stefan/wg-aws
1
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

Bugfixes: String nach int in jinja2 muss explizit gemacht werden

Browse Source 
Bugfixes: systemctl explizit aufrufen statt ansible modul verwenden startet das wg0 zuverlässig
This commit is contained in:
Stefan Märkle 2020-12-03 00:09:24 +01:00
parent e3a5d84c9f
commit da392a9c37
3 changed files with 18 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
create_aws_wireguard_server.yml
View File

@ -7,15 +7,19 @@
- name: ssh_pub_key_file - name: ssh_pub_key_file
prompt: Location of your public ssh key prompt: Location of your public ssh key
default: "~/.ssh/id_rsa.pub" default: "~/.ssh/id_rsa.pub"
private: no
- name: aws_region - name: aws_region
prompt: AWS Region to use for instaance prompt: AWS Region to use for instaance
default: "us-east-1" default: "us-east-1"
private: no
- name: aws_ami - name: aws_ami
prompt: Disk image to use for instance (default is debian buster arm64) prompt: Disk image to use for instance (default is debian buster arm64)
default: "ami-057796a93302d0b14" default: "ami-057796a93302d0b14"
private: no
- name: aws_type - name: aws_type
prompt: Instance type to request prompt: Instance type to request
default: "t4g.nano" default: "t4g.nano"
private: no
roles: roles:
- aws_graviton_nano_spot - aws_graviton_nano_spot
@ -26,7 +30,8 @@
vars_prompt: vars_prompt:
- name: vpn_clients - name: vpn_clients
prompt: Number of vpn clients to be generated prompt: Number of vpn clients to be generated
default: "1" default: 1
private: no
vars: vars:
vpn_network: '10.100.100' vpn_network: '10.100.100'
vpn_port: '58172' vpn_port: '58172'

21
roles/wireguard_server/tasks/main.yml
View File

@ -1,9 +1,10 @@
--- ---
- name: (Ubuntu) Update APT package cache - name: Update APT package cache
apt: apt:
update_cache: true update_cache: true
upgrade: dist
- name: (Ubuntu) Ensure WireGuard DKMS package is removed - name: Ensure WireGuard DKMS package is removed
apt: apt:
name: name:
- "wireguard-dkms" - "wireguard-dkms"
@ -22,12 +23,8 @@
- name: Reboot to use new kernel - name: Reboot to use new kernel
reboot: reboot:
- name: ensure wireguard services are stopped and enabled - name: ensure wireguard services are stopped
service: command: "systemctl stop wg-quick@wg0"
name: "wg-quick@wg0"
state: stopped
enabled: yes
ignore_errors: True
- name: generate directories for client configs - name: generate directories for client configs
file: file:
@ -82,11 +79,11 @@
state: present state: present
reload: yes reload: yes
- name: ensure wireguard services are enabled
command: "systemctl enable wg-quick@wg0"
- name: ensure all wireguard services are started - name: ensure all wireguard services are started
service: command: "systemctl start wg-quick@wg0"
name: "wg-quick@wg0"
state: started
ignore_errors: True
- name: download client conf files to the "wireguard_profiles/" folder on your local host - name: download client conf files to the "wireguard_profiles/" folder on your local host
fetch: fetch:

2
roles/wireguard_server/templates/wg0.conf
View File

@ -6,7 +6,7 @@ PrivateKey = {{ private_key_files.results[0].stdout }}
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens5 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o ens5 -j MASQUERADE PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens5 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o ens5 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens5 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o ens5 -j MASQUERADE PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens5 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o ens5 -j MASQUERADE
{% for i in range(vpn_clients) %} {% for i in range(vpn_clients|int) %}
[Peer] [Peer]
PublicKey = {{ public_key_files.results[i + 1].stdout }} PublicKey = {{ public_key_files.results[i + 1].stdout }}
AllowedIPs = {{ vpn_network }}.{{ i + 2 }}/32 AllowedIPs = {{ vpn_network }}.{{ i + 2 }}/32