jetzt läuft er
This commit is contained in:
Stefan Märkle
parent
1bc6136142
commit
3a8c1c5ca0
1
.gitignore
vendored
1
.gitignore
vendored
@ -1 +1,2 @@
|
||||
.terraform
|
||||
wireguard_profiles/*
|
||||
@ -22,12 +22,13 @@
|
||||
- name: Reboot to use new kernel
|
||||
reboot:
|
||||
|
||||
- name: ensure all wireguard services are stopped and enabled
|
||||
- name: ensure wireguard services are stopped and enabled
|
||||
service:
|
||||
name: "wg-quick@wg0"
|
||||
state: stopped
|
||||
enabled: yes
|
||||
|
||||
ignore_errors: True
|
||||
|
||||
- name: generate directories for client configs
|
||||
file:
|
||||
path: "~/wg/client_{{ item }}"
|
||||
@ -40,17 +41,17 @@
|
||||
- name: generate private and public keys for the client and server
|
||||
shell: umask 077; wg genkey | tee ~/wg/{{ item }}.private | wg pubkey > ~/wg/{{ item }}.public
|
||||
register: key_files
|
||||
with_sequence: start=1 end={{ vpn_clients }}
|
||||
with_sequence: start=0 end={{ vpn_clients }}
|
||||
|
||||
- name: register private key file contents
|
||||
shell: cat ~/wg/{{ item }}.private
|
||||
register: private_key_files
|
||||
with_sequence: start=1 end={{ vpn_clients }}
|
||||
with_sequence: start=0 end={{ vpn_clients }}
|
||||
|
||||
- name: register public key file contents
|
||||
shell: cat ~/wg/{{ item }}.public
|
||||
register: public_key_files
|
||||
with_sequence: start=1 end={{ vpn_clients }}
|
||||
with_sequence: start=0 end={{ vpn_clients }}
|
||||
|
||||
- name: generate client configs
|
||||
template:
|
||||
@ -85,7 +86,8 @@
|
||||
service:
|
||||
name: "wg-quick@wg0"
|
||||
state: started
|
||||
|
||||
ignore_errors: True
|
||||
|
||||
- name: download client conf files to the "wireguard_profiles/" folder on your local host
|
||||
fetch:
|
||||
src: "~/wg/client_{{item}}/wg0-client.conf"
|
||||
|
||||
@ -7,4 +7,4 @@ PrivateKey = {{ private_key_files.results[item|int].stdout }}
|
||||
PublicKey = {{ public_key_files.results[0].stdout }}
|
||||
AllowedIPs = 0.0.0.0/0
|
||||
Endpoint = {{ ansible_default_ipv4.address }}:{{ vpn_port }}
|
||||
PersistentKeepalive = {{ vpn_persistent_keepalive }}
|
||||
PersistentKeepalive = 1
|
||||
|
||||
@ -1,10 +1,4 @@
|
||||
---
|
||||
- name: set defaults
|
||||
vars:
|
||||
vpn_network: '10.100.100'
|
||||
vpn_port: '58172'
|
||||
vpn_clients: 1
|
||||
|
||||
# manually prepare inventory
|
||||
- name: add host
|
||||
hosts: localhost
|
||||
@ -19,5 +13,9 @@
|
||||
hosts: launched
|
||||
remote_user: admin
|
||||
become: yes
|
||||
vars:
|
||||
vpn_network: '10.100.100'
|
||||
vpn_port: '58172'
|
||||
vpn_clients: 1
|
||||
roles:
|
||||
- wireguard_server
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user