Tips-Of-Mine/infrastructure
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Install and provision wireguard client on ingress server

Browse Source
This commit is contained in:
Jake Howard
2020-12-21 18:24:35 +00:00
parent 3197953796
commit 30cb9e52e7
6 changed files with 83 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
ansible/roles/ingress/files/wireguard.conf Normal file
View File

@ -0,0 +1,10 @@
[Interface]
Address = {{ ingress_wireguard.ip }}
PrivateKey = {{ ingress_wireguard.private_key }}
[Peer]
PublicKey = {{ wireguard.server.public_key }}
Endpoint = {{ wireguard.public_ip }}:{{ wireguard.port }}
AllowedIPs = {{ wireguard.cidr }}
PersistentKeepalive = 25

5
ansible/roles/ingress/handlers/main.yml Normal file
View File

@ -0,0 +1,5 @@
- name: restart wireguard
service:
name: wg-quick.wg0
state: restarted
become: true

2
ansible/roles/ingress/tasks/main.yml Normal file
View File

@ -0,0 +1,2 @@
- name: Configure wireguard
include: wireguard.yml

44
ansible/roles/ingress/tasks/wireguard.yml Normal file
View File

@ -0,0 +1,44 @@
- name: Install Wireguard
package:
name:
- wireguard-virt
- wireguard-tools
become: true
- name: Get wireguard credentials
set_fact:
ingress_wireguard: "{{ wireguard.clients.ingress }}"
- name: Wireguard config
template:
src: files/wireguard.conf
dest: /etc/wireguard/wg0.conf
mode: "0600"
backup: true
become: true
notify: restart wireguard
# Wireguard on Alpine doesn't ship a native OpenRC service
- name: Download wireguard service
get_url:
url: https://gitweb.gentoo.org/repo/gentoo.git/plain/net-vpn/wireguard-tools/files/wg-quick.init
dest: /etc/init.d/wg-quick.wg0
mode: "0755"
backup: yes
become: true
- name: Enable wireguard
service:
name: wg-quick.wg0
enabled: true
become: true
- name: Enable p2p communication
sysctl:
name: net.ipv4.ip_forward
value: "1"
sysctl_set: yes
state: present
reload: yes
sysctl_file: /etc/sysctl.d/99-sysctl.conf
become: true