make wireguard config setup
This commit is contained in:
@@ -12,12 +12,8 @@
|
|||||||
|
|
||||||
- name: Copy keys to server
|
- name: Copy keys to server
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
src: wireguard/
|
src: wireguard/wg0.conf
|
||||||
dest: /etc/wireguard/server_public_key
|
dest: /etc/wireguard/wg0.conf
|
||||||
|
|
||||||
- name: Remember the public key
|
|
||||||
ansible.builtin.command: cat /etc/wireguard/server_public_key
|
|
||||||
register: wireguard_public_key
|
|
||||||
|
|
||||||
- name: Get server public IP
|
- name: Get server public IP
|
||||||
ansible.builtin.command: dig +short myip.opendns.com @resolver1.opendns.com
|
ansible.builtin.command: dig +short myip.opendns.com @resolver1.opendns.com
|
||||||
@@ -34,73 +30,3 @@
|
|||||||
name: wg-quick@wg0
|
name: wg-quick@wg0
|
||||||
enabled: yes
|
enabled: yes
|
||||||
|
|
||||||
- name: Install Wireguard on Host
|
|
||||||
hosts: localhost
|
|
||||||
become: true
|
|
||||||
|
|
||||||
tasks:
|
|
||||||
- name: Install wireguard tools
|
|
||||||
ansible.builtin.package:
|
|
||||||
name:
|
|
||||||
- wireguard-tools
|
|
||||||
|
|
||||||
- name: Create private key
|
|
||||||
ansible.builtin.shell:
|
|
||||||
chdir: /etc/wireguard/
|
|
||||||
creates: /etc/wireguard/dmz_public_key
|
|
||||||
cmd: "wg genkey | tee dmz_private_key | wg pubkey > dmz_public_key"
|
|
||||||
|
|
||||||
- name: Remember the public key
|
|
||||||
ansible.builtin.command: cat /etc/wireguard/dmz_public_key
|
|
||||||
register: client_public_key
|
|
||||||
|
|
||||||
- name: Generate Server Config
|
|
||||||
hosts: nimbus
|
|
||||||
become: true
|
|
||||||
|
|
||||||
tasks:
|
|
||||||
|
|
||||||
- name: Create wg0 configuration
|
|
||||||
ansible.builtin.shell:
|
|
||||||
chdir: /etc/wireguard/
|
|
||||||
creates: /etc/wireguard/wg0.conf
|
|
||||||
cmd: |
|
|
||||||
echo "
|
|
||||||
[Interface]
|
|
||||||
Address = 10.0.0.1/24
|
|
||||||
SaveConfig = true
|
|
||||||
PrivateKey = $(cat server_private_key)
|
|
||||||
ListenPort = 51900
|
|
||||||
|
|
||||||
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
|
||||||
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
|
|
||||||
|
|
||||||
[Peer]
|
|
||||||
PublicKey = {{ hostvars['localhost']['client_public_key']['stdout'] }}
|
|
||||||
AllowedIPs = 10.0.0.2/32
|
|
||||||
" > /etc/wireguard/wg0.conf
|
|
||||||
|
|
||||||
|
|
||||||
- name: Generate Client Config
|
|
||||||
hosts: localhost
|
|
||||||
become: true
|
|
||||||
|
|
||||||
tasks:
|
|
||||||
|
|
||||||
- name: Create wg0 client configuration
|
|
||||||
ansible.builtin.shell:
|
|
||||||
chdir: /etc/wireguard/
|
|
||||||
creates: /etc/wireguard/wg0-client.conf
|
|
||||||
cmd: |
|
|
||||||
echo "
|
|
||||||
[Interface]
|
|
||||||
Address = 10.0.0.2/32
|
|
||||||
PrivateKey = $(cat dmz_private_key)
|
|
||||||
DNS = 9.9.9.9
|
|
||||||
|
|
||||||
[Peer]
|
|
||||||
PublicKey = {{ hostvars['nimbus']['wireguard_public_key']['stdout'] }}
|
|
||||||
Endpoint = space.xecut.me:51900
|
|
||||||
AllowedIPs = 10.0.0.1/32
|
|
||||||
" > /etc/wireguard/wg0-client.conf
|
|
||||||
|
|
||||||
|
|||||||
3
wg.mk
3
wg.mk
@@ -46,3 +46,6 @@ wg-install: /etc/wireguard/dmz.conf ## Install wireguard keys (use sudo)
|
|||||||
/etc/wireguard/dmz.conf: wireguard/dmz.conf | /bin/wg
|
/etc/wireguard/dmz.conf: wireguard/dmz.conf | /bin/wg
|
||||||
cp $< $@
|
cp $< $@
|
||||||
|
|
||||||
|
.PHONY: wg-setup
|
||||||
|
wg-setup: ansible/files/wireguard/wg0.conf ## Renew the wireguard config
|
||||||
|
make -C ansible wireguard
|
||||||
|
|||||||
Reference in New Issue
Block a user