stefan/wg-aws
1
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

jetzt läuft er

Browse Source
This commit is contained in:
Stefan Märkle 2020-12-02 19:12:01 +01:00
parent 1bc6136142
commit 3a8c1c5ca0
4 changed files with 14 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1 +1,2 @@
.terraform .terraform
wireguard_profiles/*

14
roles/wireguard_server/tasks/main.yml
View File

@ -22,12 +22,13 @@
- name: Reboot to use new kernel - name: Reboot to use new kernel
reboot: reboot:
- name: ensure all wireguard services are stopped and enabled - name: ensure wireguard services are stopped and enabled
service: service:
name: "wg-quick@wg0" name: "wg-quick@wg0"
state: stopped state: stopped
enabled: yes enabled: yes
ignore_errors: True
- name: generate directories for client configs - name: generate directories for client configs
file: file:
path: "~/wg/client_{{ item }}" path: "~/wg/client_{{ item }}"
@ -40,17 +41,17 @@
- name: generate private and public keys for the client and server - name: generate private and public keys for the client and server
shell: umask 077; wg genkey | tee ~/wg/{{ item }}.private | wg pubkey > ~/wg/{{ item }}.public shell: umask 077; wg genkey | tee ~/wg/{{ item }}.private | wg pubkey > ~/wg/{{ item }}.public
register: key_files register: key_files
with_sequence: start=1 end={{ vpn_clients }} with_sequence: start=0 end={{ vpn_clients }}
- name: register private key file contents - name: register private key file contents
shell: cat ~/wg/{{ item }}.private shell: cat ~/wg/{{ item }}.private
register: private_key_files register: private_key_files
with_sequence: start=1 end={{ vpn_clients }} with_sequence: start=0 end={{ vpn_clients }}
- name: register public key file contents - name: register public key file contents
shell: cat ~/wg/{{ item }}.public shell: cat ~/wg/{{ item }}.public
register: public_key_files register: public_key_files
with_sequence: start=1 end={{ vpn_clients }} with_sequence: start=0 end={{ vpn_clients }}
- name: generate client configs - name: generate client configs
template: template:
@ -85,7 +86,8 @@
service: service:
name: "wg-quick@wg0" name: "wg-quick@wg0"
state: started state: started
ignore_errors: True
- name: download client conf files to the "wireguard_profiles/" folder on your local host - name: download client conf files to the "wireguard_profiles/" folder on your local host
fetch: fetch:
src: "~/wg/client_{{item}}/wg0-client.conf" src: "~/wg/client_{{item}}/wg0-client.conf"

2
roles/wireguard_server/templates/wg0-client.conf
View File

@ -7,4 +7,4 @@ PrivateKey = {{ private_key_files.results[item|int].stdout }}
PublicKey = {{ public_key_files.results[0].stdout }} PublicKey = {{ public_key_files.results[0].stdout }}
AllowedIPs = 0.0.0.0/0 AllowedIPs = 0.0.0.0/0
Endpoint = {{ ansible_default_ipv4.address }}:{{ vpn_port }} Endpoint = {{ ansible_default_ipv4.address }}:{{ vpn_port }}
PersistentKeepalive = {{ vpn_persistent_keepalive }} PersistentKeepalive = 1

10
wireguard.yml
View File

@ -1,10 +1,4 @@
--- ---
- name: set defaults
vars:
vpn_network: '10.100.100'
vpn_port: '58172'
vpn_clients: 1
# manually prepare inventory # manually prepare inventory
- name: add host - name: add host
hosts: localhost hosts: localhost
@ -19,5 +13,9 @@
hosts: launched hosts: launched
remote_user: admin remote_user: admin
become: yes become: yes
vars:
vpn_network: '10.100.100'
vpn_port: '58172'
vpn_clients: 1
roles: roles:
- wireguard_server - wireguard_server