diff --git a/Readme.md b/Readme.md index 94efde3..455deff 100644 --- a/Readme.md +++ b/Readme.md @@ -1,2 +1,34 @@ - ansible-galaxy collection install amazon.aws + # wireguard on aws server + + This is an ansible playbook that launches a wireguard vpn server in the amazon cloud. + + Created by Stefan Maerkle `` + + ## Optimized for minimized costs + It is optimized to minimize aws costs: + - uses arm64 graviton instances (cheaper than amd64) + - uses spot instance (cheaper than on demand) + - uses t4g.nano with 512MB (smallest/cheapest instance type) + - uses Debian 10 arm64 ami + +## What does it do? +It installs a debian server (arm64) and wireguard on it. It configures wireguard with as much clients as you need and provides the client profiles you need to get your wireguard clients running. +Some details: +- Uses private subnet 10.100.100.0/24 that is then nat'ed to the internet +- Uses quad9 dns server 9.9.9.9 through the tunnel +- Client does route EVERYTHING through the tunnel + + ## Prerequisites + 1. You need an aws account + 2. You need credentials for api usage and store them in environment variables `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` + 3. You need a ssh key that you can use to connect to a linux instance e.g. `~/.ssh/id_rsa` and `~/.ssh/id_rsa.pub` + 4. You need ansible installed on your machine e.g. `apt-get install ansible` + 5. You need the amazon.aws collection installed from ansible-galaxy e.g. `ansible-galaxy collection install amazon.aws` + +## Installation of server +1. ansible-playbook gravitoninstance.yml + +## Installation of clients +1. Install wireguard client for your operating system (e.g. via package manager or Appstore) +2. Import the client profile that was created during the server installation. It is located in `wireguard_profiles` subfolder. \ No newline at end of file