add wireguard variable

host_vars/corwin

@@ -0,0 +1,23 @@
+---
+ansible_host: 10.0.0.1
+
+wireguard_address: "10.0.0.1/24"
+wireguard_endpoint: "65.108.221.233"
+wireguard_persistent_keepalive: "30"
+wireguard_allowed_ips: "10.0.0.0/24"
+
+wireguard_postup:  
+  - iptables -A FORWARD -o %i -j ACCEPT
+  - iptables -A FORWARD -i %i -j ACCEPT
+  - iptables -t nat -A POSTROUTING -o enp1s0 -j MASQUERADE
+
+wireguard_postdown:  
+  - iptables -D FORWARD -i %i -j ACCEPT
+  - iptables -D FORWARD -o %i -j ACCEPT
+  - iptables -t nat -D POSTROUTING -o enp1s0 -j MASQUERADE
+
+wireguard_unmanaged_peers:
+  phone:
+    public_key: ioG35kDFTtip+Acfq+je9qDHYbZij+J6+Pg3T6Z4N0w=
+    allowed_ips: 10.0.0.3/32
+    persistent_keepalive: 0

host_vars/gerard

@@ -0,0 +1,3 @@
+ ---
+ansible_host=192.168.1.41
+ansible_python_interpreter=/usr/bin/python3

host_vars/oscar

@@ -0,0 +1,15 @@
+---
+wireguard_address: "10.0.0.2/24"
+wireguard_allowed_ips: "10.0.0.2/32,192.168.1.0/24"
+perrsistent_keepalive: "30"
+wireguard_endpoint: ""
+
+wireguard_postup:
+  - iptables -A FORWARD -i wg0 -j ACCEPT
+  - iptables -A FORWARD -o wg0 -j ACCEPT
+  - iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE
+
+wireguard_postdown:
+  - iptables -D FORWARD -i wg0 -j ACCEPT
+  - iptables -D FORWARD -o wg0 -j ACCEPT
+  - iptables -t nat -D POSTROUTING -o eno1 -j MASQUERADE

playbooks/wireguard.yml

@@ -0,0 +1,5 @@
+---
+- hosts: wireguard
+  roles:
+    - role: ansible-role-wireguard
+      become: True

production

@@ -12,7 +12,11 @@ zen-pc
 tablette
 
 [dhcp]
-gerard ansible_host=192.168.1.41 ansible_python_interpreter=/usr/bin/python3
+gerard
 
 [VPS]
-corwin ansible_host=65.108.221.233
+corwin
+
+[wireguard]
+corwin
+oscar

site.yml

@@ -1,5 +1,6 @@
 ---
 - import_playbook: playbooks/global.yml
+- import_playbook: playbooks/wireguard.yml
 - import_playbook: playbooks/music-player.yml
 - import_playbook: playbooks/server.yml
 - import_playbook: playbooks/build.yml