mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-12-08 10:26:35 +00:00
Kevin Veen-Birkenbach
94f97ed1f3
Why: - Ansible 2.20+ deprecates INJECT_FACTS_AS_VARS and direct usage of top-level ansible_* facts. - This change updates all affected roles and vars files to the new supported syntax. - Ensures compatibility with upcoming Ansible 2.24 removal of implicit fact injection. Conversation reference: https://chatgpt.com/share/692f639b-1380-800f-9f18-732f7108e9e2
Wireguard
Description
This role manages Wireguard on the host. It installs the necessary Wireguard packages, configures sysctl settings for IPv4/IPv6 forwarding, and deploys the Wireguard configuration file to enable the VPN service using wg-quick.
Overview
Optimized for both Arch Linux and Ubuntu/Debian, this role performs the following tasks:
- Installs Wireguard tools using the appropriate package manager.
- Copies a sysctl configuration file to enable IP forwarding and proper IPv6 settings.
- Deploys a host-specific Wireguard configuration file to
/etc/wireguard/wg0.infinito.conf. - Uses systemd handlers to restart the Wireguard service and reload sysctl settings.
Purpose
The primary purpose of this role is to set up and manage a Wireguard VPN configuration on the host. By automating package installation and configuration file deployment, it ensures that the VPN service is enabled with optimal network settings for secure connectivity.
Features
- Multi-Platform Support: Installs Wireguard tools using pacman on Arch Linux and apt on Ubuntu/Debian.
- Sysctl Configuration: Deploys a sysctl configuration file to manage IPv4/IPv6 forwarding and related network parameters.
- Wireguard Configuration: Copies a host-specific Wireguard configuration file to
/etc/wireguard/wg0.infinito.conf. - Service Management: Provides handlers to restart the Wireguard service and reload sysctl settings.
Administration
For detailed client setup instructions, please see the Administration file.