Shortened network- to net-

2025-08-29 15:06:26 +02:00 · 2025-07-09 04:35:21 +02:00
parent 66198ca1ec
commit 2108702a2b
46 changed files with 25 additions and 25 deletions
--- a/roles/net-wireguard-core/Administration.md
+++ b/roles/net-wireguard-core/Administration.md
@@ -0,0 +1,32 @@
+# Administration
+## Client
+### Setup wireguard
+```bash
+  pacman -S wireguard-tools
+```
+
+### Create Client Keys
+```bash
+  wg_private_key="$(wg genkey)"
+  wg_public_key="$(echo "$wg_private_key" | wg pubkey)"
+  echo "PrivateKey: $wg_private_key"
+  echo "PublicKey: $wg_public_key"
+  echo "PresharedKey: $(wg genpsk)"
+```
+
+### Activate Configuration
+```bash
+  cp /path/to/wg0.conf /etc/wireguard/wg0.conf
+  systemctl enable wg-quick@wg0.cymais.service --now
+```
+
+### Check status
+```bash
+  systemctl status wg-quick@wg0.cymais.service
+```
+
+## Other Resources
+- https://golb.hplar.ch/2019/01/expose-server-vpn.html
+- https://wiki.archlinux.org/index.php/WireGuard
+- https://wireguard.how/server/raspbian/
+- https://www.scaleuptech.com/de/blog/was-ist-und-wie-funktioniert-subnetting/
--- a/roles/net-wireguard-core/README.md
+++ b/roles/net-wireguard-core/README.md
@@ -0,0 +1,27 @@
+# Wireguard
+
+## Description
+
+This role manages [Wireguard](https://www.wireguard.com/) on the host. It installs the necessary Wireguard packages, configures sysctl settings for IPv4/IPv6 forwarding, and deploys the Wireguard configuration file to enable the VPN service using [wg-quick](https://www.wireguard.com/quickstart/).
+
+## Overview
+
+Optimized for both [Arch Linux](https://wiki.archlinux.org/index.php/WireGuard) and [Ubuntu/Debian](https://wireguard.com/install/), this role performs the following tasks:
+- Installs Wireguard tools using the appropriate package manager.
+- Copies a sysctl configuration file to enable IP forwarding and proper IPv6 settings.
+- Deploys a host-specific Wireguard configuration file to `/etc/wireguard/wg0.cymais.conf`.
+- Uses systemd handlers to restart the Wireguard service and reload sysctl settings.
+
+## Purpose
+
+The primary purpose of this role is to set up and manage a Wireguard VPN configuration on the host. By automating package installation and configuration file deployment, it ensures that the VPN service is enabled with optimal network settings for secure connectivity.
+
+## Features
+
+- **Multi-Platform Support:** Installs Wireguard tools using [pacman](https://wiki.archlinux.org/title/Pacman) on Arch Linux and [apt](https://en.wikipedia.org/wiki/APT_(software)) on Ubuntu/Debian.
+- **Sysctl Configuration:** Deploys a sysctl configuration file to manage IPv4/IPv6 forwarding and related network parameters.
+- **Wireguard Configuration:** Copies a host-specific Wireguard configuration file to `/etc/wireguard/wg0.cymais.conf`.
+- **Service Management:** Provides handlers to restart the Wireguard service and reload sysctl settings.
+
+## Administration
+For detailed client setup instructions, please see the [Administration](./Administration.md) file.
--- a/roles/net-wireguard-core/files/wireguard-ip.conf
+++ b/roles/net-wireguard-core/files/wireguard-ip.conf
@@ -0,0 +1,8 @@
+# This file is created by 
+# https://github.com/kevinveenbirkenbach/cymais/tree/main/roles/wireguard
+
+net.ipv6.conf.all.disable_ipv6      = 0
+net.ipv6.conf.default.disable_ipv6  = 0
+net.ipv6.conf.lo.disable_ipv6       = 0
+net.ipv6.conf.all.forwarding        = 1
+net.ipv4.ip_forward                 = 1
--- a/roles/net-wireguard-core/handlers/main.yml
+++ b/roles/net-wireguard-core/handlers/main.yml
@@ -0,0 +1,9 @@
+- name: "restart wireguard"
+  systemd:
+    name: wg-quick@wg0.cymais.service
+    state: restarted
+    enabled: yes
+    daemon_reload: yes
+
+- name: "reload sysctl configuration"
+  shell: "sysctl --load='/etc/sysctl.d/wireguard-ip.conf'"
--- a/roles/net-wireguard-core/meta/main.yml
+++ b/roles/net-wireguard-core/meta/main.yml
@@ -0,0 +1,28 @@
+---
+galaxy_info:
+  author: "Kevin Veen-Birkenbach"
+  description: "Manages Wireguard VPN configuration on the host. Installs necessary tools, deploys sysctl settings for IP forwarding, and copies the Wireguard configuration file to enable secure VPN connectivity."
+  license: "CyMaIS NonCommercial License (CNCL)"
+  license_url: "https://s.veen.world/cncl"
+  company: |
+    Kevin Veen-Birkenbach
+    Consulting & Coaching Solutions
+    https://www.veen.world
+  min_ansible_version: "2.9"
+  platforms:
+    - name: Archlinux
+      versions:
+        - rolling
+    - name: Ubuntu
+      versions:
+        - all
+  galaxy_tags:
+    - wireguard
+    - vpn
+    - networking
+    - systemd
+    - configuration
+  repository: "https://s.veen.world/cymais"
+  issue_tracker_url: "https://s.veen.world/cymaisissues"
+  documentation: "https://s.veen.world/cymais"
+dependencies: []
--- a/roles/net-wireguard-core/tasks/main.yml
+++ b/roles/net-wireguard-core/tasks/main.yml
@@ -0,0 +1,27 @@
+- name: install wireguard for Arch
+  pacman: 
+    name:   wireguard-tools
+    state:  present
+  when: ansible_os_family == "Archlinux"
+
+- name: install wireguard for Ubuntu
+  apt: 
+    name:   wireguard
+    state:  present
+  when: ansible_os_family == "Debian"
+
+- name: create wireguard-ip.conf
+  copy:
+    src: "wireguard-ip.conf"
+    dest: /etc/sysctl.d/wireguard-ip.conf
+    owner: root
+    group: root
+  notify: reload sysctl configuration
+
+- name: create /etc/wireguard/wg0.cymais.conf
+  copy:
+    src: "{{ inventory_dir }}/files/{{ inventory_hostname }}/etc/wireguard/wg0.conf"
+    dest: /etc/wireguard/wg0.cymais.conf
+    owner: root
+    group: root
+  notify: restart wireguard