ai-workspace-infra/iac_modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9d00269080
iac_modules/config/sit/vpn-overlay.yaml
Haitao Pan 13501153cd refactor(setup-dnat): refactor overlay config loading and current node variable extraction 
- Replaced include_vars with set_fact to load overlay_config_path using standard YAML parser
- Combined overlay_data.sites and overlay_data.hubs to search for the current node by inventory_hostname
2025-05-19 10:44:26 +08:00

156 lines
4.3 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 基础网络参数
wg_network: 172.30.0.0/16
bridge_network: 10.253.0.0/16
vxlan_id: 100
hub_port: 51820
# 全局功能开关
features:
enable_vless: true # 是否通过 VLESS 中转 WG 流量
enable_multi_hub: true # 是否支持多 Hub 架构false 则为单 Hub star 架构)
enable_vxlan_between_sits: true # 是否开启 vxlan 桥接(站点接入 Hub
enable_vxlan_between_hubs: true # 是否开启 Hub 之间的 VXLAN Mesh
only_wireguard: false # 若为 true仅使用 WireGuard 点对点,忽略 gretap/vxlan
# WireGuard Hub 节点配置
hubs:
- name: cn-hub
interface: eth0
public_ip: 1.15.155.245
pod_cidr: 10.42.0.0/16
wireguard_cidr: 172.30.0.0/16
wg_ip: 172.30.0.1
br_ip: 10.253.253.1
local_ip: 172.30.0.1
remote_ip: 172.31.0.10
xray:
uuid: "18d270a9-533d-4b13-b3f1-e7f55540a9b2"
relay_address: "global-proxy.onwalk.net"
relay_port: '51820'
remote_domain: "global-proxy.onwalk.net"
cert_path: "/etc/ssl/onwalk.net.pem"
key_path: "/etc/ssl/onwalk.net.key"
wireguard_peer:
- master-1
- slave-1
- agent-1
- agent-1
- name: global-hub
interface: ens5
public_ip: 1.15.155.245
wg_ip: 172.31.0.1
br_ip: 10.253.253.2
local_ip: 172.31.0.1
remote_ip: 172.30.0.1
xray:
uuid: "18d270a9-533d-4b13-b3f1-e7f55540a9b2"
cert_path: "/etc/ssl/onwalk.net.pem"
key_path: "/etc/ssl/onwalk.net.key"
relay_address: "cn-proxy.onwalk.net"
relay_port: '51820'
remote_domain: "cn-proxy.onwalk.net"
wireguard_peer:
- master-1
- slave-1
- agent-1
- agent-1
sites:
- name: tky-proxy
interface: ens5
public_ip: 52.196.108.28
wg_ip: 172.31.0.2
br_ip: 10.253.254.2
local_ip: 172.31.0.2
remote_ip: 172.31.0.1
wireguard_peer:
- global-hub
allowed_ips: "172.30.0.0/16,172.31.0.0/16"
xray:
uuid: "18d270a9-533d-4b13-b3f1-e7f55540a9b2"
cert_path: "/etc/ssl/onwalk.net.pem"
key_path: "/etc/ssl/onwalk.net.key"
relay_address: "global-proxy.onwalk.net"
relay_port: '51820'
remote_domain: "global-proxy.onwalk.net"
- name: us-proxy
interface: enX0
public_ip: 54.183.32.0
wg_ip: 172.31.0.3
br_ip: 10.253.254.3
local_ip: 172.31.0.3
remote_ip: 172.31.0.1
wireguard_peer:
- global-hub
allowed_ips: "172.30.0.0/16,172.31.0.0/16"
xray:
uuid: "18d270a9-533d-4b13-b3f1-e7f55540a9b2"
remote_domain: "global-proxy.onwalk.net"
cert_path: "/etc/ssl/onwalk.net.pem"
key_path: "/etc/ssl/onwalk.net.key"
- name: ca-proxy
interface: ens5
wg_ip: 172.31.0.4
br_ip: 10.253.254.4
local_ip: 172.31.0.4
remote_ip: 172.31.0.1
wireguard_peer:
- global-hub
allowed_ips: "172.30.0.0/16,172.31.0.0/16"
xray:
uuid: "18d270a9-533d-4b13-b3f1-e7f55540a9b2"
remote_domain: "global-proxy.onwalk.net"
cert_path: "/etc/ssl/onwalk.net.pem"
key_path: "/etc/ssl/onwalk.net.key"
- name: deepflow-demo
interface: wlp0s20f3
public_ip: 172.30.0.10
wg_ip: 172.30.0.10
br_ip: 10.253.253.2
local_ip: 172.30.0.10
remote_ip: 172.30.0.1
wireguard_peer: cn-hub
allowed_ips: "172.30.0.0/16"
- name: icp-aliyun
interface: eth0
public_ip: 47.120.61.35
wg_ip: 172.30.0.11
pod_cidr: 10.42.0.0/16
wireguard_cidr: 172.30.0.0/16
br_ip: 10.253.253.11
local_ip: 172.30.0.11
remote_ip: 172.30.0.1
wireguard_peer: cn-hub
allowed_ips: "172.30.0.0/16"
xray:
uuid: "18d270a9-533d-4b13-b3f1-e7f55540a9b2"
cert_path: "/etc/ssl/onwalk.net.pem"
key_path: "/etc/ssl/onwalk.net.key"
relay_address: "cn-proxy.onwalk.net"
relay_port: '51820'
remote_domain: "cn-proxy.onwalk.net"
- name: icp-huawei
interface: eth0
public_ip: 139.9.139.22
pod_cidr: 10.42.0.0/16
wireguard_cidr: 172.30.0.0/16
wg_ip: 172.30.0.12
br_ip: 10.253.253.12
local_ip: 172.30.0.12
remote_ip: 172.30.0.1
wireguard_peer: cn-hub
allowed_ips: "172.30.0.0/16"
xray:
uuid: "18d270a9-533d-4b13-b3f1-e7f55540a9b2"
cert_path: "/etc/ssl/onwalk.net.pem"
key_path: "/etc/ssl/onwalk.net.key"
relay_address: "cn-proxy.onwalk.net"
relay_port: '51820'
remote_domain: "cn-proxy.onwalk.net"
Reference in New Issue View Git Blame Copy Permalink