add wireguard config

2024-03-20 15:11:31 +01:00 · 2024-03-20 15:11:31 +01:00 · 22a17a8588
parent 3c15538b5e
commit 22a17a8588
5 changed files with 83 additions and 37 deletions
--- a/group_vars/all/vault.yml
+++ b/group_vars/all/vault.yml
@ -1,33 +1,37 @@
 $ANSIBLE_VAULT;1.1;AES256
-32336236313764383566386332623162313361346561623061633863306239343337633832663564
-3834313761376232333062626330363834366637353839300a656532386265656235393263383032
-36613433366163363866336436326330353734303664623464343063323164373063613639346537
-3233356539316464620a356439363531313732376536643465393839323237626133333562313262
-32633037353561323632303636343432393631343035306633333364623164623039653039653838
-35366166316361343837353264353365616331623437386266386662383232656164626561656537
-30623864363163623930353865303965343666626331666435363164343236363732626637396262
-33633063316565313165363266393236303938393032343262303237306239663436336639656566
-62326431393432663763366261386232666533643462373166663166656666393066656235376138
-61373264613936343636373139363266633133376164663864346566646539653064643063316162
-63353461663765363732643037326461646463663737646363333362313536396662336234363734
-35316632333262636561343930636335616361366362303366306135303135383161376562323163
-39636131653265323465326663353839623238353535373637666437316363333465646439613634
-65303432383162626634386431633363623331613165643934343237333963653663353265366163
-35363738663065336565613539316561656461333132393263393861303934646334386237663066
-66393334646634643934303139373030663239646634323565623237376331363861313831363331
-34383834653861623639333034366365636239393432653131643536623436306564333461373032
-31386436616164303830336537653038306331363064363637353439333061373731313138306161
-64663430393238656238623234316536623066653363633963646630316337306436306133376138
-65303065646434313561336462323965646538353436663164333538353934356631383332643331
-32653466346133636236626465636433643130633936396533623366333665373337383164386661
-31646566373239653039336130316432666664336334323135663337656163653261366133346630
-66386532663236666563336237373663623865616530666136333932386138326538633836653765
-66313933623761373064303137613162386662653763666261383563663963653738616537383838
-63646465356165643937303861393637336339656664636138663234646366346530323136653036
-33313563383262663737333933306133643866343539363964343832343435623434336664643762
-35353463313562356330626630303163666530306135313434663731343132346537383834393263
-31303836313130343965353066333337613966323537653134346230613666633935373939363331
-61386539323762333664633633613635653531353930636436356539653033333738383538353162
-37373932353631373563303166333566326430373934346238346431623936316130653335356632
-39316439623936663337633033343562643638373138333039353735383836623639303861613338
-64303066633062613233
+32343331316261336138663136623136613234633137643734396435623630646637643438626631
+3163366335303938656334656435356538303831633764300a343463376665623466646263623866
+30373633653236656164646438366164663630643862396437386262383639363230666562613064
+3339646561373938610a623839356331383631343832303332376234313730356330333234363934
+65616236353966666538633563363234643139626632626338336635326136366639326561316535
+63326366353535653365633163636139353737366635326664336137623630346337663266366263
+32303262306664666132663537313631373638303136613262643232633934366638316565333532
+34393862303832326461623534633133336230376462363035333235663736656235666535373231
+61623836326137656165663365313835663637643766643330373135373466393930333265333238
+34366133653832646561646434376237623734643163303130623634326138396531333564363063
+34383036396236333361313662366536343763613735343564386633373434376337653633613031
+62313039653633626630336262316533363039346462336238616366613331376435353036336262
+64333939643130323364396162313039323461613062373834313933373863306166313736393736
+62386466613439653036613936363562343036393337373432613136373138303838363162613562
+39656331396239396561356136666534306563346161373634613965663839643766323835643538
+36633937353962353162376237393266383635396235623930316538336634316238653362393863
+65653266636437656535353038656163626535616631303463613338643763316438613466636434
+34343632303639616666393935313039323531336530643233663862313336316165333039666262
+36656264646537656437656561643432383662343663303732346430313261633761643266313331
+35663239346135623030623437346165326131643362633565343238396334306464366166306537
+36626466366238373436323739363064366161643934303030336336363265323830336233616136
+30636536656330633838626230653630616230643666353436633461653162333833383564653331
+38323934313034643539316562393837363938353132623433303633366439376533386132393836
+33613233326237333461333633393436353930663633366362393936653832656633316538376533
+33343366613739333038393466376237663038393739363235393966333436343564313535613831
+62643934383437373836343763323831386439613636356332383137343137316136663362323665
+31626232626365653831383661633136333337373263623936626233373362643332623038356337
+34346337646564613066613937326434333262646231356233326530653838313838643639363630
+38663266313931306164323964656463383332343764353833386261396338666264373464643331
+36656534363332633638316636633635626233663830623466643530306436303763316239326466
+38313565336535363464646530636236663764396336356262373565666431376435376337363962
+36643965353365303536373265343865666131646333316563323463666439326365366233656333
+36386531653965633661393436393339346565366239646363616430616239396430653766373430
+31323733323931333036623932316364383661623433386663353665383265323338386335383738
+30386635656139363437643835373964353234333035393664653165636230336331643732386561
+34326336356239356331
--- a/playbook.yml
+++ b/playbook.yml
@ -25,11 +25,17 @@
    firewall_allowed_ports:
      - { port: 80, proto: "tcp" }
      - { port: 443, proto: "tcp" }
+      - { port: 51820, proto: "udp" } # Wireguard
+    wireguard_private_key: "{{ vault_wireguard_private_key }}"
+    wireguard_address: 10.0.24.1/24
+    wireguard_peers:
+      - { AllowedIPs: 10.0.24.2/32, Endpoint: 10.0.0.247:51820, PublicKey: "ZXbZPQY9aycB9t+lqLsiteleeWqxNi+Q37yYZcPIlSA=" }
  roles:
-    - backup
-    - sendmail
-    - nodejs
+    - wireguard
+    # - backup
+    # - sendmail
+    # - nodejs
    - firewall
-    - forgejo
-    - caddy
+    # - forgejo
+    # - caddy

--- a/roles/wireguard/handlers/main.yml
+++ b/roles/wireguard/handlers/main.yml
@ -0,0 +1,7 @@
+---
+- name: reload wireguard
+  systemd:
+    name: wg-quick@wg0
+    state: reloaded
+    enabled: yes
+    masked: no
--- a/roles/wireguard/tasks/main.yml
+++ b/roles/wireguard/tasks/main.yml
@ -0,0 +1,17 @@
+---
+
+- name: install wireguard
+  ansible.builtin.package:
+    name:
+      - wireguard
+    state: present
+
+- name: upload wireguard conf file
+  ansible.builtin.template:
+    src: wg0.conf.j2
+    dest: /etc/wireguard/wg0.conf
+    owner: root
+    group: root
+    mode: '0600'
+  notify: reload wireguard
+
--- a/roles/wireguard/templates/wg0.conf.j2
+++ b/roles/wireguard/templates/wg0.conf.j2
@ -0,0 +1,12 @@
+[Interface]
+Address = {{ wireguard_address }}
+ListenPort = 51820
+PrivateKey = {{ wireguard_private_key }}
+
+{% for peer in wireguard_peers %}
+[Peer]
+{% for key, value in peer.items() %}
+{{ key }} = {{ value }}
+{% endfor %}
+
+{% endfor %}