nikos/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

wireguard

Browse source
This commit is contained in:
Nikos Papadakis 2023-11-27 21:07:07 +02:00
parent 33f12242ba
commit 115b4d2315
Signed by untrusted user who does not match committer: nikos
GPG key ID: 78871F9905ADFF02
7 changed files with 164 additions and 53 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
group_vars/all/vars.yml
View file

@ -22,3 +22,6 @@ s3_bucket: "prymn-cache"
s3_endpoint: "https://75178f9eca227dea51b3db4db2c15a5a.r2.cloudflarestorage.com" s3_endpoint: "https://75178f9eca227dea51b3db4db2c15a5a.r2.cloudflarestorage.com"
s3_access_key_id: "{{ vault_s3_access_key_id }}" s3_access_key_id: "{{ vault_s3_access_key_id }}"
s3_secret_access_key: "{{ vault_s3_secret_access_key }}" s3_secret_access_key: "{{ vault_s3_secret_access_key }}"
# Wireguard
wireguard_network_mask: "24"

99
group_vars/all/vault.yml
View file

@ -1,45 +1,56 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
39336333366236356239623062636364663831633864353733343532393165303336366365383237 64626230316465373033333462313931373532323836636534636236656430633834313763353132
3763316534363437643533313137353765393137356365350a323538353163303536366636363136 6563653435363139656138656436616130356537323039610a323863306264393861373865326231
63393261336165396139313731643466373434363661393536633132636637383639396131383063 66383761623061663766613735333237303936616531383136653361313831656364383362613937
3339383836386339370a306636323139323766616563623336643163323836353230346531323563 3364636531316338630a383435636361616138373161656462343832333037323762366638636534
63336339306632336234646435613031626438653562643137383938386630343261623637633462 61346231313633323631346166336334383335633637313535323237383735386566313234663062
36316438356239333031656639366333613731633836613961366639326135336534626233303435 35636433346435386436623933623663366536366461636232326463396563346430383564383033
36366233616262306632346434666339376665326337663539663533353735646134653164376238 62323831613532653665373232346336613562356232636363353839613438373134373131613462
65356261646638326465633165393535353434613833363235346132363230623837343432613539 64653839383962323332623030386532643235383335656434343431323865356563343437643666
61646135663131396261376333373236643535333838663833353265326262336632616335643266 64616265613031633036373235633232346231653930333230343337613464346136653130383162
65306435303164633937313932373261613733366561343636326530366338633931383435623739 31616362656430666262373765383934323831653065653765663732393339376562653036636436
33353339653165616637616563343930613564303134353333636561613935326232366532356638 30383166633365366666623831343634326533326434303263663138333135356163326533343436
39393566343032336535363033656630316361346332636538393530346537306238633135313762 66306231663963373930393337303636393530373734306533333630363136323636393465633863
31636336646638363937373133396630666562326330636339663265353833353636633561626561 31613664313531373136336536353639633261353936663639646230353063373665303439363832
34336331326433643636386439666234663936343633323935323232653534643962616336643438 66623961656266386166633634656433636662616332633265326364626464626633613062653862
66656331363038303838356337376439303430656333623834393236366238353536656363623830 63323165646266643438616363393131653461353836336431393730666561363333333565303839
39643963666464646436663065626533343261303536353464343464326238373839346161343733 65376135363764616631636330656237656637656530646431373433316631613664313130343434
66333762343535376331343931663833363831633934623537643535646661633232393333373430 35323035613463383063356536316363323930623833633231353032363638623165363764353466
66336136613964373931383936343730613665373231393765316264363163353338313134623939 66363534653531646533346532303737636539633031666565373331643233373535333533653934
62393165386130316461653637666662313163313132633663363336396232316466383938643265 31643466363561643563363430383936663331626563303634333963313132323336346437336139
39656636633561653333383762313362333032633665633836323637616133626662633934343430 64383365336132633863316338306637353265653437363434663664613733656564373465643261
35623632656234333262366131633534653364623835656238373464313963663238313831633163 61646163323937366364666235326166636561636165653738633064343438393438316364623336
37613166313336346365323466346666366433303934343635323938663431363130373231626233 30353730363731636364303430393664313332663266643862623838363638343861333238663462
