arne/ansible_vpn_server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

first commit, wireguard basics working

Browse source
This commit is contained in:
Arne Zachlod 2024-10-05 20:52:42 +02:00
commit 1ec7b153fd
5 changed files with 58 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Readme.md Normal file
View file

@ -0,0 +1,2 @@
ansible playbook, play with:
ansible-playbook -i hosts common.yml -K

5
common.yml Normal file
View file

@ -0,0 +1,5 @@
---
- hosts: all
remote_user: root
roles:
- common

2
hosts Normal file
View file

@ -0,0 +1,2 @@
[vpn_server]
vpn2.db4rne.de

43
roles/vpn-server-wireguard/tasks/main.yml Normal file
View file

@ -0,0 +1,43 @@
---
- name: wireguard server keys
hosts: vpn_server
vars:
server_privkey: !vault |
$ANSIBLE_VAULT;1.1;AES256
37373763643362313533663532373161353334613738316136336562666462303735623065323139
3364366239376434343064633765373830393937346665650a636231396634326236333466636165
34373562356437373136666336363466336564663839333930366566316439336262303861343965
6434633631383264390a316135386235653433396161616662373633393635626537316432623632
30353631363164346161343530313365663437663533366639636432353234376632333638313464
6263333266666164343834636330626265326135303361636135
server_pubkey: nbHkhDv4TLxjdGRqwW4dyFyNZsYBTi2ryVCZ7/K7aEs=
tasks:
- name: install wireguard
apt:
name: wireguard
state: present
- name: create server wireguard config
template:
dest: /etc/wireguard/wg0.conf
src: server_wg0.conf.j2
owner: root
group: root
mode: '0600'
- name: enable and persist ip forwarding
sysctl:
name: net.ipv4.ip_forward
value: "1"
state: present
sysctl_set: yes
reload: yes
- name: start and enable wireguard
systemd:
name: wg-quick@wg0
enabled: yes
state: started

6
roles/vpn-server-wireguard/tasks/templates/server_wg0.conf.j2 Normal file
View file

@ -0,0 +1,6 @@
# {{ ansible_managed }}
[Interface]
Address = 10.0.1.1/24
ListenPort = 51820
PrivateKey = {{ server_privkey }}