kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-10-31 10:19:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Optimized wireguard roles

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2023-04-18 18:24:55 +02:00
parent 9f1a4c6fdb
commit 1e5b9317d7
17 changed files with 54 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
playbook.yml
View File

@@ -14,16 +14,25 @@
- server_native-disc-space-check
- server_native-free-disc-space
- server_native-btrfs-health-check
- name: setup standard wireguard hosts
hosts: wireguard
# Wireguard Rollen
- name: setup standard wireguard
hosts: wireguard_server
become: true
roles:
- server_native-wireguard
- name: setup wireguard hosts behind firewall\nat
- independent-application-wireguard
- name: setup wireguard client behind firewall\nat
hosts: wireguard_behind_firewall
become: true
roles:
- server_native-wireguard-behind-firewall
- client_application-wireguard-behind-firewall
- name: setup wireguard client
hosts: wireguard_client
become: true
roles:
- client_application-wireguard
# Native Webserver Roles
- name: setup homepages
@@ -185,12 +194,6 @@
- pc_collection-administrator-base
- pc_driver-non-free
- name: pc_application-wireguard
hosts: application_wireguard
become: true
roles:
- pc_application-wireguard
- name: pc_collection-office
hosts: collection_officetools
become: true

2
roles/server_native-wireguard-behind-firewall/readme.md → roles/client_application-wireguard-behind-firewall/README.md
View File

@@ -1,4 +1,4 @@
# server_native-wireguard-behind-nat
# client-wireguard-behind-nat
# see
- https://gist.github.com/insdavm/b1034635ab23b8839bf957aa406b5e39

2
roles/client_application-wireguard-behind-firewall/meta/main.yml Normal file
View File

@@ -0,0 +1,2 @@
dependencies:
- client_application-wireguard

0
roles/server_native-wireguard-behind-firewall/tasks/main.yml → roles/client_application-wireguard-behind-firewall/tasks/main.yml
View File

0
roles/pc_application-wireguard/README.md → roles/client_application-wireguard/README.md
View File

0
roles/pc_application-wireguard/files/set-mtu.service → roles/client_application-wireguard/files/set-mtu.service
View File

6
roles/client_application-wireguard/handlers/main.yml Normal file
View File

@@ -0,0 +1,6 @@
- name: "restart set-mtu.service"
systemd:
name: set-mtu.service
state: restarted
enabled: yes
daemon_reload: yes

2
roles/client_application-wireguard/meta/main.yml Normal file
View File

@@ -0,0 +1,2 @@
dependencies:
- independent-application-wireguard

11
roles/client_application-wireguard/tasks/main.yml Normal file
View File

@@ -0,0 +1,11 @@
- name: create set-mtu.service
copy:
src: set-mtu.service
dest: /etc/systemd/system/set-mtu.service
notify: restart set-mtu.service
- name: create set-mtu.sh
template:
src: set-mtu.sh.j2
dest: /usr/local/bin/set-mtu.sh
notify: restart set-mtu.service

0
roles/pc_application-wireguard/templates/set-mtu.sh.j2 → roles/client_application-wireguard/templates/set-mtu.sh.j2
View File

0
roles/server_native-wireguard/README.md → roles/independent-application-wireguard/README.md
View File

0
roles/pc_application-wireguard/files/wireguard-ip.conf → roles/independent-application-wireguard/files/wireguard-ip.conf
View File

3
roles/server_native-wireguard/handlers/main.yml → roles/independent-application-wireguard/handlers/main.yml
View File

@@ -4,3 +4,6 @@
state: restarted
enabled: yes
daemon_reload: yes
- name: "reload sysctl configuration"
shell: "sysctl --load='/etc/sysctl.d/wireguard-ip.conf'"

24
roles/server_native-wireguard/tasks/main.yml → roles/independent-application-wireguard/tasks/main.yml
View File

@@ -1,21 +1,27 @@
- name: install wireguard for Arch
pacman: name=wireguard-tools state=present
pacman:
name: wireguard-tools
state: present
when: ansible_os_family == "Archlinux"
- name: install wireguard for Ubuntu
apt: name=wireguard state=present
apt:
name: wireguard
state: present
when: ansible_os_family == "Debian"
- name: create wireguard-ip.conf
copy:
src: "wireguard-ip.conf"
dest: /etc/sysctl.d/wireguard-ip.conf
owner: root
group: root
notify: reload sysctl configuration
- name: create /etc/wireguard/wg0.conf
copy:
src: "{{ inventory_dir }}/files/{{ inventory_hostname }}/etc/wireguard/wg0.conf"
dest: /etc/wireguard/wg0.conf
owner: root
group: root
notify: restart wireguard
- name: enable ipv4-forwarding
shell: sysctl net.ipv4.ip_forward=1
- name: enable ipv6-forwarding
shell: sysctl net.ipv6.conf.all.forwarding=1
notify: restart wireguard

16
roles/pc_application-wireguard/handlers/main.yml
View File

@@ -1,16 +0,0 @@
- name: "restart set-mtu.service"
systemd:
name: set-mtu.service
state: restarted
enabled: yes
daemon_reload: yes
- name: "restart wireguard"
systemd:
name: wg-quick@wg0.service
state: restarted
enabled: yes
daemon_reload: yes
- name: "reload sysctl configuration"
shell: "sysctl -p"

32
roles/pc_application-wireguard/tasks/main.yml
View File

@@ -1,32 +0,0 @@
- name: install wireguard
pacman:
name: wireguard-tools
state: present
- name: create set-mtu.service
copy:
src: set-mtu.service
dest: /etc/systemd/system/set-mtu.service
notify: restart set-mtu.service
- name: create set-mtu.sh
template:
src: set-mtu.sh.j2
dest: /usr/local/bin/set-mtu.sh
notify: restart set-mtu.service
- name: create wireguard-ip.conf
copy:
src: "wireguard-ip.conf"
dest: /etc/sysctl.d/wireguard-ip.conf
owner: root
group: root
notify: reload sysctl configuration
- name: create /etc/wireguard/wg0.conf
copy:
src: "{{ inventory_dir }}/files/{{ inventory_hostname }}/etc/wireguard/wg0.conf"
dest: /etc/wireguard/wg0.conf
owner: root
group: root
notify: restart wireguard

2
roles/server_native-wireguard-behind-firewall/meta/main.yml
View File

@@ -1,2 +0,0 @@
dependencies:
- server_native-wireguard