kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-11-04 12:18:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Optimized .mds and meta/main.yml for wireguard.

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2025-03-14 12:43:06 +01:00
parent 8a5997e54e
commit 4c186a4204
3 changed files with 82 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
roles/wireguard/Administration.md Normal file
View File

@@ -0,0 +1,32 @@
# Administration
## Client
### Setup wireguard
```bash
pacman -S wireguard-tools
```
### Create Client Keys
```bash
wg_private_key="$(wg genkey)"
wg_public_key="$(echo "$wg_private_key" | wg pubkey)"
echo "PrivateKey: $wg_private_key"
echo "PublicKey: $wg_public_key"
echo "PresharedKey: $(wg genpsk)"
```
### Activate Configuration
```bash
cp /path/to/wg0.conf /etc/wireguard/wg0.conf
systemctl enable wg-quick@wg0.cymais.service --now
```
### Check status
```bash
systemctl status wg-quick@wg0.cymais.service
```
## Further Information
- https://golb.hplar.ch/2019/01/expose-server-vpn.html
- https://wiki.archlinux.org/index.php/WireGuard
- https://wireguard.how/server/raspbian/
- https://www.scaleuptech.com/de/blog/was-ist-und-wie-funktioniert-subnetting/

51
roles/wireguard/README.md
View File

@@ -1,34 +1,27 @@
# Role Native Wireguard # Wireguard
Manages wireguard on host.
## Client ## Description
### Setup wireguard
```bash
pacman -S wireguard-tools
```
### Create Client Keys This role manages [Wireguard](https://www.wireguard.com/) on the host. It installs the necessary Wireguard packages, configures sysctl settings for IPv4/IPv6 forwarding, and deploys the Wireguard configuration file to enable the VPN service using [wg-quick](https://www.wireguard.com/quickstart/).
```bash
wg_private_key="$(wg genkey)"
wg_public_key="$(echo "$wg_private_key" | wg pubkey)"
echo "PrivateKey: $wg_private_key"
echo "PublicKey: $wg_public_key"
echo "PresharedKey: $(wg genpsk)"
```
### Activate Configuration ## Overview
```bash
cp /path/to/wg0.conf /etc/wireguard/wg0.conf
systemctl enable wg-quick@wg0.cymais.service --now
```
### Check status Optimized for both [Arch Linux](https://wiki.archlinux.org/index.php/WireGuard) and [Ubuntu/Debian](https://wireguard.com/install/), this role performs the following tasks:
```bash - Installs Wireguard tools using the appropriate package manager.
systemctl status wg-quick@wg0.cymais.service - Copies a sysctl configuration file to enable IP forwarding and proper IPv6 settings.
``` - Deploys a host-specific Wireguard configuration file to `/etc/wireguard/wg0.cymais.conf`.
- Uses systemd handlers to restart the Wireguard service and reload sysctl settings.
## See ## Purpose
- https://golb.hplar.ch/2019/01/expose-server-vpn.html
- https://wiki.archlinux.org/index.php/WireGuard The primary purpose of this role is to set up and manage a Wireguard VPN configuration on the host. By automating package installation and configuration file deployment, it ensures that the VPN service is enabled with optimal network settings for secure connectivity.
- https://wireguard.how/server/raspbian/
- https://www.scaleuptech.com/de/blog/was-ist-und-wie-funktioniert-subnetting/ ## Features
- **Multi-Platform Support:** Installs Wireguard tools using [pacman](https://wiki.archlinux.org/title/Pacman) on Arch Linux and [apt](https://en.wikipedia.org/wiki/APT_(software)) on Ubuntu/Debian.
- **Sysctl Configuration:** Deploys a sysctl configuration file to manage IPv4/IPv6 forwarding and related network parameters.
- **Wireguard Configuration:** Copies a host-specific Wireguard configuration file to `/etc/wireguard/wg0.cymais.conf`.
- **Service Management:** Provides handlers to restart the Wireguard service and reload sysctl settings.
## Administration
For detailed client setup instructions, please see the [Administration](./Administration.md) file.

28
roles/wireguard/meta/main.yml Normal file
View File

@@ -0,0 +1,28 @@
---
galaxy_info:
author: "Kevin Veen-Birkenbach"
description: "Manages Wireguard VPN configuration on the host. Installs necessary tools, deploys sysctl settings for IP forwarding, and copies the Wireguard configuration file to enable secure VPN connectivity."
license: "CyMaIS NonCommercial License (CNCL)"
license_url: "https://s.veen.world/cncl"
company: |
Kevin Veen-Birkenbach
Consulting & Coaching Solutions
https://www.veen.world
min_ansible_version: "2.9"
platforms:
- name: Archlinux
versions:
- rolling
- name: Ubuntu
versions:
- all
galaxy_tags:
- wireguard
- vpn
- networking
- systemd
- configuration
repository: "https://s.veen.world/cymais"
issue_tracker_url: "https://s.veen.world/cymaisissues"
documentation: "https://s.veen.world/cymais"
dependencies: []