From db5a645b67b51b48a5245e2ce037cbaa57b35004 Mon Sep 17 00:00:00 2001 From: vincent Date: Sat, 5 Mar 2022 19:13:35 +0100 Subject: [PATCH] add wireguard variable --- group_vars/wireguard | 0 host_vars/corwin | 23 +++++++++++++++++++++++ host_vars/gerard | 3 +++ host_vars/oscar | 15 +++++++++++++++ playbooks/wireguard.yml | 5 +++++ production | 8 ++++++-- site.yml | 1 + 7 files changed, 53 insertions(+), 2 deletions(-) create mode 100644 group_vars/wireguard create mode 100644 host_vars/corwin create mode 100644 host_vars/gerard create mode 100644 playbooks/wireguard.yml diff --git a/group_vars/wireguard b/group_vars/wireguard new file mode 100644 index 0000000..e69de29 diff --git a/host_vars/corwin b/host_vars/corwin new file mode 100644 index 0000000..f2f0d90 --- /dev/null +++ b/host_vars/corwin @@ -0,0 +1,23 @@ +--- +ansible_host: 10.0.0.1 + +wireguard_address: "10.0.0.1/24" +wireguard_endpoint: "65.108.221.233" +wireguard_persistent_keepalive: "30" +wireguard_allowed_ips: "10.0.0.0/24" + +wireguard_postup: + - iptables -A FORWARD -o %i -j ACCEPT + - iptables -A FORWARD -i %i -j ACCEPT + - iptables -t nat -A POSTROUTING -o enp1s0 -j MASQUERADE + +wireguard_postdown: + - iptables -D FORWARD -i %i -j ACCEPT + - iptables -D FORWARD -o %i -j ACCEPT + - iptables -t nat -D POSTROUTING -o enp1s0 -j MASQUERADE + +wireguard_unmanaged_peers: + phone: + public_key: ioG35kDFTtip+Acfq+je9qDHYbZij+J6+Pg3T6Z4N0w= + allowed_ips: 10.0.0.3/32 + persistent_keepalive: 0 diff --git a/host_vars/gerard b/host_vars/gerard new file mode 100644 index 0000000..a2b202f --- /dev/null +++ b/host_vars/gerard @@ -0,0 +1,3 @@ + --- +ansible_host=192.168.1.41 +ansible_python_interpreter=/usr/bin/python3 diff --git a/host_vars/oscar b/host_vars/oscar index e69de29..0b5dde8 100644 --- a/host_vars/oscar +++ b/host_vars/oscar @@ -0,0 +1,15 @@ +--- +wireguard_address: "10.0.0.2/24" +wireguard_allowed_ips: "10.0.0.2/32,192.168.1.0/24" +perrsistent_keepalive: "30" +wireguard_endpoint: "" + +wireguard_postup: + - iptables -A FORWARD -i wg0 -j ACCEPT + - iptables -A FORWARD -o wg0 -j ACCEPT + - iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE + +wireguard_postdown: + - iptables -D FORWARD -i wg0 -j ACCEPT + - iptables -D FORWARD -o wg0 -j ACCEPT + - iptables -t nat -D POSTROUTING -o eno1 -j MASQUERADE diff --git a/playbooks/wireguard.yml b/playbooks/wireguard.yml new file mode 100644 index 0000000..561e21b --- /dev/null +++ b/playbooks/wireguard.yml @@ -0,0 +1,5 @@ +--- +- hosts: wireguard + roles: + - role: ansible-role-wireguard + become: True diff --git a/production b/production index 6364a93..8a73e62 100644 --- a/production +++ b/production @@ -12,7 +12,11 @@ zen-pc tablette [dhcp] -gerard ansible_host=192.168.1.41 ansible_python_interpreter=/usr/bin/python3 +gerard [VPS] -corwin ansible_host=65.108.221.233 +corwin + +[wireguard] +corwin +oscar diff --git a/site.yml b/site.yml index 85dcdea..12da9e1 100644 --- a/site.yml +++ b/site.yml @@ -1,5 +1,6 @@ --- - import_playbook: playbooks/global.yml +- import_playbook: playbooks/wireguard.yml - import_playbook: playbooks/music-player.yml - import_playbook: playbooks/server.yml - import_playbook: playbooks/build.yml