Finished backup-to-swappable draft

2025-08-29 15:06:26 +02:00 · 2023-04-26 22:12:40 +02:00
parent 6a4dea3582
commit 7eed695623
40 changed files with 115 additions and 37 deletions
--- a/roles/independent_application-wireguard/README.md
+++ b/roles/independent_application-wireguard/README.md
@@ -0,0 +1,34 @@
+# Role Native Wireguard
+Manages wireguard on host.
+
+## Client
+### Setup wireguard
+```bash
+  pacman -S wireguard-tools
+```
+
+### Create Client Keys
+```bash
+  wg_private_key="$(wg genkey)"
+  wg_public_key="$(echo "$wg_private_key" | wg pubkey)"
+  echo "PrivateKey: $wg_private_key"
+  echo "PublicKey: $wg_public_key"
+  echo "PresharedKey: $(wg genpsk)"
+```
+
+### Activate Configuration
+```bash
+  cp /path/to/wg0.conf /etc/wireguard/wg0.conf
+  systemctl enable wg-quick@wg0.service --now
+```
+
+### Check status
+```bash
+  systemctl status wg-quick@wg0.service
+```
+
+## See
+- https://golb.hplar.ch/2019/01/expose-server-vpn.html
+- https://wiki.archlinux.org/index.php/WireGuard
+- https://wireguard.how/server/raspbian/
+- https://www.scaleuptech.com/de/blog/was-ist-und-wie-funktioniert-subnetting/
--- a/roles/independent_application-wireguard/files/wireguard-ip.conf
+++ b/roles/independent_application-wireguard/files/wireguard-ip.conf
@@ -0,0 +1,8 @@
+# This file is created by 
+# https://github.com/kevinveenbirkenbach/computer-playbook/tree/main/roles/pc_application-wireguard
+
+net.ipv6.conf.all.disable_ipv6      = 0
+net.ipv6.conf.default.disable_ipv6  = 0
+net.ipv6.conf.lo.disable_ipv6       = 0
+net.ipv6.conf.all.forwarding        = 1
+net.ipv4.ip_forward                 = 1
--- a/roles/independent_application-wireguard/handlers/main.yml
+++ b/roles/independent_application-wireguard/handlers/main.yml
@@ -0,0 +1,9 @@
+- name: "restart wireguard"
+  systemd:
+    name: wg-quick@wg0.service
+    state: restarted
+    enabled: yes
+    daemon_reload: yes
+
+- name: "reload sysctl configuration"
+  shell: "sysctl --load='/etc/sysctl.d/wireguard-ip.conf'"
--- a/roles/independent_application-wireguard/tasks/main.yml
+++ b/roles/independent_application-wireguard/tasks/main.yml
@@ -0,0 +1,27 @@
+- name: install wireguard for Arch
+  pacman: 
+    name:   wireguard-tools
+    state:  present
+  when: ansible_os_family == "Archlinux"
+
+- name: install wireguard for Ubuntu
+  apt: 
+    name:   wireguard
+    state:  present
+  when: ansible_os_family == "Debian"
+
+- name: create wireguard-ip.conf
+  copy:
+    src: "wireguard-ip.conf"
+    dest: /etc/sysctl.d/wireguard-ip.conf
+    owner: root
+    group: root
+  notify: reload sysctl configuration
+
+- name: create /etc/wireguard/wg0.conf
+  copy:
+    src: "{{ inventory_dir }}/files/{{ inventory_hostname }}/etc/wireguard/wg0.conf"
+    dest: /etc/wireguard/wg0.conf
+    owner: root
+    group: root
+  notify: restart wireguard