Michael Schiemer
95147ff23e
Remove WireGuard integration from production deployment to simplify infrastructure: - Remove docker-compose-direct-access.yml (VPN-bound services) - Remove VPN-only middlewares from Grafana, Prometheus, Portainer - Remove WireGuard middleware definitions from Traefik - Remove WireGuard IPs (10.8.0.0/24) from Traefik forwarded headers All monitoring services now publicly accessible via subdomains: - grafana.michaelschiemer.de (with Grafana native auth) - prometheus.michaelschiemer.de (with Basic Auth) - portainer.michaelschiemer.de (with Portainer native auth) All services use Let's Encrypt SSL certificates via Traefik.
30 lines
814 B
Django/Jinja
30 lines
814 B
Django/Jinja
# WireGuard Client Configuration for {{ client_name }}
|
|
# Generated by Ansible - DO NOT EDIT MANUALLY
|
|
|
|
[Interface]
|
|
# Client private key
|
|
PrivateKey = {{ client_private_key.stdout }}
|
|
|
|
# Client IP address in VPN network
|
|
Address = {{ client_ip }}/24
|
|
|
|
{% if wireguard_dns_servers | length > 0 %}
|
|
# DNS servers provided via Ansible (optional)
|
|
DNS = {{ wireguard_dns_servers | join(', ') }}
|
|
{% endif %}
|
|
|
|
[Peer]
|
|
# Server public key
|
|
PublicKey = {{ server_public_key_cmd.stdout }}
|
|
|
|
# Server endpoint
|
|
Endpoint = {{ server_external_ip_content }}:{{ wireguard_port }}
|
|
|
|
# Allowed IPs (routes through VPN)
|
|
# IMPORTANT: Only VPN network is routed through VPN by default
|
|
# SSH access via normal IP ({{ server_external_ip_content }}) remains available
|
|
AllowedIPs = {{ allowed_ips }}
|
|
|
|
# Keep connection alive
|
|
PersistentKeepalive = 25
|