From da392a9c374b8e88fe82d9e47460b8d06d303830 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stefan=20M=C3=A4rkle?= Date: Thu, 3 Dec 2020 00:09:24 +0100 Subject: [PATCH] =?UTF-8?q?Bugfixes:=20String=20nach=20int=20in=20jinja2?= =?UTF-8?q?=20muss=20explizit=20gemacht=20werden=20Bugfixes:=20systemctl?= =?UTF-8?q?=20explizit=20aufrufen=20statt=20ansible=20modul=20verwenden=20?= =?UTF-8?q?startet=20das=20wg0=20zuverl=C3=A4ssig?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- create_aws_wireguard_server.yml | 7 ++++++- roles/wireguard_server/tasks/main.yml | 25 ++++++++++------------- roles/wireguard_server/templates/wg0.conf | 2 +- 3 files changed, 18 insertions(+), 16 deletions(-) diff --git a/create_aws_wireguard_server.yml b/create_aws_wireguard_server.yml index cac59ba..13c4c1d 100644 --- a/create_aws_wireguard_server.yml +++ b/create_aws_wireguard_server.yml @@ -7,15 +7,19 @@ - name: ssh_pub_key_file prompt: Location of your public ssh key default: "~/.ssh/id_rsa.pub" + private: no - name: aws_region prompt: AWS Region to use for instaance default: "us-east-1" + private: no - name: aws_ami prompt: Disk image to use for instance (default is debian buster arm64) default: "ami-057796a93302d0b14" + private: no - name: aws_type prompt: Instance type to request default: "t4g.nano" + private: no roles: - aws_graviton_nano_spot @@ -26,7 +30,8 @@ vars_prompt: - name: vpn_clients prompt: Number of vpn clients to be generated - default: "1" + default: 1 + private: no vars: vpn_network: '10.100.100' vpn_port: '58172' diff --git a/roles/wireguard_server/tasks/main.yml b/roles/wireguard_server/tasks/main.yml index d60f41d..8967255 100644 --- a/roles/wireguard_server/tasks/main.yml +++ b/roles/wireguard_server/tasks/main.yml @@ -1,9 +1,10 @@ --- -- name: (Ubuntu) Update APT package cache +- name: Update APT package cache apt: update_cache: true - -- name: (Ubuntu) Ensure WireGuard DKMS package is removed + upgrade: dist + +- name: Ensure WireGuard DKMS package is removed apt: name: - "wireguard-dkms" @@ -22,13 +23,9 @@ - name: Reboot to use new kernel reboot: -- name: ensure wireguard services are stopped and enabled - service: - name: "wg-quick@wg0" - state: stopped - enabled: yes - ignore_errors: True - +- name: ensure wireguard services are stopped + command: "systemctl stop wg-quick@wg0" + - name: generate directories for client configs file: path: "~/wg/client_{{ item }}" @@ -82,11 +79,11 @@ state: present reload: yes +- name: ensure wireguard services are enabled + command: "systemctl enable wg-quick@wg0" + - name: ensure all wireguard services are started - service: - name: "wg-quick@wg0" - state: started - ignore_errors: True + command: "systemctl start wg-quick@wg0" - name: download client conf files to the "wireguard_profiles/" folder on your local host fetch: diff --git a/roles/wireguard_server/templates/wg0.conf b/roles/wireguard_server/templates/wg0.conf index fb0bffc..fb66ad6 100644 --- a/roles/wireguard_server/templates/wg0.conf +++ b/roles/wireguard_server/templates/wg0.conf @@ -6,7 +6,7 @@ PrivateKey = {{ private_key_files.results[0].stdout }} PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens5 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o ens5 -j MASQUERADE PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens5 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o ens5 -j MASQUERADE -{% for i in range(vpn_clients) %} +{% for i in range(vpn_clients|int) %} [Peer] PublicKey = {{ public_key_files.results[i + 1].stdout }} AllowedIPs = {{ vpn_network }}.{{ i + 2 }}/32