Wireguard overlay network setup

Need to migrate away from networkd, because it can't add new wireguard peers now out of the box without hacks. [1]: https://github.com/systemd/systemd/issues/25547
author: Dmitry Ilvokhin <d@ilvokhin.com> 2024-05-19 17:02:45 +0100
committer: Dmitry Ilvokhin <d@ilvokhin.com> 2024-05-19 17:02:45 +0100
commit: b4a12dbbf4a4759bf24975ca9bfc5096c90ae8b6 (patch)
tree: 48bc7a65415aa039c22575cf3c3919b5a4cea0f5 /roles/wgnet/tasks/main.yml
parent: 588e86b33df631382027862ed06bfd11e989e01b (diff)
download: infra-b4a12dbbf4a4759bf24975ca9bfc5096c90ae8b6.tar.gz
infra-b4a12dbbf4a4759bf24975ca9bfc5096c90ae8b6.tar.bz2
infra-b4a12dbbf4a4759bf24975ca9bfc5096c90ae8b6.zip
1 files changed, 21 insertions, 0 deletions
diff --git a/roles/wgnet/tasks/main.yml b/roles/wgnet/tasks/main.yml
new file mode 100644
index 0000000..8e5a632
--- /dev/null
+++ b/roles/wgnet/tasks/main.yml
@@ -0,0 +1,21 @@
+- name: Configure IPv4 and IPv6 packet forwarding
+  ansible.builtin.sysctl:
+    name: '{{ item }}'
+    value: '1'
+    sysctl_set: true
+  loop:
+    - net.ipv4.ip_forward
+    - net.ipv4.conf.all.forwarding
+    - net.ipv6.conf.all.forwarding
+
+- name: Configure WireGuard for wgnet
+  ansible.builtin.template:
+    src: "{{ item.src }}"
+    dest: "/etc/systemd/network/{{ item.dest }}"
+    owner: systemd-network
+    group: systemd-network
+    mode: u+rw,g+r,o+r
+  loop:
+    - { src: templates/wg0.netdev.j2, dest: wg0.netdev }
+    - { src: templates/wg0.network.j2, dest: wg0.network }
+  notify: Reload network
author	Dmitry Ilvokhin <d@ilvokhin.com>	2024-05-19 17:02:45 +0100
committer	Dmitry Ilvokhin <d@ilvokhin.com>	2024-05-19 17:02:45 +0100
commit	b4a12dbbf4a4759bf24975ca9bfc5096c90ae8b6 (patch)
tree	48bc7a65415aa039c22575cf3c3919b5a4cea0f5 /roles/wgnet/tasks/main.yml
parent	588e86b33df631382027862ed06bfd11e989e01b (diff)
download	infra-b4a12dbbf4a4759bf24975ca9bfc5096c90ae8b6.tar.gz infra-b4a12dbbf4a4759bf24975ca9bfc5096c90ae8b6.tar.bz2 infra-b4a12dbbf4a4759bf24975ca9bfc5096c90ae8b6.zip