @@
     - { role: fail2ban }
     - { role: prometheus_exporters }
     - { role: promtail }
+    - { role: wireguard }

playbooks/aur-dev.archlinux.org.yml

@@ -21,3 +21,4 @@
     - { role: aurweb, aurweb_domain: 'aur-dev.archlinux.org', aurweb_version: 'pu' }
     - { role: prometheus_exporters }
     - { role: promtail }
+    - { role: wireguard }

playbooks/aur.archlinux.org.yml

@@ -21,3 +21,4 @@
     - { role: postfix, postfix_relayhost: "mail.archlinux.org" }
     - { role: fail2ban }
     - { role: aurweb }
+    - { role: wireguard }

playbooks/bbs.archlinux.org.yml

@@ -19,3 +19,4 @@
     - { role: fail2ban }
     - { role: prometheus_exporters }
     - { role: promtail }
+    - { role: wireguard }

playbooks/bugs.archlinux.org.yml

@@ -19,3 +19,4 @@
     - { role: fail2ban }
     - { role: prometheus_exporters }
     - { role: promtail }
+    - { role: wireguard }

playbooks/build.archlinux.org.yml

@@ -15,3 +15,4 @@
     - { role: fail2ban }
     - { role: prometheus_exporters }
     - { role: promtail }
+    - { role: wireguard }

playbooks/dashboards.archlinux.org.yml

@@ -3,6 +3,7 @@
   remote_user: root
   roles:
     - { role: firewalld }
+    - { role: wireguard }
     - { role: common }
     - { role: tools }
     - { role: sshd }

playbooks/gemini.archlinux.org.yml

@@ -10,6 +10,7 @@
     - { role: common }
     - { role: tools }
     - { role: firewalld }
+    - { role: wireguard }
     - { role: sshd }
     - { role: root_ssh }
     - { role: borg_client, tags: ['borg'] }

playbooks/gitlab-runners.yml

@@ -5,6 +5,7 @@
   roles:
     - { role: common }
     - { role: firewalld }
+    - { role: wireguard }
     - { role: hardening }
     - { role: sshd }
     - { role: root_ssh }

playbooks/gitlab.archlinux.org.yml

@@ -7,6 +7,7 @@
     - { role: common }
     - { role: tools }
     - { role: firewalld }
+    - { role: wireguard }
     - { role: sshd }
     - { role: root_ssh }
     - { role: gitlab,

playbooks/homedir.archlinux.org.yml

@@ -16,3 +16,4 @@
     - { role: prometheus_exporters }
     - { role: promtail }
     - { role: fail2ban }
+    - { role: wireguard }

playbooks/lists.archlinux.org.yml

@@ -4,6 +4,7 @@
   roles:
     - { role: common }
     - { role: firewalld }
+    - { role: wireguard }
     - { role: tools }
     - { role: sshd }
     - { role: root_ssh }

playbooks/mail.archlinux.org.yml

@@ -19,3 +19,4 @@
     - { role: fail2ban }
     - { role: prometheus_exporters }
     - { role: promtail }
+    - { role: wireguard }

playbooks/man.archlinux.org.yml

@@ -5,6 +5,7 @@
   remote_user: root
   roles:
     - { role: firewalld }
+    - { role: wireguard }
     - { role: common }
     - { role: tools }
     - { role: sshd }

playbooks/matrix.archlinux.org.yml

@@ -7,6 +7,7 @@
     - { role: common }
     - { role: tools }
     - { role: firewalld }
+    - { role: wireguard }
     - { role: sshd }
     - { role: root_ssh }
     - { role: borg_client, tags: ["borg"] }