added config for wireguard

2022-02-25 11:52:20 +01:00
parent 25168d5020
commit 32e8520e7b
6 changed files with 37 additions and 2 deletions
--- a/roles/server/tasks/utilities/wireguard.yml
+++ b/roles/server/tasks/utilities/wireguard.yml
@@ -0,0 +1,18 @@
+- name: server | utilities | wireguard install
+  package:
+    name: "{{ wireguard_package }}"
+    state: latest
+
+- name: server | utilities | wireguard generate private key
+  shell:
+    cmd: umask 077 && wg genkey | tee privatekey | wg pubkey > publickey
+    chdir: /etc/wireguard
+    creates: /etc/wireguard/publickey
+
+- name: server | utilities | wireguard generate config
+  template:
+    dest: "/etc/wireguard/VPN.conf"
+    src: client_VPN.conf.j2
+    owner: root
+    group: root
+    mode: '0600'
--- a/roles/server/templates/client_VPN.conf.j2
+++ b/roles/server/templates/client_VPN.conf.j2
@@ -0,0 +1,10 @@
+[Interface]
+Address = {{ wg_local_ip }}
+ListenPort = 41475
+PostUp = wg set %i private-key /etc/wireguard/privatekey
+
+[Peer]
+PublicKey = {{ wg_server_pubkey }}
+Endpoint = wg_endpoint
+Allowed_IPs = 192.168.3.0/24, 192.168.1.0/24
+PersistentKeepalive = 25
--- a/roles/server/vars/Archlinux.yml
+++ b/roles/server/vars/Archlinux.yml
@@ -1,2 +1,3 @@
 snmpd_package: net-snmp
-snmpd_user_file: "/var/net-snmp/snmpd.conf"
+snmpd_user_file: "/var/net-snmp/snmpd.conf"
+wireguard_package: wireguard-tools
--- a/roles/server/vars/Debian.yml
+++ b/roles/server/vars/Debian.yml
@@ -1,2 +1,3 @@
 snmpd_package: snmpd
-snmpd_user_file: "/var/lib/snmp/snmpd.conf"
+snmpd_user_file: "/var/lib/snmp/snmpd.conf"
+wireguard_package: wireguard
--- a/roles/server/vars/main.yml
+++ b/roles/server/vars/main.yml
@@ -1 +1,3 @@
 swappiness_value: 5
+wg_endpoint: tantooine.myfirewall.org:51820
+wg_server_pubkey: vhRa0WQnMdo97jAwS3a8wnb1C69oL5z1Ee5nmxoiX1w=