- add parent play for configuring the rpi - add dedicated rpi.yml to configure the base - copy over templates, handlers from the wg play - import the rpi.yml in main.ymlmaster
parent
4d1b046917
commit
15b78abf21
@ -1,3 +1,4 @@
|
||||
ansible_python_interpreter: /usr/bin/python3
|
||||
interactive: yes
|
||||
acmedns_base_lego_arch: arm64
|
||||
base_rpi: true
|
||||
|
@ -0,0 +1,5 @@
|
||||
---
|
||||
# handlers file for wg_vpn
|
||||
|
||||
- name: restart wireguard
|
||||
service: name=wg-quick@wg0.service state=restarted
|
@ -0,0 +1,30 @@
|
||||
---
|
||||
|
||||
- name: install wireguard
|
||||
apt:
|
||||
name:
|
||||
- wireguard
|
||||
- wireguard-dkms
|
||||
- wireguard-tools
|
||||
update_cache: yes
|
||||
state: latest
|
||||
|
||||
- name: Enable IP forwarding
|
||||
sysctl: name={{ item }} value=1 state=present
|
||||
with_items:
|
||||
- net.ipv4.ip_forward
|
||||
- net.ipv6.conf.all.forwarding
|
||||
|
||||
- name: Configure firewall (Ubuntu)
|
||||
ufw: rule=allow port=51820 proto=udp
|
||||
when: ansible_distribution == "Ubuntu"
|
||||
|
||||
- name: Create wireguard config directory
|
||||
file: state=directory path=/etc/wireguard owner=root group=root mode=0700
|
||||
|
||||
- name: Install wireguard configuration
|
||||
template: src=wg0.conf dest=/etc/wireguard/wg0.conf owner=root group=root mode=0600
|
||||
notify: restart wireguard
|
||||
|
||||
- name: Start wireguard
|
||||
service: name=wg-quick@wg0.service enabled=yes state=started
|
@ -0,0 +1,11 @@
|
||||
[Interface]
|
||||
PrivateKey = {{ wireguard_clients[3]['privkey'] }}
|
||||
Address = {{ wireguard_vpn_network | ipsubnet(32, wireguard_clients[3]['offset']) }}
|
||||
|
||||
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
||||
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
|
||||
|
||||
[Peer]
|
||||
PublicKey = {{ wireguard_server_pubkey }}
|
||||
Endpoint = vpn.awful.club:51820
|
||||
AllowedIPs = 10.200.219.0/24
|
@ -0,0 +1,11 @@
|
||||
[Interface]
|
||||
PrivateKey = {{ wireguard_clients[3]['privkey'] }}
|
||||
Address = {{ wireguard_vpn_network | ipsubnet(32, wireguard_clients[3]['offset']) }}
|
||||
|
||||
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
||||
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
|
||||
|
||||
[Peer]
|
||||
PublicKey = {{ wireguard_server_pubkey }}
|
||||
Endpoint = vpn.awful.club:51820
|
||||
AllowedIPs = 10.200.219.0/24
|
@ -0,0 +1,8 @@
|
||||
---
|
||||
|
||||
- name: setup on prem portal wg host.
|
||||
hosts: larva.home.jowj.net
|
||||
tasks:
|
||||
- debug: msg="Deploying wg portal"
|
||||
roles:
|
||||
- { name: home-net, tags: ['home-net'] }
|
Loading…
Reference in new issue