first commit, wireguard basics working

Readme.md

@@ -0,0 +1,2 @@
+ansible playbook, play with:
+ansible-playbook -i hosts common.yml -K

common.yml

@@ -0,0 +1,5 @@
+---
+- hosts: all
+  remote_user: root
+  roles:
+    - common

hosts

@@ -0,0 +1,2 @@
+[vpn_server]
+vpn2.db4rne.de

roles/vpn-server-wireguard/tasks/main.yml

@@ -0,0 +1,43 @@
+---
+- name: wireguard server keys
+  hosts: vpn_server
+  vars:
+    server_privkey: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          37373763643362313533663532373161353334613738316136336562666462303735623065323139
+          3364366239376434343064633765373830393937346665650a636231396634326236333466636165
+          34373562356437373136666336363466336564663839333930366566316439336262303861343965
+          6434633631383264390a316135386235653433396161616662373633393635626537316432623632
+          30353631363164346161343530313365663437663533366639636432353234376632333638313464
+          6263333266666164343834636330626265326135303361636135
+    server_pubkey: nbHkhDv4TLxjdGRqwW4dyFyNZsYBTi2ryVCZ7/K7aEs=
+  tasks:
+    - name: install wireguard
+      apt:
+        name: wireguard
+        state: present
+
+    - name: create server wireguard config
+      template:
+        dest: /etc/wireguard/wg0.conf
+        src: server_wg0.conf.j2
+        owner: root
+        group: root
+        mode: '0600'
+
+    - name: enable and persist ip forwarding
+      sysctl:
+        name: net.ipv4.ip_forward
+        value: "1"
+        state: present
+        sysctl_set: yes
+        reload: yes
+
+    - name: start and enable wireguard
+      systemd:
+        name: wg-quick@wg0
+        enabled: yes
+        state: started
+
+
+

roles/vpn-server-wireguard/tasks/templates/server_wg0.conf.j2

@@ -0,0 +1,6 @@
+# {{ ansible_managed }}
+[Interface]
+Address = 10.0.1.1/24
+ListenPort = 51820
+PrivateKey = {{ server_privkey }}
+