Optimized .mds and meta/main.yml for client-wireguard roles and refactored README.md of Docker Roles

roles/client-wireguard/Administration.md

@@ -0,0 +1,11 @@
+# Administration
+
+## Create Client Keys
+
+```bash
+  wg_private_key="$(wg genkey)"
+  wg_public_key="$(echo "$wg_private_key" | wg pubkey)"
+  echo "PrivateKey: $wg_private_key"
+  echo "PublicKey: $wg_public_key"
+  echo "PresharedKey: $(wg genpsk)"
+```

roles/client-wireguard/README.md

@@ -1,28 +1,37 @@
-# Role Native Wireguard
-Manages wireguard on a client.
+# Native Wireguard Client
 
-## Create Client Keys
-```bash
-  wg_private_key="$(wg genkey)"
-  wg_public_key="$(echo "$wg_private_key" | wg pubkey)"
-  echo "PrivateKey: $wg_private_key"
-  echo "PublicKey: $wg_public_key"
-  echo "PresharedKey: $(wg genpsk)"
-```
+## Description
 
-## Other
-- https://golb.hplar.ch/2019/01/expose-server-vpn.html
-- https://wiki.archlinux.org/index.php/WireGuard
-- https://wireguard.how/server/raspbian/
-- https://www.scaleuptech.com/de/blog/was-ist-und-wie-funktioniert-subnetting/
-- https://bodhilinux.boards.net/thread/450/wireguard-rtnetlink-answers-permission-denied
-- https://stackoverflow.com/questions/69140072/unable-to-ssh-into-wireguard-ip-until-i-ping-another-server-from-inside-the-serv
-- https://unix.stackexchange.com/questions/717172/why-is-ufw-blocking-acces-to-ssh-via-wireguard
-- https://forum.openwrt.org/t/cannot-ssh-to-clients-on-lan-when-accessing-router-via-wireguard-client/132709/3
-- https://serverfault.com/questions/1086297/wireguard-connection-dies-on-ubuntu-peer
-- https://unix.stackexchange.com/questions/624987/ssh-fails-to-start-when-listenaddress-is-set-to-wireguard-vpn-ip
-- https://serverfault.com/questions/210408/cannot-ssh-debug1-expecting-ssh2-msg-kex-dh-gex-reply
-- https://www.thomas-krenn.com/de/wiki/Linux_ip_Kommando
-- https://wiki.archlinux.org/title/dhcpcd
-- https://wiki.ubuntuusers.de/NetworkManager/Dispatcher/
-- https://askubuntu.com/questions/1024916/how-can-i-launch-a-systemd-service-at-startup-before-another-systemd-service-sta
+This role manages WireGuard on a client system. It sets up essential services and scripts to configure and optimize WireGuard connectivity. Additionally, it provides a link to an Administration document for creating client keys.
+
+## 📌 Overview
+
+Optimized for client configurations, this role:
+- Deploys a systemd service (`set-mtu.cymais.service`) and its associated script to set the MTU on specified network interfaces.
+- Uses a Jinja2 template to generate the `set-mtu.sh` script.
+- Ensures that the MTU is configured correctly before starting WireGuard with [wg-quick](https://www.wireguard.com/quickstart/).
+
+## Purpose
+
+The primary purpose of this role is to configure WireGuard on a client by setting appropriate MTU values on network interfaces. This ensures a stable and optimized VPN connection.
+
+## Features
+
+- **MTU Configuration:** Deploys a template-based script to set the MTU on all defined internet interfaces.
+- **Systemd Service Integration:** Creates and manages a systemd service to execute the MTU configuration script.
+- **Administration Support:** For client key creation and further setup, please refer to the [Administration](./Administration.md) file.
+- **Modular Design:** Easily integrates with other WireGuard roles or network configuration roles.
+
+## 📚 Other Resources
+
+- [WireGuard Documentation](https://www.wireguard.com/)
+- [ArchWiki: WireGuard](https://wiki.archlinux.org/index.php/WireGuard)
+- [WireGuard on Raspbian](https://wireguard.how/server/raspbian/)
+- [Subnetting Basics](https://www.scaleuptech.com/de/blog/was-ist-und-wie-funktioniert-subnetting/)
+- [WireGuard Permissions Issue Discussion](https://bodhilinux.boards.net/thread/450/wireguard-rtnetlink-answers-permission-denied)
+- [SSH Issues with WireGuard](https://stackoverflow.com/questions/69140072/unable-to-ssh-into-wireguard-ip-until-i-ping-another-server-from-inside-the-serv)
+- [UFW and SSH via WireGuard](https://unix.stackexchange.com/questions/717172/why-is-ufw-blocking-acces-to-ssh-via-wireguard)
+- [OpenWrt Forum Discussion on WireGuard](https://forum.openwrt.org/t/cannot-ssh-to-clients-on-lan-when-accessing-router-via-wireguard-client/132709/3)
+- [WireGuard Connection Dies on Ubuntu](https://serverfault.com/questions/1086297/wireguard-connection-dies-on-ubuntu-peer)
+- [SSH Fails with WireGuard IP](https://unix.stackexchange.com/questions/624987/ssh-fails-to-start-when-listenaddress-is-set-to-wireguard-vpn-ip)
+- [WireGuard NAT and Firewall Issues](https://serverfault.com/questions/210408/cannot-ssh-debug1-expecting-ssh2-msg-kex-dh-gex-reply)

roles/client-wireguard/meta/main.yml

@@ -1,2 +1,27 @@
+---
+galaxy_info:
+  author: "Kevin Veen-Birkenbach"
+  description: "Manages WireGuard on a client system by deploying services and scripts to set MTU on network interfaces and ensure optimal VPN connectivity."
+  license: "CyMaIS NonCommercial License (CNCL)"
+  license_url: "https://s.veen.world/cncl"
+  company: |
+    Kevin Veen-Birkenbach
+    Consulting & Coaching Solutions
+    https://www.veen.world
+  min_ansible_version: "2.9"
+  platforms:
+    - name: Linux
+      versions:
+        - all
+  galaxy_tags:
+    - wireguard
+    - vpn
+    - client
+    - mtu
+    - systemd
+    - configuration
+  repository: "https://s.veen.world/cymais"
+  issue_tracker_url: "https://s.veen.world/cymaisissues"
+  documentation: "https://s.veen.world/cymais"
 dependencies:
-- wireguard
+  - wireguard