Optimized .mds and meta/main.yml for wireguard.

This commit is contained in:
Kevin Veen-Birkenbach 2025-03-14 12:43:06 +01:00
parent 8a5997e54e
commit 4c186a4204
No known key found for this signature in database
GPG Key ID: 44D8F11FD62F878E
3 changed files with 82 additions and 29 deletions

View File

@ -0,0 +1,32 @@
# Administration
## Client
### Setup wireguard
```bash
pacman -S wireguard-tools
```
### Create Client Keys
```bash
wg_private_key="$(wg genkey)"
wg_public_key="$(echo "$wg_private_key" | wg pubkey)"
echo "PrivateKey: $wg_private_key"
echo "PublicKey: $wg_public_key"
echo "PresharedKey: $(wg genpsk)"
```
### Activate Configuration
```bash
cp /path/to/wg0.conf /etc/wireguard/wg0.conf
systemctl enable wg-quick@wg0.cymais.service --now
```
### Check status
```bash
systemctl status wg-quick@wg0.cymais.service
```
## Further Information
- https://golb.hplar.ch/2019/01/expose-server-vpn.html
- https://wiki.archlinux.org/index.php/WireGuard
- https://wireguard.how/server/raspbian/
- https://www.scaleuptech.com/de/blog/was-ist-und-wie-funktioniert-subnetting/

View File

@ -1,34 +1,27 @@
# Role Native Wireguard
Manages wireguard on host.
# Wireguard
## Client
### Setup wireguard
```bash
pacman -S wireguard-tools
```
## Description
### Create Client Keys
```bash
wg_private_key="$(wg genkey)"
wg_public_key="$(echo "$wg_private_key" | wg pubkey)"
echo "PrivateKey: $wg_private_key"
echo "PublicKey: $wg_public_key"
echo "PresharedKey: $(wg genpsk)"
```
This role manages [Wireguard](https://www.wireguard.com/) on the host. It installs the necessary Wireguard packages, configures sysctl settings for IPv4/IPv6 forwarding, and deploys the Wireguard configuration file to enable the VPN service using [wg-quick](https://www.wireguard.com/quickstart/).
### Activate Configuration
```bash
cp /path/to/wg0.conf /etc/wireguard/wg0.conf
systemctl enable wg-quick@wg0.cymais.service --now
```
## Overview
### Check status
```bash
systemctl status wg-quick@wg0.cymais.service
```
Optimized for both [Arch Linux](https://wiki.archlinux.org/index.php/WireGuard) and [Ubuntu/Debian](https://wireguard.com/install/), this role performs the following tasks:
- Installs Wireguard tools using the appropriate package manager.
- Copies a sysctl configuration file to enable IP forwarding and proper IPv6 settings.
- Deploys a host-specific Wireguard configuration file to `/etc/wireguard/wg0.cymais.conf`.
- Uses systemd handlers to restart the Wireguard service and reload sysctl settings.
## See
- https://golb.hplar.ch/2019/01/expose-server-vpn.html
- https://wiki.archlinux.org/index.php/WireGuard
- https://wireguard.how/server/raspbian/
- https://www.scaleuptech.com/de/blog/was-ist-und-wie-funktioniert-subnetting/
## Purpose
The primary purpose of this role is to set up and manage a Wireguard VPN configuration on the host. By automating package installation and configuration file deployment, it ensures that the VPN service is enabled with optimal network settings for secure connectivity.
## Features
- **Multi-Platform Support:** Installs Wireguard tools using [pacman](https://wiki.archlinux.org/title/Pacman) on Arch Linux and [apt](https://en.wikipedia.org/wiki/APT_(software)) on Ubuntu/Debian.
- **Sysctl Configuration:** Deploys a sysctl configuration file to manage IPv4/IPv6 forwarding and related network parameters.
- **Wireguard Configuration:** Copies a host-specific Wireguard configuration file to `/etc/wireguard/wg0.cymais.conf`.
- **Service Management:** Provides handlers to restart the Wireguard service and reload sysctl settings.
## Administration
For detailed client setup instructions, please see the [Administration](./Administration.md) file.

View File

@ -0,0 +1,28 @@
---
galaxy_info:
author: "Kevin Veen-Birkenbach"
description: "Manages Wireguard VPN configuration on the host. Installs necessary tools, deploys sysctl settings for IP forwarding, and copies the Wireguard configuration file to enable secure VPN connectivity."
license: "CyMaIS NonCommercial License (CNCL)"
license_url: "https://s.veen.world/cncl"
company: |
Kevin Veen-Birkenbach
Consulting & Coaching Solutions
https://www.veen.world
min_ansible_version: "2.9"
platforms:
- name: Archlinux
versions:
- rolling
- name: Ubuntu
versions:
- all
galaxy_tags:
- wireguard
- vpn
- networking
- systemd
- configuration
repository: "https://s.veen.world/cymais"
issue_tracker_url: "https://s.veen.world/cymaisissues"
documentation: "https://s.veen.world/cymais"
dependencies: []