kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2024-11-22 04:31:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

Optimized wireguard roles

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2023-04-18 18:24:55 +02:00
parent 9f1a4c6fdb
commit 1e5b9317d7
17 changed files with 54 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
playbook.yml
View File

@ -14,16 +14,25 @@
- server_native-disc-space-check
- server_native-free-disc-space
- server_native-btrfs-health-check
- name: setup standard wireguard hosts
hosts: wireguard
# Wireguard Rollen
- name: setup standard wireguard
hosts: wireguard_server
become: true
roles:
- server_native-wireguard
- name: setup wireguard hosts behind firewall\nat
- independent-application-wireguard
- name: setup wireguard client behind firewall\nat
hosts: wireguard_behind_firewall
become: true
roles:
- server_native-wireguard-behind-firewall
- client_application-wireguard-behind-firewall
- name: setup wireguard client
hosts: wireguard_client
become: true
roles:
- client_application-wireguard
# Native Webserver Roles
- name: setup homepages
@ -185,12 +194,6 @@
- pc_collection-administrator-base
- pc_driver-non-free
- name: pc_application-wireguard
hosts: application_wireguard
become: true
roles:
- pc_application-wireguard
- name: pc_collection-office
hosts: collection_officetools
become: true

2
roles/server_native-wireguard-behind-firewall/readme.md → roles/client_application-wireguard-behind-firewall/README.md
View File

@ -1,4 +1,4 @@
# server_native-wireguard-behind-nat
# client-wireguard-behind-nat
# see
- https://gist.github.com/insdavm/b1034635ab23b8839bf957aa406b5e39

2
roles/client_application-wireguard-behind-firewall/meta/main.yml Normal file
View File

@ -0,0 +1,2 @@
dependencies:
- client_application-wireguard

0
roles/server_native-wireguard-behind-firewall/tasks/main.yml → roles/client_application-wireguard-behind-firewall/tasks/main.yml
View File

0
roles/pc_application-wireguard/README.md → roles/client_application-wireguard/README.md
View File

0
roles/pc_application-wireguard/files/set-mtu.service → roles/client_application-wireguard/files/set-mtu.service
View File

6
roles/client_application-wireguard/handlers/main.yml Normal file
View File

@ -0,0 +1,6 @@
- name: "restart set-mtu.service"
systemd:
name: set-mtu.service
state: restarted
enabled: yes
daemon_reload: yes

2
roles/client_application-wireguard/meta/main.yml Normal file
View File

@ -0,0 +1,2 @@
dependencies:
- independent-application-wireguard

11
roles/client_application-wireguard/tasks/main.yml Normal file
View File

@ -0,0 +1,11 @@
- name: create set-mtu.service
copy:
src: set-mtu.service
dest: /etc/systemd/system/set-mtu.service
notify: restart set-mtu.service
- name: create set-mtu.sh
template:
src: set-mtu.sh.j2
dest: /usr/local/bin/set-mtu.sh
notify: restart set-mtu.service

0
roles/pc_application-wireguard/templates/set-mtu.sh.j2 → roles/client_application-wireguard/templates/set-mtu.sh.j2
View File

0
roles/server_native-wireguard/README.md → roles/independent-application-wireguard/README.md
View File

0
roles/pc_application-wireguard/files/wireguard-ip.conf → roles/independent-application-wireguard/files/wireguard-ip.conf
View File

3
roles/server_native-wireguard/handlers/main.yml → roles/independent-application-wireguard/handlers/main.yml
View File

@ -4,3 +4,6 @@
state: restarted
enabled: yes
daemon_reload: yes
- name: "reload sysctl configuration"
shell: "sysctl --load='/etc/sysctl.d/wireguard-ip.conf'"

24
roles/server_native-wireguard/tasks/main.yml → roles/independent-application-wireguard/tasks/main.yml
View File

@ -1,21 +1,27 @@
- name: install wireguard for Arch
pacman: name=wireguard-tools state=present
pacman:
name: wireguard-tools
state: present
when: ansible_os_family == "Archlinux"
- name: install wireguard for Ubuntu
apt: name=wireguard state=present
apt:
name: wireguard
state: present
when: ansible_os_family == "Debian"
- name: create wireguard-ip.conf
copy:
src: "wireguard-ip.conf"
dest: /etc/sysctl.d/wireguard-ip.conf
owner: root
group: root
notify: reload sysctl configuration
- name: create /etc/wireguard/wg0.conf
copy:
src: "{{ inventory_dir }}/files/{{ inventory_hostname }}/etc/wireguard/wg0.conf"
dest: /etc/wireguard/wg0.conf
owner: root
group: root
notify: restart wireguard
- name: enable ipv4-forwarding
shell: sysctl net.ipv4.ip_forward=1
- name: enable ipv6-forwarding
shell: sysctl net.ipv6.conf.all.forwarding=1
notify: restart wireguard

16
roles/pc_application-wireguard/handlers/main.yml
View File

@ -1,16 +0,0 @@
- name: "restart set-mtu.service"
systemd:
name: set-mtu.service
state: restarted
enabled: yes
daemon_reload: yes
- name: "restart wireguard"
systemd:
name: wg-quick@wg0.service
state: restarted
enabled: yes
daemon_reload: yes
- name: "reload sysctl configuration"
shell: "sysctl -p"

32
roles/pc_application-wireguard/tasks/main.yml
View File

@ -1,32 +0,0 @@
- name: install wireguard
pacman:
name: wireguard-tools
state: present
- name: create set-mtu.service
copy:
src: set-mtu.service
dest: /etc/systemd/system/set-mtu.service
notify: restart set-mtu.service
- name: create set-mtu.sh
template:
src: set-mtu.sh.j2
dest: /usr/local/bin/set-mtu.sh
notify: restart set-mtu.service
- name: create wireguard-ip.conf
copy:
src: "wireguard-ip.conf"
dest: /etc/sysctl.d/wireguard-ip.conf
owner: root
group: root
notify: reload sysctl configuration
- name: create /etc/wireguard/wg0.conf
copy:
src: "{{ inventory_dir }}/files/{{ inventory_hostname }}/etc/wireguard/wg0.conf"
dest: /etc/wireguard/wg0.conf
owner: root
group: root
notify: restart wireguard

2
roles/server_native-wireguard-behind-firewall/meta/main.yml
View File

@ -1,2 +0,0 @@
dependencies:
- server_native-wireguard