Pains-Perdus/ansible
3
1
Fork 0
Code Issues Pull requests 1 Releases Wiki Activity

write vpn config

Browse source
This commit is contained in:
Jean-Marie Mineau 2021-04-22 22:51:33 +02:00
parent 967fc48329
commit 4346b49e62
5 changed files with 39 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
host_vars/azerty.fil.sand.auro.re/vpn.yml
View file

@ -6,7 +6,7 @@ vpn_interfaces:
public_key: "o9rdoSdnp4twbNbZAMl0wY4sFQh647qqRv6V8HJwMQY=" public_key: "o9rdoSdnp4twbNbZAMl0wY4sFQh647qqRv6V8HJwMQY="
keepalive: true keepalive: true
peers: peers:
- endpoint: "{{ hostvars['hindley.adh.auro.re'].enp2s0.ipv4 }}" - endpoint: "{{ hostvars['hindley.adh.auro.re'].interfaces.enp2s0.ipv4 }}"
public_key: "{{ hostvars['hindley.adh.auro.re'].wg0.public_key }}" public_key: "{{ hostvars['hindley.adh.auro.re'].vpn_interfaces.wg0.public_key }}"
allowed_ip: "{{ hostvars['hindley.adh.auro.re'].wg0.ip }}" allowed_ip: "{{ hostvars['hindley.adh.auro.re'].vpn_interfaces.wg0.ip }}"
allowed_mask: "{{ interfaces.wg0.netmaskv4 }}" allowed_mask: "{{ interfaces.wg0.netmaskv4 }}"

6
host_vars/hellman.fil.sand.auro.re/vpn.yml
View file

@ -6,7 +6,7 @@ vpn_interfaces:
public_key: "+qV1RHAgSigOkrxUKqpGR83bydmlIHrEiw+A7zjbRk4=" public_key: "+qV1RHAgSigOkrxUKqpGR83bydmlIHrEiw+A7zjbRk4="
keepalive: true keepalive: true
peers: peers:
- endpoint: "{{ hostvars['hindley.adh.auro.re'].enp2s0.ipv4 }}" - endpoint: "{{ hostvars['hindley.adh.auro.re'].interfaces.enp2s0.ipv4 }}"
public_key: "{{ hostvars['hindley.adh.auro.re'].wg0.public_key }}" public_key: "{{ hostvars['hindley.adh.auro.re'].vpn_interfaces.wg0.public_key }}"
allowed_ip: "{{ hostvars['hindley.adh.auro.re'].wg0.ip }}" allowed_ip: "{{ hostvars['hindley.adh.auro.re'].vpn_interfaces.wg0.ip }}"
allowed_mask: "{{ interfaces.wg0.netmaskv4 }}" allowed_mask: "{{ interfaces.wg0.netmaskv4 }}"

8
host_vars/hindley.adh.auro.re/vpn.yml
View file

@ -7,10 +7,10 @@ vpn_interfaces:
keepalive: false keepalive: false
peers: peers:
- endpoint: "" - endpoint: ""
public_key: "{{ hostvars['azerty.fil.sand.auro.re'].wg0.public_key }}" public_key: "{{ hostvars['azerty.fil.sand.auro.re'].vpn_interfaces.wg0.public_key }}"
allowed_ip: "{{ hostvars['azerty.fil.sand.auro.re'].wg0.ip }}" allowed_ip: "{{ hostvars['azerty.fil.sand.auro.re'].vpn_interfaces.wg0.ip }}"
allowed_mask: 32 allowed_mask: 32
- endpoint: "" - endpoint: ""
public_key: "{{ hostvars['hellman.fil.sand.auro.re'].wg0.public_key }}" public_key: "{{ hostvars['hellman.fil.sand.auro.re'].vpn_interfaces.wg0.public_key }}"
allowed_ip: "{{ hostvars['hellman.fil.sand.auro.re'].wg0.ip }}" allowed_ip: "{{ hostvars['hellman.fil.sand.auro.re'].vpn_interfaces.wg0.ip }}"
allowed_mask: 32 allowed_mask: 32

10
roles/vpn/tasks/main.yml
View file

@ -14,3 +14,13 @@
register: apt_result register: apt_result
retries: 3 retries: 3
until: apt_result is succeeded until: apt_result is succeeded
- name: Create config files
template:
src: "wiregard.conf"
dest: "/etc/wireguard/{{ item.key }}.conf"
owner: root
group: root
mode: '600'
loop:
- "{{ lookup('dict', vpn_interfaces) }}"

19
roles/vpn/templates/wiregard.conf Normal file
View file

@ -0,0 +1,19 @@
{{ ansible_managed | comment }}
[Interface]
Address = {{ item.value.ip }}
PrivateKey = {{ item.value.private_key }}
ListenPort = {{ vpn_port }}
{% for peer in item.value.peers %}
[Peer]
Publickey = {{ peer.public_key }}
{% if peer.endpoint %}
Endpoint = {{peer.endpoint}}:{{ vpn_port }}
{% endif %}
AllowedIPs = {{peer.allowed_ip}}/{{ peer.allowed_mask }}
{% endfor %}
{% if item.value.keepalive %}
PersistentKeepalive = {{ vpn_keepalive_period }}
{% endif %}