From 32e8520e7bc005c4bd83e1923b5d0266459a1d6a Mon Sep 17 00:00:00 2001 From: rene Date: Fri, 25 Feb 2022 11:52:20 +0100 Subject: [PATCH] added config for wireguard --- host_vars/mewimeet.de.yml | 3 +++ roles/server/tasks/utilities/wireguard.yml | 18 ++++++++++++++++++ roles/server/templates/client_VPN.conf.j2 | 10 ++++++++++ roles/server/vars/Archlinux.yml | 3 ++- roles/server/vars/Debian.yml | 3 ++- roles/server/vars/main.yml | 2 ++ 6 files changed, 37 insertions(+), 2 deletions(-) create mode 100644 roles/server/tasks/utilities/wireguard.yml create mode 100644 roles/server/templates/client_VPN.conf.j2 diff --git a/host_vars/mewimeet.de.yml b/host_vars/mewimeet.de.yml index 1ef7ed7..2d256f7 100644 --- a/host_vars/mewimeet.de.yml +++ b/host_vars/mewimeet.de.yml @@ -16,3 +16,6 @@ raspberry_pi: false unattended_upgrades: true web_server: true netdata: true + +# VPN +wg_local_ip: 192.168.3.10/32 diff --git a/roles/server/tasks/utilities/wireguard.yml b/roles/server/tasks/utilities/wireguard.yml new file mode 100644 index 0000000..c56f028 --- /dev/null +++ b/roles/server/tasks/utilities/wireguard.yml @@ -0,0 +1,18 @@ +- name: server | utilities | wireguard install + package: + name: "{{ wireguard_package }}" + state: latest + +- name: server | utilities | wireguard generate private key + shell: + cmd: umask 077 && wg genkey | tee privatekey | wg pubkey > publickey + chdir: /etc/wireguard + creates: /etc/wireguard/publickey + +- name: server | utilities | wireguard generate config + template: + dest: "/etc/wireguard/VPN.conf" + src: client_VPN.conf.j2 + owner: root + group: root + mode: '0600' \ No newline at end of file diff --git a/roles/server/templates/client_VPN.conf.j2 b/roles/server/templates/client_VPN.conf.j2 new file mode 100644 index 0000000..b67807d --- /dev/null +++ b/roles/server/templates/client_VPN.conf.j2 @@ -0,0 +1,10 @@ +[Interface] +Address = {{ wg_local_ip }} +ListenPort = 41475 +PostUp = wg set %i private-key /etc/wireguard/privatekey + +[Peer] +PublicKey = {{ wg_server_pubkey }} +Endpoint = wg_endpoint +Allowed_IPs = 192.168.3.0/24, 192.168.1.0/24 +PersistentKeepalive = 25 \ No newline at end of file diff --git a/roles/server/vars/Archlinux.yml b/roles/server/vars/Archlinux.yml index f0d8801..c7a479a 100644 --- a/roles/server/vars/Archlinux.yml +++ b/roles/server/vars/Archlinux.yml @@ -1,2 +1,3 @@ snmpd_package: net-snmp -snmpd_user_file: "/var/net-snmp/snmpd.conf" \ No newline at end of file +snmpd_user_file: "/var/net-snmp/snmpd.conf" +wireguard_package: wireguard-tools \ No newline at end of file diff --git a/roles/server/vars/Debian.yml b/roles/server/vars/Debian.yml index 1a8a2e8..2b6ad7d 100644 --- a/roles/server/vars/Debian.yml +++ b/roles/server/vars/Debian.yml @@ -1,2 +1,3 @@ snmpd_package: snmpd -snmpd_user_file: "/var/lib/snmp/snmpd.conf" \ No newline at end of file +snmpd_user_file: "/var/lib/snmp/snmpd.conf" +wireguard_package: wireguard \ No newline at end of file diff --git a/roles/server/vars/main.yml b/roles/server/vars/main.yml index f4ed801..87cf923 100644 --- a/roles/server/vars/main.yml +++ b/roles/server/vars/main.yml @@ -1 +1,3 @@ swappiness_value: 5 +wg_endpoint: tantooine.myfirewall.org:51820 +wg_server_pubkey: vhRa0WQnMdo97jAwS3a8wnb1C69oL5z1Ee5nmxoiX1w= \ No newline at end of file