kevinveenbirkenbach/client-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/client-playbook.git synced 2025-09-10 20:57:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: kevinveenbirkenbach:00764013efc15d8f5f9ceb71abef6ebaa8b9dcae
Branches Tags
kevinveenbirkenbach:main
..
compare: kevinveenbirkenbach:main
Branches Tags
kevinveenbirkenbach:main

7 Commits
00764013ef ... main

Author SHA1 Message Date
Kevin Veen-Birkenbach
e40c2b698b Update README.md 2023-04-18 16:30:37 +02:00
Kevin Veen-Birkenbach
13f29ce5f7 Added internet_interfaces variable 2023-04-18 14:34:03 +02:00
Kevin Veen-Birkenbach
1de60742f4 Solved another wireguard bug 2023-04-18 14:25:10 +02:00
Kevin Veen-Birkenbach
028e94d282 Solved wireguard bugs 2023-04-18 13:56:43 +02:00
Kevin Veen-Birkenbach
efe2efd739 Added wireguard debug links to doku 2023-04-16 08:26:13 +02:00
Kevin Veen-Birkenbach
3878dfaada Added hint for wireguard ssh bugs 2023-04-12 14:40:44 +02:00
Kevin Veen-Birkenbach
15a9d3a305 Implemented wireguard for client 2023-04-11 21:21:06 +02:00
10 changed files with 110 additions and 4 deletions
Expand all files Collapse all files

3
README.md
View File

@@ -1,3 +1,6 @@
:no_entry: [DEPRECATED] Developing continues here: https://github.com/kevinveenbirkenbach/computer-playbook
# Client Playbook # Client Playbook
[![License: AGPL v3](https://img.shields.io/badge/License-AGPL%20v3-blue.svg)](https://www.gnu.org/licenses/agpl-3.0) [![License: AGPL v3](https://img.shields.io/badge/License-AGPL%20v3-blue.svg)](https://www.gnu.org/licenses/agpl-3.0)

7
playbook.yml
View File

@@ -4,9 +4,14 @@
roles: roles:
- system-pacman - system-pacman
- collection-administrator-base - collection-administrator-base
- application-caffeine
- driver-non-free - driver-non-free
- name: application-wireguard
hosts: application_wireguard_hosts
become: true
roles:
- application-wireguard
- name: collection-office - name: collection-office
hosts: collection_officetools_hosts hosts: collection_officetools_hosts
become: true become: true

1
roles/application-caffeine/meta/main.yml
View File

@@ -1,3 +1,2 @@
dependencies: dependencies:
- system-aur-helper - system-aur-helper
- system-gnome

28
roles/application-wireguard/README.md Normal file
View File

@@ -0,0 +1,28 @@
# Role Native Wireguard
Manages wireguard on a client.
## Create Client Keys
```bash
wg_private_key="$(wg genkey)"
wg_public_key="$(echo "$wg_private_key" | wg pubkey)"
echo "PrivateKey: $wg_private_key"
echo "PublicKey: $wg_public_key"
echo "PresharedKey: $(wg genpsk)"
```
## Other
- https://golb.hplar.ch/2019/01/expose-server-vpn.html
- https://wiki.archlinux.org/index.php/WireGuard
- https://wireguard.how/server/raspbian/
- https://www.scaleuptech.com/de/blog/was-ist-und-wie-funktioniert-subnetting/
- https://bodhilinux.boards.net/thread/450/wireguard-rtnetlink-answers-permission-denied
- https://stackoverflow.com/questions/69140072/unable-to-ssh-into-wireguard-ip-until-i-ping-another-server-from-inside-the-serv
- https://unix.stackexchange.com/questions/717172/why-is-ufw-blocking-acces-to-ssh-via-wireguard
- https://forum.openwrt.org/t/cannot-ssh-to-clients-on-lan-when-accessing-router-via-wireguard-client/132709/3
- https://serverfault.com/questions/1086297/wireguard-connection-dies-on-ubuntu-peer
- https://unix.stackexchange.com/questions/624987/ssh-fails-to-start-when-listenaddress-is-set-to-wireguard-vpn-ip
- https://serverfault.com/questions/210408/cannot-ssh-debug1-expecting-ssh2-msg-kex-dh-gex-reply
- https://www.thomas-krenn.com/de/wiki/Linux_ip_Kommando
- https://wiki.archlinux.org/title/dhcpcd
- https://wiki.ubuntuusers.de/NetworkManager/Dispatcher/
- https://askubuntu.com/questions/1024916/how-can-i-launch-a-systemd-service-at-startup-before-another-systemd-service-sta

10
roles/application-wireguard/files/set-mtu.service Normal file
View File

@@ -0,0 +1,10 @@
[Unit]
Description=set MTU
Before=wg-quick@wg0.service
[Service]
Type=oneshot
ExecStart=set-mtu.sh
[Install]
RequiredBy=wg-quick@wg0.service

8
roles/application-wireguard/files/wireguard-ip.conf Normal file
View File

@@ -0,0 +1,8 @@
# This file is created by
# https://github.com/kevinveenbirkenbach/client-playbook/tree/main/roles/application-wireguard
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.lo.disable_ipv6 = 0
net.ipv6.conf.all.forwarding = 1
net.ipv4.ip_forward = 1

16
roles/application-wireguard/handlers/main.yml Normal file
View File

@@ -0,0 +1,16 @@
- name: "restart set-mtu.service"
systemd:
name: set-mtu.service
state: restarted
enabled: yes
daemon_reload: yes
- name: "restart wireguard"
systemd:
name: wg-quick@wg0.service
state: restarted
enabled: yes
daemon_reload: yes
- name: "reload sysctl configuration"
shell: "sysctl -p"

32
roles/application-wireguard/tasks/main.yml Normal file
View File

@@ -0,0 +1,32 @@
- name: install wireguard
pacman:
name: wireguard-tools
state: present
- name: create set-mtu.service
copy:
src: set-mtu.service
dest: /etc/systemd/system/set-mtu.service
notify: restart set-mtu.service
- name: create set-mtu.sh
template:
src: set-mtu.sh.j2
dest: /usr/local/bin/set-mtu.sh
notify: restart set-mtu.service
- name: create wireguard-ip.conf
copy:
src: "wireguard-ip.conf"
dest: /etc/sysctl.d/wireguard-ip.conf
owner: root
group: root
notify: reload sysctl configuration
- name: create /etc/wireguard/wg0.conf
copy:
src: "{{ inventory_dir }}/files/{{ inventory_hostname }}/etc/wireguard/wg0.conf"
dest: /etc/wireguard/wg0.conf
owner: root
group: root
notify: restart wireguard

4
roles/application-wireguard/templates/set-mtu.sh.j2 Normal file
View File

@@ -0,0 +1,4 @@
#!/bin/bash
{% for internet_interface in internet_interfaces %}
ip li set mtu 1400 dev {{internet_interface}}
{% endfor %}

1
roles/system-gnome/meta/main.yml
View File

@@ -1,2 +1,3 @@
dependencies: dependencies:
- application-git - application-git
- application-caffeine