arne/ansible_vpn_server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

wireguard: finally working

Browse source
This commit is contained in:
Arne Zachlod 2025-04-01 10:42:08 +02:00
parent a198e6e1b6
commit 058c01d1f7
2 changed files with 41 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
common.yml
View file

@ -3,3 +3,5 @@
remote_user: root remote_user: root
roles: roles:
- common - common
- vpn-server-wireguard

80
roles/vpn-server-wireguard/tasks/main.yml
View file

@ -1,51 +1,49 @@
--- ---
- name: wireguard server keys
hosts: vpn_server - name: install wireguard
apt:
name: wireguard
state: present
- name: create server wireguard config
vars: vars:
server_privkey: !vault | server_privkey: !vault |
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
37373763643362313533663532373161353334613738316136336562666462303735623065323139 37373763643362313533663532373161353334613738316136336562666462303735623065323139
3364366239376434343064633765373830393937346665650a636231396634326236333466636165 3364366239376434343064633765373830393937346665650a636231396634326236333466636165
34373562356437373136666336363466336564663839333930366566316439336262303861343965 34373562356437373136666336363466336564663839333930366566316439336262303861343965
6434633631383264390a316135386235653433396161616662373633393635626537316432623632 6434633631383264390a316135386235653433396161616662373633393635626537316432623632
30353631363164346161343530313365663437663533366639636432353234376632333638313464 30353631363164346161343530313365663437663533366639636432353234376632333638313464
6263333266666164343834636330626265326135303361636135 6263333266666164343834636330626265326135303361636135
server_pubkey: nbHkhDv4TLxjdGRqwW4dyFyNZsYBTi2ryVCZ7/K7aEs= server_pubkey: nbHkhDv4TLxjdGRqwW4dyFyNZsYBTi2ryVCZ7/K7aEs=
tasks: template:
- name: install wireguard dest: /etc/wireguard/wg0.conf
apt: src: server_wg0.conf.j2
name: wireguard owner: root
state: present group: root
mode: '0600'
- name: create server wireguard config - name: enable and persist ipv6 forwarding
template: sysctl:
dest: /etc/wireguard/wg0.conf name: net.ipv6.conf.all.forwarding
src: server_wg0.conf.j2 value: "1"
owner: root state: present
group: root sysctl_set: yes
mode: '0600' reload: yes
- name: enable and persist ipv6 forwarding - name: enable and persist ipv4 forwarding
sysctl: sysctl:
name: net.ipv6.conf.all.forwarding name: net.ipv4.ip_forward
value: "1" value: "1"
state: present state: present
sysctl_set: yes sysctl_set: yes
reload: yes reload: yes
- name: enable and persist ipv4 forwarding - name: start and enable wireguard
sysctl: systemd:
name: net.ipv4.ip_forward name: wg-quick@wg0
value: "1" enabled: yes
state: present state: started
sysctl_set: yes
reload: yes
- name: start and enable wireguard
systemd:
name: wg-quick@wg0
enabled: yes
state: started