diff --git a/group_vars/wireguard b/group_vars/wireguard new file mode 100644 index 0000000..e69de29 diff --git a/host_vars/corwin b/host_vars/corwin new file mode 100644 index 0000000..f2f0d90 --- /dev/null +++ b/host_vars/corwin @@ -0,0 +1,23 @@ +--- +ansible_host: 10.0.0.1 + +wireguard_address: "10.0.0.1/24" +wireguard_endpoint: "65.108.221.233" +wireguard_persistent_keepalive: "30" +wireguard_allowed_ips: "10.0.0.0/24" + +wireguard_postup: + - iptables -A FORWARD -o %i -j ACCEPT + - iptables -A FORWARD -i %i -j ACCEPT + - iptables -t nat -A POSTROUTING -o enp1s0 -j MASQUERADE + +wireguard_postdown: + - iptables -D FORWARD -i %i -j ACCEPT + - iptables -D FORWARD -o %i -j ACCEPT + - iptables -t nat -D POSTROUTING -o enp1s0 -j MASQUERADE + +wireguard_unmanaged_peers: + phone: + public_key: ioG35kDFTtip+Acfq+je9qDHYbZij+J6+Pg3T6Z4N0w= + allowed_ips: 10.0.0.3/32 + persistent_keepalive: 0 diff --git a/host_vars/gerard b/host_vars/gerard new file mode 100644 index 0000000..a2b202f --- /dev/null +++ b/host_vars/gerard @@ -0,0 +1,3 @@ + --- +ansible_host=192.168.1.41 +ansible_python_interpreter=/usr/bin/python3 diff --git a/host_vars/oscar b/host_vars/oscar index e69de29..0b5dde8 100644 --- a/host_vars/oscar +++ b/host_vars/oscar @@ -0,0 +1,15 @@ +--- +wireguard_address: "10.0.0.2/24" +wireguard_allowed_ips: "10.0.0.2/32,192.168.1.0/24" +perrsistent_keepalive: "30" +wireguard_endpoint: "" + +wireguard_postup: + - iptables -A FORWARD -i wg0 -j ACCEPT + - iptables -A FORWARD -o wg0 -j ACCEPT + - iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE + +wireguard_postdown: + - iptables -D FORWARD -i wg0 -j ACCEPT + - iptables -D FORWARD -o wg0 -j ACCEPT + - iptables -t nat -D POSTROUTING -o eno1 -j MASQUERADE diff --git a/playbooks/wireguard.yml b/playbooks/wireguard.yml new file mode 100644 index 0000000..561e21b --- /dev/null +++ b/playbooks/wireguard.yml @@ -0,0 +1,5 @@ +--- +- hosts: wireguard + roles: + - role: ansible-role-wireguard + become: True diff --git a/production b/production index 6364a93..8a73e62 100644 --- a/production +++ b/production @@ -12,7 +12,11 @@ zen-pc tablette [dhcp] -gerard ansible_host=192.168.1.41 ansible_python_interpreter=/usr/bin/python3 +gerard [VPS] -corwin ansible_host=65.108.221.233 +corwin + +[wireguard] +corwin +oscar diff --git a/site.yml b/site.yml index 85dcdea..12da9e1 100644 --- a/site.yml +++ b/site.yml @@ -1,5 +1,6 @@ --- - import_playbook: playbooks/global.yml +- import_playbook: playbooks/wireguard.yml - import_playbook: playbooks/music-player.yml - import_playbook: playbooks/server.yml - import_playbook: playbooks/build.yml