From dd02a21c01c21a666aa649032a71de16f362278b Mon Sep 17 00:00:00 2001 From: Jocelyn Jaubert Date: Sat, 24 Aug 2024 20:26:25 +0200 Subject: [PATCH] wireguard: Correctif divers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - ajout génération clés wireguard - activation NAT sur serveur - activation service systemd wireguard sur serveur aussi - ajout préfixes sur les modules ansible --- roles/wireguard/tasks/main.yml | 42 +++++++++++++++++++++++++++++----- 1 file changed, 36 insertions(+), 6 deletions(-) diff --git a/roles/wireguard/tasks/main.yml b/roles/wireguard/tasks/main.yml index 73b7bba8..5e31376a 100644 --- a/roles/wireguard/tasks/main.yml +++ b/roles/wireguard/tasks/main.yml @@ -1,10 +1,41 @@ - name: install packages - apt: + ansible.builtin.apt: pkg: - wireguard +- name: Install packages on server + ansible.builtin.apt: + pkg: + - iptables + when: wireguard_config is defined and wireguard_config == "server" + +- name: Generate the client keys + ansible.builtin.shell: + cmd: | + set -o pipefail # + wg genkey | tee credentials/wireguard/{{ inventory_hostname }}.private.key | wg pubkey > credentials/wireguard/{{ inventory_hostname }}.public.key + executable: /bin/bash + creates: "credentials/wireguard/{{ inventory_hostname }}.private.key" + delegate_to: 127.0.0.1 + become: no + +- name: Get client IP + ansible.builtin.copy: + content: "{{ wireguard_address }}\n" + dest: "credentials/wireguard/{{ inventory_hostname }}.address" + delegate_to: 127.0.0.1 + become: no + +- name: Enable NAT on server + ansible.posix.sysctl: + name: net.ipv4.ip_forward + value: '1' + sysctl_set: true + state: present + when: wireguard_config is defined and wireguard_config == "server" + - name: configure wireguard - template: + ansible.builtin.template: dest="/etc/wireguard/wg0.conf" src="wireguard-{{ wireguard_config | default('client') }}-wg0.conf" owner=root @@ -13,7 +44,7 @@ # Need to reload wireguard to update hostname - name: init wireguard reloader - copy: + ansible.builtin.copy: src="{{ item }}" dest="/etc/systemd/system/{{ item }}" with_items: @@ -22,7 +53,7 @@ when: wireguard_config is not defined or wireguard_config == "client" - name: enable reloader on systemd - systemd: + ansible.builtin.systemd: name: wireguard_reresolve-dns.timer enabled: true masked: false @@ -30,9 +61,8 @@ when: wireguard_config is not defined or wireguard_config == "client" - name: enable wireguard on systemd - systemd: + ansible.builtin.systemd: name: wg-quick@wg0 enabled: true masked: false state: started - when: wireguard_config is not defined or wireguard_config == "client"