65323738663565653063623863393135666363306337653634623866626536656134613763376634 38383838303839633237653730326536383265613537643566373562323036356161646231623965
30663136643537376235663736313765323864633137373131326165653336663066623931626264 32373930653936663334613034313030633863336265653236613532373464316437366466313866
38666539356130303036653933373965343537303032333039646530363734623031356565633764 39613435353465396337656332633031633936303033373238623731373736363532363662363665
34623236343365363761613435393961343436343632633632323338333530303735633037326563 66383864343932646637653333626534613739623733353133656265623661393662303162353433
37393231303064653239653062356238376463333139326261343765353136396334316537656566 66386166356165313234633039643264353836613864376335653463346466386339636165363236
39386433636538663230346439303961396463353937383237363536376562336664646665663362 38323235636162323464633537363334386464623465393836333532376530393465633038343132
64653164373166323165656264616666353633333435336432616466303539636362663835643762 39366465313134613338373038393638653266316162396264613031356339613036613065323433
63386336343334663834336536336134363830383962633738623831663436383265663031656362 32366133326166366166666465646565623134383138653239343236336666636131373930653437
33356365393035333136653662646535333963663333653535353532636639313264666265323532 31366630663565313436656434326238633739383232646462636561303634326534333931633039
31656530313464376165666338613633336364613131356539386239373161643134386634396462 31396262323930613466353732353730323761383132313932303238366331316135363037636535
63306264313262643735393031393936303832363261633561343534396438613630373163383365 39616235643930653730303165663834663931356435323337343837646566336363336662626361
35633639623931383431386232366562616236363737363936646335383161623634623331316637 34363966323236366531343865343037386435613966366531333936663532366630656362316661
36656438393736366566323938366338646166353161666237653835306232313465626337613336 33313666333534396332633935363366326135376633613536643733336638326237346564303639
30363564336231613034653839326638623262353236663431336131336633633134363165636534 36323932636131386662396538346465353637363336303533383239306564613066613936643061
63616532613530663762663263633737323937353636366338616137643237623339396366333535 33653133366336663738393930343166626235383634336538653038373365663437613866666434
33613065363563366639643236663538313263336535663437653234653635646633636365363439 35646134363166623430666238376566373066396634646638383466636666323465653766323431
62373135363162633666336138616637353836393664323264653365306431333835363130343933 63326462333132306233616336353431346432613463353237646439653634316338313932636562
62356563623731323936613635623463633436333835626633343866333835643337666132356464 66653165663230643436323366353436316236363130666264353362633235653734326236653534
62303638386332666162386435346166666236313932613635303139356565393464623131633833 66333265393533633933616436656336393333373637313032616564623633323835373533613431
37343632393332623037323237623839633962653735383732343232346238396566323663356263 62633063633736333963656434616564363565613337636361616534323466623338613639356530
35393561636566623234346631356236316434633135353361366437653539623833643664336339 37353461663231643730623065386630316338373735613031646234373934356262373963313961
39393765643930636261 38343365313066306433636665623863313539306539663537326334386434623361323336393163
31373163623032376133343830323430343464306536363432663130656662306364323734353738
61343930303366393762333235623164333437653663396461376431383637613061383231623563
65353332626634346561383961393236346137663061376330363636643266383962336531643939
35623865323362643430366532336131343666326239303865333435363962653030376631306434
33343938656436316162366535363530346337306134343234613532303662336336356262616236
66663562363664333533343032373736363065336261366531306237363733663838363035633262
33393230353230613861363639343462313237626362366436386563303534393937363730303436
64313239323937663937623535643763376666666166663762346634633535373266386162626563
65383130353437633436363066336130373465363733643934653262633861356437643563373164
33393637653861653763323461323936323732396130346436316238636137663534393966303735
636235396664353737373234353163343031

2
host_vars/ulna.papadakis.xyz.yml Normal file
View file

@ -0,0 +1,2 @@
ansible_become_pass: "{{ ulna_become_pass | default(omit) }}"
wireguard_ip: "10.0.42.1"

