Decentrala/dmzconf
21
1
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

create wireguard playbook

Browse Source
This commit is contained in:
Malin Freeborn
2026-01-26 22:22:04 +01:00
parent dd6fb1cf50
commit 89472a3a70
2 changed files with 115 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
ansible/host_vars/nimbus.yml
View File

@@ -1,6 +1,9 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
61386535643036336233373332346437666166373335343732653734326465373430306464363066 37363765623839666637633861353139353935323364343538356536653561373266336161353937
6337326238633966623333393864363639343965373138300a633964306639343165613266646136 3466653434666163313936393366613666393863616262320a643930663038326666653064613062
61646462656362306661343662343864613866323965323165393661646665393838343735313434 62613661396538363539643938323033663932326362626335333438653865623038336136623030
6631646531396662310a393761643537626436303965636563643534643565366436393233353662 3735366564366431330a373061393766346631643434383364646431346231356466663737626435
3965 64303835343237383761633939643431333439643933636139666163393637363430633261633736
34626631366163616439366534393031353063363138356638323634313430666330613833386661
61346365313534353535633365626364303565363565353765353833363065343232633866633132
63643930633266653765

107
ansible/playbooks/wireguard.yml Normal file
View File

@@ -0,0 +1,107 @@
---
- name: Install Wireguard on Server
hosts: nimbus
become: true
tasks:
- name: Install wireguard tools and dig
ansible.builtin.package:
name:
- wireguard-tools
- bind
- name: Create private key
ansible.builtin.shell:
chdir: /etc/wireguard/
creates: /etc/wireguard/server_public_key
cmd: "wg genkey | tee server_private_key | wg pubkey > server_public_key"
- name: Remember the public key
ansible.builtin.command: cat /etc/wireguard/server_public_key
register: wireguard_public_key
- name: Get server public IP
ansible.builtin.command: dig +short myip.opendns.com @resolver1.opendns.com
register: wireguard_public_ip
- name: Allow ipv4 forwarding
ansible.builtin.lineinfile:
path: /etc/sysctl.d/wg.conf
line: net.ipv4.ip_forward=1
create: yes
- name: Start the wireguard service
ansible.builtin.service:
name: wg-quick@wg0
enabled: yes
- name: Install Wireguard on Host
hosts: localhost
become: true
tasks:
- name: Install wireguard tools
ansible.builtin.package:
name:
- wireguard-tools
- name: Create private key
ansible.builtin.shell:
chdir: /etc/wireguard/
creates: /etc/wireguard/dmz_public_key
cmd: "wg genkey | tee dmz_private_key | wg pubkey > dmz_public_key"
- name: Remember the public key
ansible.builtin.command: cat /etc/wireguard/dmz_public_key
register: client_public_key
- name: Generate Server Config
hosts: nimbus
become: true
tasks:
- name: Create wg0 configuration
ansible.builtin.shell:
chdir: /etc/wireguard/
creates: /etc/wireguard/wg0.conf
cmd: |
echo "
[Interface]
Address = 10.0.0.1/24
SaveConfig = true
PrivateKey = $(cat server_private_key)
ListenPort = 51900
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer]
PublicKey = {{ hostvars['localhost']['client_public_key']['stdout'] }}
AllowedIPs = 10.0.0.2/32
" > /etc/wireguard/wg0.conf
- name: Generate Client Config
hosts: localhost
become: true
tasks:
- name: Create wg0 client configuration
ansible.builtin.shell:
chdir: /etc/wireguard/
creates: /etc/wireguard/wg0-client.conf
cmd: |
echo "
[Interface]
Address = 10.0.0.2/32
PrivateKey = $(cat dmz_private_key)
DNS = 9.9.9.9
[Peer]
PublicKey = {{ hostvars['nimbus']['wireguard_public_key']['stdout'] }}
Endpoint = space.xecut.me:51900
AllowedIPs = 10.0.0.1/32
" > /etc/wireguard/wg0-client.conf