From 4346b49e62946a3c0b2668e6111a570642fb189b Mon Sep 17 00:00:00 2001 From: Jean-Marie Mineau Date: Thu, 22 Apr 2021 22:51:33 +0200 Subject: [PATCH] write vpn config --- host_vars/azerty.fil.sand.auro.re/vpn.yml | 6 +++--- host_vars/hellman.fil.sand.auro.re/vpn.yml | 6 +++--- host_vars/hindley.adh.auro.re/vpn.yml | 8 ++++---- roles/vpn/tasks/main.yml | 10 ++++++++++ roles/vpn/templates/wiregard.conf | 19 +++++++++++++++++++ 5 files changed, 39 insertions(+), 10 deletions(-) create mode 100644 roles/vpn/templates/wiregard.conf diff --git a/host_vars/azerty.fil.sand.auro.re/vpn.yml b/host_vars/azerty.fil.sand.auro.re/vpn.yml index 4643237..85576a7 100644 --- a/host_vars/azerty.fil.sand.auro.re/vpn.yml +++ b/host_vars/azerty.fil.sand.auro.re/vpn.yml @@ -6,7 +6,7 @@ vpn_interfaces: public_key: "o9rdoSdnp4twbNbZAMl0wY4sFQh647qqRv6V8HJwMQY=" keepalive: true peers: - - endpoint: "{{ hostvars['hindley.adh.auro.re'].enp2s0.ipv4 }}" - public_key: "{{ hostvars['hindley.adh.auro.re'].wg0.public_key }}" - allowed_ip: "{{ hostvars['hindley.adh.auro.re'].wg0.ip }}" + - endpoint: "{{ hostvars['hindley.adh.auro.re'].interfaces.enp2s0.ipv4 }}" + public_key: "{{ hostvars['hindley.adh.auro.re'].vpn_interfaces.wg0.public_key }}" + allowed_ip: "{{ hostvars['hindley.adh.auro.re'].vpn_interfaces.wg0.ip }}" allowed_mask: "{{ interfaces.wg0.netmaskv4 }}" diff --git a/host_vars/hellman.fil.sand.auro.re/vpn.yml b/host_vars/hellman.fil.sand.auro.re/vpn.yml index d7992d7..c7e16dd 100644 --- a/host_vars/hellman.fil.sand.auro.re/vpn.yml +++ b/host_vars/hellman.fil.sand.auro.re/vpn.yml @@ -6,7 +6,7 @@ vpn_interfaces: public_key: "+qV1RHAgSigOkrxUKqpGR83bydmlIHrEiw+A7zjbRk4=" keepalive: true peers: - - endpoint: "{{ hostvars['hindley.adh.auro.re'].enp2s0.ipv4 }}" - public_key: "{{ hostvars['hindley.adh.auro.re'].wg0.public_key }}" - allowed_ip: "{{ hostvars['hindley.adh.auro.re'].wg0.ip }}" + - endpoint: "{{ hostvars['hindley.adh.auro.re'].interfaces.enp2s0.ipv4 }}" + public_key: "{{ hostvars['hindley.adh.auro.re'].vpn_interfaces.wg0.public_key }}" + allowed_ip: "{{ hostvars['hindley.adh.auro.re'].vpn_interfaces.wg0.ip }}" allowed_mask: "{{ interfaces.wg0.netmaskv4 }}" diff --git a/host_vars/hindley.adh.auro.re/vpn.yml b/host_vars/hindley.adh.auro.re/vpn.yml index 4d332a6..68ed2f4 100644 --- a/host_vars/hindley.adh.auro.re/vpn.yml +++ b/host_vars/hindley.adh.auro.re/vpn.yml @@ -7,10 +7,10 @@ vpn_interfaces: keepalive: false peers: - endpoint: "" - public_key: "{{ hostvars['azerty.fil.sand.auro.re'].wg0.public_key }}" - allowed_ip: "{{ hostvars['azerty.fil.sand.auro.re'].wg0.ip }}" + public_key: "{{ hostvars['azerty.fil.sand.auro.re'].vpn_interfaces.wg0.public_key }}" + allowed_ip: "{{ hostvars['azerty.fil.sand.auro.re'].vpn_interfaces.wg0.ip }}" allowed_mask: 32 - endpoint: "" - public_key: "{{ hostvars['hellman.fil.sand.auro.re'].wg0.public_key }}" - allowed_ip: "{{ hostvars['hellman.fil.sand.auro.re'].wg0.ip }}" + public_key: "{{ hostvars['hellman.fil.sand.auro.re'].vpn_interfaces.wg0.public_key }}" + allowed_ip: "{{ hostvars['hellman.fil.sand.auro.re'].vpn_interfaces.wg0.ip }}" allowed_mask: 32 diff --git a/roles/vpn/tasks/main.yml b/roles/vpn/tasks/main.yml index e69abd1..a239ebc 100644 --- a/roles/vpn/tasks/main.yml +++ b/roles/vpn/tasks/main.yml @@ -14,3 +14,13 @@ register: apt_result retries: 3 until: apt_result is succeeded + +- name: Create config files + template: + src: "wiregard.conf" + dest: "/etc/wireguard/{{ item.key }}.conf" + owner: root + group: root + mode: '600' + loop: + - "{{ lookup('dict', vpn_interfaces) }}" diff --git a/roles/vpn/templates/wiregard.conf b/roles/vpn/templates/wiregard.conf new file mode 100644 index 0000000..df1abeb --- /dev/null +++ b/roles/vpn/templates/wiregard.conf @@ -0,0 +1,19 @@ +{{ ansible_managed | comment }} + +[Interface] +Address = {{ item.value.ip }} +PrivateKey = {{ item.value.private_key }} +ListenPort = {{ vpn_port }} + +{% for peer in item.value.peers %} +[Peer] +Publickey = {{ peer.public_key }} +{% if peer.endpoint %} +Endpoint = {{peer.endpoint}}:{{ vpn_port }} +{% endif %} +AllowedIPs = {{peer.allowed_ip}}/{{ peer.allowed_mask }} + +{% endfor %} +{% if item.value.keepalive %} +PersistentKeepalive = {{ vpn_keepalive_period }} +{% endif %}