root-http: account for NAT

named-data · May 11, 2024 · c61e70e · c61e70e
1 parent 7e02495
commit c61e70e
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 1 deletion.
diff --git a/config.yml b/config.yml
@@ -73,6 +73,7 @@ variables:
   ansible_host: string
   host_ip: string
   local_ip: string
+  outgoing_subnets: "?list"
   site_email_domain: list
   default_prefix: string
   advertised_prefixes: list
@@ -86,4 +87,4 @@ variables:
   hr_angle: number
   hr_radius: number
   ethernet_device: string
-  is_root_ca: ?boolean
+  is_root_ca: "?boolean"
diff --git a/host_vars/AVEIRO b/host_vars/AVEIRO
@@ -5,6 +5,8 @@ operator_email: quevedo@av.it.pt
 ansible_host: selficn.av.it.pt
 host_ip: 193.136.92.155
 local_ip: 10.0.12.127
+outgoing_subnets:
+- 193.136.80.0/20
 site_email_domain:
 - av.it.pt
 default_prefix: /ndn/pt/it/av

diff --git a/templates/root-http-ca/http-ca-server.yml.j2 b/templates/root-http-ca/http-ca-server.yml.j2
@@ -8,6 +8,9 @@ hosts:
     cert_file: /config/cert-store/site-ca.{{ data['inventory_hostname'] }}.ndncert
     subnets:
       - {{ data['host_ip'] }}/32
+      {% for subnet in data.get('outgoing_subnets', []) %}
+      - {{ subnet }}
+      {% endfor %}
       {% if data.get('is_root_ca', false) %}
       - 172.16.0.0/12
       - 192.168.0.0/16