Initial commit with previous code

2022-10-11 10:19:17 +03:00 · 2022-10-11 10:19:17 +03:00 · 85c5bf5838
commit 85c5bf5838
6 changed files with 94 additions and 0 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -0,0 +1,11 @@
 ---
 # Default values for variables of the role
 # variable_name: value
 address: '192.168.2.1/24'
 listenport: '1928'
 privatekey: ''
 interface_name: wg0
 clients:
  - name: client1
    PublicKey: 'Som3thing='
    AllowedIPs: '192.168.2.2/32'
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -0,0 +1,6 @@
 - name: Restart Wireguard service
  systemd:
    name: "wg-quick@{{ interface_name }}"
    state: restarted
    enabled: yes
    daemon_reload: yes
--- a/tasks/configure.yml
+++ b/tasks/configure.yml
@ -0,0 +1,42 @@
 ---
 - name: Ensure Wireguard server is configure
  template:
    src: templates/wireguard_server.conf
    dest: "/etc/wireguard/{{ interface_name }}.conf"
  notify:
    - Restart Wireguard service
 - name: Ensure UFW firewall rule exists
  ufw:
    rule: allow
    port: "{{ listenport }}"
    comment: 'Wireguard server listener'
    proto: udp
 - name: Ensure UFW firewall routes
  ufw:
    default: allow
    direction: routed
 - name: Ensure IPv4 forwarding works
  sysctl:
    name: net.ipv4.ip_forward
    value: '1'
    sysctl_set: yes
 - name: Ensure IPv6 forwarding works
  sysctl:
    name: net.ipv6.conf.all.forwarding
    value: '1'
    sysctl_set: yes
 - name: Ensure Wireguard service is running for {{ interface_name }}
  systemd:
    name: "wg-quick@{{ interface_name }}"
    state: started
    daemon_reload: yes
 - name: Ensure VPN traffic is enabled
  ufw:
    from_ip: 192.168.2.0/24
    rule: allow
--- a/tasks/install.yml
+++ b/tasks/install.yml
@ -0,0 +1,17 @@
 ---
 - name: Ensure Wireguard is installed (Ubuntu >= 19.10)
  apt:
    name: wireguard
  when: ansible_distribution_major_version|int >= 20 or ansible_distribution_version == '19.10'
 - apt_repository:
    repo: ppa:wireguard/wireguard
    state: absent
  when: ansible_distribution_major_version|int < 20 and ansible_distribution_version != '19.10'
 - name: Ensure Wireguard is installed (Ubuntu < 19.10)
  apt:
    name: wireguard
    state: latest
    update_cache: yes
  when: ansible_distribution_major_version|int < 20 and ansible_distribution_version != '19.10'
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -0,0 +1,5 @@
 ---
 - name: Ensure installation
  include_tasks: install.yml
 - name: Ensure configuration
  include_tasks: configure.yml
--- a/templates/wireguard_server.conf
+++ b/templates/wireguard_server.conf
@ -0,0 +1,13 @@
 [Interface]
 Address = {{ address }}
 PrivateKey = {{ privatekey }}
 ListenPort = {{ listenport }}
 PostUp = iptables -t nat -A POSTROUTING -o {{ public_interface }} -j MASQUERADE; ip6tables -t nat -A POSTROUTING -o {{ public_interface }} -j MASQUERADE
 PostDown = iptables -t nat -D POSTROUTING -o {{ public_interface }} -j MASQUERADE; ip6tables -t nat -D POSTROUTING -o {{ public_interface }} -j MASQUERADE
 {% for item in clients %}
 # Client: {{ item.name }}
 [Peer]
 PublicKey = {{ item.PublicKey }}
 AllowedIPs =  {{ item.AllowedIPs }}
 {% endfor %}