Pains-Perdus/ansible
3
1
Fork 0
Code Issues Pull requests 1 Releases Wiki Activity

add comment

Browse source
This commit is contained in:
Jean-Marie Mineau 2021-04-23 00:40:31 +02:00
parent 763911246e
commit 1881ba57c2
6 changed files with 17 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
host_vars/azerty.fil.sand.auro.re/vpn.yml
View file

@ -10,3 +10,4 @@ vpn_interfaces:
public_key: "{{ hostvars['hindley.adh.auro.re'].vpn_interfaces.wg0.public_key }}" public_key: "{{ hostvars['hindley.adh.auro.re'].vpn_interfaces.wg0.public_key }}"
allowed_ip: "{{ hostvars['hindley.adh.auro.re'].vpn_interfaces.wg0.ip }}" allowed_ip: "{{ hostvars['hindley.adh.auro.re'].vpn_interfaces.wg0.ip }}"
allowed_mask: "{{ interfaces.wg0.netmaskv4 }}" allowed_mask: "{{ interfaces.wg0.netmaskv4 }}"
comment: "hindley"

1
host_vars/hellman.fil.sand.auro.re/vpn.yml
View file

@ -10,3 +10,4 @@ vpn_interfaces:
public_key: "{{ hostvars['hindley.adh.auro.re'].vpn_interfaces.wg0.public_key }}" public_key: "{{ hostvars['hindley.adh.auro.re'].vpn_interfaces.wg0.public_key }}"
allowed_ip: "{{ hostvars['hindley.adh.auro.re'].vpn_interfaces.wg0.ip }}" allowed_ip: "{{ hostvars['hindley.adh.auro.re'].vpn_interfaces.wg0.ip }}"
allowed_mask: "{{ interfaces.wg0.netmaskv4 }}" allowed_mask: "{{ interfaces.wg0.netmaskv4 }}"
comment: "hindley"

7
host_vars/hindley.adh.auro.re/vpn.yml
View file

@ -10,7 +10,14 @@ vpn_interfaces:
public_key: "{{ hostvars['azerty.fil.sand.auro.re'].vpn_interfaces.wg0.public_key }}" public_key: "{{ hostvars['azerty.fil.sand.auro.re'].vpn_interfaces.wg0.public_key }}"
allowed_ip: "{{ hostvars['azerty.fil.sand.auro.re'].vpn_interfaces.wg0.ip }}" allowed_ip: "{{ hostvars['azerty.fil.sand.auro.re'].vpn_interfaces.wg0.ip }}"
allowed_mask: 32 allowed_mask: 32
comment: "azerty"
- endpoint: "" - endpoint: ""
public_key: "{{ hostvars['hellman.fil.sand.auro.re'].vpn_interfaces.wg0.public_key }}" public_key: "{{ hostvars['hellman.fil.sand.auro.re'].vpn_interfaces.wg0.public_key }}"
allowed_ip: "{{ hostvars['hellman.fil.sand.auro.re'].vpn_interfaces.wg0.ip }}" allowed_ip: "{{ hostvars['hellman.fil.sand.auro.re'].vpn_interfaces.wg0.ip }}"
allowed_mask: 32 allowed_mask: 32
comment: "hellman"
- endpoint: ""
public_key: "NVKyKcX6PEEApSZvAwnT9gfMmMo6o5Go5FtzEPvh+y8="
allowed_ip: "172.20.1.200"
allowed_mask: 32
comment: "knuth"

4
roles/vpn/handlers/main.yml
View file

@ -1,5 +1,7 @@
--- ---
- name: Reload wireguard for interface - name: Reload wireguard for interface
systemd: systemd:
name: "wg-quick@{{ item.key }}" name: "wg-quick@{{ item }}"
state: reloaded state: reloaded
loop:
- "{{ vpn_interfaces.key() }}"

6
roles/vpn/tasks/main.yml
View file

@ -28,15 +28,16 @@
until: apt_result is succeeded until: apt_result is succeeded
- name: Create config files - name: Create config files
template: ansible.builtin.template:
src: "wiregard.conf" src: "wiregard.conf"
dest: "/etc/wireguard/{{ item.key }}.conf" dest: "/etc/wireguard/{{ item.key }}.conf"
owner: root owner: root
group: root group: root
mode: '600' mode: '600'
notify: Reload wireguard for interface
loop: loop:
- "{{ lookup('dict', vpn_interfaces) }}" - "{{ lookup('dict', vpn_interfaces) }}"
notify: Reload wireguard for interface no_log: true
- name: Enable interface - name: Enable interface
systemd: systemd:
@ -45,3 +46,4 @@
enabled: yes enabled: yes
loop: loop:
- "{{ lookup('dict', vpn_interfaces) }}" - "{{ lookup('dict', vpn_interfaces) }}"
no_log: true

1
roles/vpn/templates/wiregard.conf
View file

@ -7,6 +7,7 @@ ListenPort = {{ vpn_port }}
{% for peer in item.value.peers %} {% for peer in item.value.peers %}
[Peer] [Peer]
{{ peer.comment | comment }}
Publickey = {{ peer.public_key }} Publickey = {{ peer.public_key }}
{% if peer.endpoint %} {% if peer.endpoint %}
Endpoint = {{peer.endpoint}}:{{ vpn_port }} Endpoint = {{peer.endpoint}}:{{ vpn_port }}