18
inventory.yml
View file

@ -1,10 +1,10 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
34626236366363333963613532643239643331333637613664653238336431636338303537643936 63383865353331316465646437666363343664626434643739393438303730393631393432343637
3830343365336262633165616535363336313665383261310a383931623831326530313837346137 3733346231383266656534303832633034633732626561390a613162336331666664343736653738
35663961343433396461653164613666363331396430393131393038393433346263653331653064 31623637366437303533373737353131333132393734376261313739613263343936633364616333
3162663361623439340a363865633661623563366330336666633766656531663033613131343466 3666623632636534390a383965643035633062396265623534333733313864326566346530313532
39366463393839333963326531376436373038386239623937303839336264336462613236623431 63313566316465376561623938326139306237633131666232656634623361306333373761323266
37633635333738316665346463333361363234636465333764643464323830313636616165646365 38376437613930303163393364656435396538616334666334353231356131313537393164663838
39663235323764323564326135333631613665336338646565666362336666633337643065626362 30653966373633343231656235336639626631623337303330616232653430383132343634626239
66663631313434393636326531616261623132633730333439313534636165373635393465616531 37366231366632353162393233646233343231316561363136633062353636333363663639623333
66643663376238653164626364386338363863366661313235353966316664343039 3939

31
templates/wireguard/wg0.netdev.j2 Normal file
View file

@ -0,0 +1,31 @@
[NetDev]
Name=wg0
Kind=wireguard
Description=Wireguard tunnel wg0
[WireGuard]
ListenPort=51820
PrivateKey={{ wireguard_private_key.stdout }}
{% for peer in groups['wireguard'] %}
{% if peer != inventory_hostname %}
[WireGuardPeer]
PublicKey={{ hostvars[peer].wireguard_public_key.stdout }}
AllowedIPs={{ hostvars[peer].wireguard_ip }}/32
PersistentKeepalive=25
{% endif %}
{% endfor %}
# ouroboros
[WireGuardPeer]
PublicKey={{ ouroboros_wireguard_public_key }}
AllowedIPs={{ ouroboros_wireguard_ip }}/32
PersistentKeepalive=25
# mobile
[WireGuardPeer]
PublicKey={{ mobile_wireguard_public_key }}
AllowedIPs={{ mobile_wireguard_ip }}/32
PersistentKeepalive=25

5
templates/wireguard/wg0.network.j2 Normal file
View file

@ -0,0 +1,5 @@
[Match]
Name=wg0
[Network]
Address={{ wireguard_ip }}/{{ wireguard_network_mask }}

59
wireguard.yml Normal file
View file

@ -0,0 +1,59 @@
---
- hosts: [wireguard]
tasks:
- name: Install wireguard packages
become: true
ansible.builtin.apt:
name: wireguard
state: present
- name: Generate keys
become: true
ansible.builtin.shell: |
umask 0077
wg genkey > /etc/wireguard/privatekey
wg pubkey < /etc/wireguard/privatekey > /etc/wireguard/publickey
args:
creates:
- /etc/wireguard/privatekey
- /etc/wireguard/publickey
- name: Register public key
become: true
ansible.builtin.shell: cat /etc/wireguard/publickey
register: wireguard_public_key
changed_when: false
- name: Register private key
become: true
ansible.builtin.shell: cat /etc/wireguard/privatekey
register: wireguard_private_key
changed_when: false
- name: Setup network device
become: yes
notify: systemd network restart
ansible.builtin.template:
src: ./templates/wireguard/wg0.netdev.j2
dest: /etc/systemd/network/wg0.netdev
owner: root
group: systemd-network
mode: 0640
- name: Setup network
become: yes
notify: systemd network restart
ansible.builtin.template:
src: ./templates/wireguard/wg0.network.j2
dest: /etc/systemd/network/wg0.network
owner: root
group: systemd-network
mode: 0640
handlers:
- name: systemd network restart
become: true
ansible.builtin.service:
name: systemd-networkd
state: restarted
enabled: true