26 lines
793 B
YAML
26 lines
793 B
YAML
---
|
|
# WireGuard setup — iklim-db-01 (prod VPN gateway for developer DB access)
|
|
#
|
|
# Full setup (WireGuard + db_stack firewall rules on all DB nodes):
|
|
# ansible-playbook prod-db-wireguard.yml --vault-password-file=../.vault_pass
|
|
#
|
|
# WireGuard only (re-deploy config or update peers):
|
|
# ansible-playbook prod-db-wireguard.yml --vault-password-file=../.vault_pass --tags wireguard
|
|
#
|
|
# DB node firewall rules only:
|
|
# ansible-playbook prod-db-wireguard.yml --vault-password-file=../.vault_pass --tags db_stack
|
|
|
|
- name: DB-01 — WireGuard (Prod Developer Access)
|
|
hosts: iklim-db-01
|
|
become: yes
|
|
roles:
|
|
- role: wireguard
|
|
tags: [wireguard]
|
|
|
|
- name: DB Nodes — Firewalld DB/etcd Port Rules
|
|
hosts: iklim-db-*
|
|
become: yes
|
|
roles:
|
|
- role: db_stack
|
|
tags: [db_stack]
|