From 0d99ebf938bb98aab4e303a5891155bbfddf332b Mon Sep 17 00:00:00 2001 From: "Antonio J. Delgado" Date: Tue, 11 Oct 2022 10:19:16 +0300 Subject: [PATCH] Initial commit with previous code --- defaults/main.yml | 9 ++++++++ handlers/main.yml | 6 ++++++ tasks/configure.yml | 38 +++++++++++++++++++++++++++++++++ tasks/install.yml | 17 +++++++++++++++ tasks/main.yml | 5 +++++ templates/wireguard_client.conf | 10 +++++++++ 6 files changed, 85 insertions(+) create mode 100644 defaults/main.yml create mode 100644 handlers/main.yml create mode 100644 tasks/configure.yml create mode 100644 tasks/install.yml create mode 100644 tasks/main.yml create mode 100644 templates/wireguard_client.conf diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..044de6b --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,9 @@ +--- +address: '192.168.2.2/24' +listenport: '1928' +privatekey: '' +interface_name: wg0 +server_publickey: '' +server_address: '192.168.2.1' +endpoint: '' +dns: '1.1.1.1' \ No newline at end of file diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..8b786ab --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,6 @@ +- name: Restart Wireguard service + systemd: + name: "wg-quick@{{ interface_name }}" + state: restarted + enabled: yes + daemon_reload: yes diff --git a/tasks/configure.yml b/tasks/configure.yml new file mode 100644 index 0000000..1b02fb8 --- /dev/null +++ b/tasks/configure.yml @@ -0,0 +1,38 @@ +--- +- name: Ensure keys are generated + shell: umask 077 && wg genkey | tee /etc/wireguard/privatekey | wg pubkey > /etc/wireguard/publickey + args: + creates: /etc/wireguard/publickey + notify: + - Restart Wireguard service + +- name: Register private key + shell: cat /etc/wireguard/privatekey + register: privatekey + +- name: Ensure Wireguard client is configure + template: + src: templates/wireguard_client.conf + dest: "/etc/wireguard/{{ interface_name }}.conf" + backup: yes + notify: + - Restart Wireguard service + +- name: Ensure UFW firewall rule exists + ufw: + rule: allow + port: "{{ listenport }}" + comment: 'Wireguard client listener' + proto: udp + +- name: Get public key + slurp: + src: /etc/wireguard/publickey + register: public_key + +- name: Ensure cron to ping VPN server exists + cron: + name: Ping VPN server + job: ping -c 3 192.168.2.1 &> /dev/null + hour: '1' + user: gestor \ No newline at end of file diff --git a/tasks/install.yml b/tasks/install.yml new file mode 100644 index 0000000..0421a61 --- /dev/null +++ b/tasks/install.yml @@ -0,0 +1,17 @@ +--- +- name: Ensure Wireguard is installed (Ubuntu >= 19.10) + apt: + name: wireguard + when: ansible_distribution_major_version|int >= 20 or ansible_distribution_version == '19.10' + +- apt_repository: + repo: ppa:wireguard/wireguard + state: absent + when: ansible_distribution_major_version|int < 20 and ansible_distribution_version != '19.10' + +- name: Ensure Wireguard is installed (Ubuntu < 19.10) + apt: + name: wireguard + state: latest + update_cache: yes + when: ansible_distribution_major_version|int < 20 and ansible_distribution_version != '19.10' diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..cbe813e --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,5 @@ +--- +- name: Ensure installation + include_tasks: install.yml +- name: Ensure configuration + include_tasks: configure.yml \ No newline at end of file diff --git a/templates/wireguard_client.conf b/templates/wireguard_client.conf new file mode 100644 index 0000000..7907677 --- /dev/null +++ b/templates/wireguard_client.conf @@ -0,0 +1,10 @@ +[Interface] +Address = {{ addresses[ansible_hostname] }} +PrivateKey = {{ privatekey.stdout }} +ListenPort = {{ listenport }} + +# Server: +[Peer] +PublicKey = {{ server_publickey }} +AllowedIPs = {{ allowed_ips }} +EndPoint = {{ endpoint }} \ No newline at end of file