diff options
Diffstat (limited to 'roles')
| -rw-r--r-- | roles/wgnet/handlers/main.yml | 2 | ||||
| -rw-r--r-- | roles/wgnet/meta/main.yml | 2 | ||||
| -rw-r--r-- | roles/wgnet/tasks/main.yml | 21 | ||||
| -rw-r--r-- | roles/wgnet/templates/wg0.netdev.j2 | 18 | ||||
| -rw-r--r-- | roles/wgnet/templates/wg0.network.j2 | 6 |
5 files changed, 49 insertions, 0 deletions
diff --git a/roles/wgnet/handlers/main.yml b/roles/wgnet/handlers/main.yml new file mode 100644 index 0000000..21c5377 --- /dev/null +++ b/roles/wgnet/handlers/main.yml @@ -0,0 +1,2 @@ +- name: Reload network + ansible.builtin.command: networkctl reload diff --git a/roles/wgnet/meta/main.yml b/roles/wgnet/meta/main.yml new file mode 100644 index 0000000..45ed5d7 --- /dev/null +++ b/roles/wgnet/meta/main.yml @@ -0,0 +1,2 @@ +dependencies: + - role: wireguard diff --git a/roles/wgnet/tasks/main.yml b/roles/wgnet/tasks/main.yml new file mode 100644 index 0000000..8e5a632 --- /dev/null +++ b/roles/wgnet/tasks/main.yml @@ -0,0 +1,21 @@ +- name: Configure IPv4 and IPv6 packet forwarding + ansible.builtin.sysctl: + name: '{{ item }}' + value: '1' + sysctl_set: true + loop: + - net.ipv4.ip_forward + - net.ipv4.conf.all.forwarding + - net.ipv6.conf.all.forwarding + +- name: Configure WireGuard for wgnet + ansible.builtin.template: + src: "{{ item.src }}" + dest: "/etc/systemd/network/{{ item.dest }}" + owner: systemd-network + group: systemd-network + mode: u+rw,g+r,o+r + loop: + - { src: templates/wg0.netdev.j2, dest: wg0.netdev } + - { src: templates/wg0.network.j2, dest: wg0.network } + notify: Reload network diff --git a/roles/wgnet/templates/wg0.netdev.j2 b/roles/wgnet/templates/wg0.netdev.j2 new file mode 100644 index 0000000..d258010 --- /dev/null +++ b/roles/wgnet/templates/wg0.netdev.j2 @@ -0,0 +1,18 @@ +[NetDev] +Name=wg0 +Kind=wireguard +Description="Wireguard Overlay Network" + +[WireGuard] +ListenPort=51820 +PrivateKey={{ wireguard_private_key }} + +# flame +[WireGuardPeer] +PublicKey=YUuBBTKHXsD6tTzcAVWXakZffWKlGS5fAdx7zWSXtlI= +AllowedIPs=10.0.0.2/32 + +# water +[WireGuardPeer] +PublicKey=X0Gw37N+AUkZjiyZ9buZ8c2ZzFr+niX3FZjxlyqQq0Q= +AllowedIPs=10.0.0.3/32 diff --git a/roles/wgnet/templates/wg0.network.j2 b/roles/wgnet/templates/wg0.network.j2 new file mode 100644 index 0000000..2f578e5 --- /dev/null +++ b/roles/wgnet/templates/wg0.network.j2 @@ -0,0 +1,6 @@ +[Match] +Name=wg0 + +[Network] +Address={{ wgnet_ip }}/24 +IPMasquerade=ipv4 |