added config for wireguard

host_vars/mewimeet.de.yml

@@ -16,3 +16,6 @@ raspberry_pi: false
 unattended_upgrades: true
 web_server: true
 netdata: true
+
+# VPN
+wg_local_ip: 192.168.3.10/32

roles/server/tasks/utilities/wireguard.yml

@@ -0,0 +1,18 @@
+- name: server | utilities | wireguard install
+  package:
+    name: "{{ wireguard_package }}"
+    state: latest
+
+- name: server | utilities | wireguard generate private key
+  shell:
+    cmd: umask 077 && wg genkey | tee privatekey | wg pubkey > publickey
+    chdir: /etc/wireguard
+    creates: /etc/wireguard/publickey
+
+- name: server | utilities | wireguard generate config
+  template:
+    dest: "/etc/wireguard/VPN.conf"
+    src: client_VPN.conf.j2
+    owner: root
+    group: root
+    mode: '0600'

roles/server/templates/client_VPN.conf.j2

@@ -0,0 +1,10 @@
+[Interface]
+Address = {{ wg_local_ip }}
+ListenPort = 41475
+PostUp = wg set %i private-key /etc/wireguard/privatekey
+
+[Peer]
+PublicKey = {{ wg_server_pubkey }}
+Endpoint = wg_endpoint
+Allowed_IPs = 192.168.3.0/24, 192.168.1.0/24
+PersistentKeepalive = 25

roles/server/vars/Archlinux.yml

@@ -1,2 +1,3 @@
 snmpd_package: net-snmp
 snmpd_user_file: "/var/net-snmp/snmpd.conf"
+wireguard_package: wireguard-tools

roles/server/vars/Debian.yml

@@ -1,2 +1,3 @@
 snmpd_package: snmpd
 snmpd_user_file: "/var/lib/snmp/snmpd.conf"
+wireguard_package: wireguard

roles/server/vars/main.yml

@@ -1 +1,3 @@
 swappiness_value: 5
+wg_endpoint: tantooine.myfirewall.org:51820
+wg_server_pubkey: vhRa0WQnMdo97jAwS3a8wnb1C69oL5z1Ee5nmxoiX1w=