infra-ansible

ansible script to ship alpine/ssh/wireguard

git clone https://9o.is/git/infra-ansible.git

commit 3e7c4cd4256bf13e5ff77b9df093f1d2ea25db2e
parent bd994074ad65c8e8a073cd16d312fbc257d42532
Author: Jul <jul@9o.is>
Date:   Tue, 14 May 2024 16:14:03 +0800

use wireguard systemd and set wg ip varirables

Diffstat:

Mhost/group_vars/all | 1+


Mhost/inventory.yml | 1+


Mhost/roles/wireguard/handlers/main.yml | 12++++++------


Mhost/roles/wireguard/tasks/client.yml | 6+++---


Mhost/roles/wireguard/tasks/server.yml | 11+++++++++--


5 files changed, 20 insertions(+), 11 deletions(-)

diff --git a/host/group_vars/all b/host/group_vars/all
@@ -2,6 +2,7 @@ openssh_port: 57123
 wireguard_port: 62620
 k0s_version: v1.30.0+k0s.0
 
+wg_client_ip: 10.0.0.2
 wg_client_public_key: ZlBc9LbWP4CBm/9aIbZ2dwPZQbkYdvi7TZimAo5czWk=
 wg_client_private_key: !vault |
           $ANSIBLE_VAULT;1.1;AES256
diff --git a/host/inventory.yml b/host/inventory.yml
@@ -9,6 +9,7 @@ servers:
       static_gateway: 89.147.110.1
       static_nameservers: 93.95.224.28 93.95.224.29
       static_mtu: 576
+      wg_server_ip: 10.0.0.1
       wg_server_public_key: DcQpBGdChVTyLMR/UUfPNHa8sQz9J5I+3BSIJ7f3qhw=
       wg_server_private_key: !vault |
           $ANSIBLE_VAULT;1.1;AES256
diff --git a/host/roles/wireguard/handlers/main.yml b/host/roles/wireguard/handlers/main.yml
@@ -1,12 +1,12 @@
 ---
 - name: restart server wireguard
-  shell: |
-    wg-quick down wg0
-    wg-quick up wg0
+  service:
+    name: wg-quick@wg0
+    state: restarted
 
 - name: restart client wireguard
   delegate_to: localhost
-  shell: |
-    wg-quick down wg0
-    wg-quick up wg0
+  service:
+    name: wg-quick@wg0
+    state: restarted
 
diff --git a/host/roles/wireguard/tasks/client.yml b/host/roles/wireguard/tasks/client.yml
@@ -37,7 +37,7 @@
     - option: PrivateKey
       value: '{{ wg_client_private_key }}'
     - option: Address
-      value: 10.0.0.2/24
+      value: '{{ wg_client_ip }}/32'
   notify: restart client wireguard
 
 - name: add server peer to client config
@@ -55,7 +55,7 @@
     - option: PublicKey
       value: '{{ wg_server_public_key }}'
     - option: AllowedIPs
-      value: 10.0.0.0/24
+      value: '{{ wg_server_ip }}/32'
     - option: Endpoint
       value: '{{ ansible_nodename }}:{{ wireguard_port }}'
     - option: PersistentKeepalive
@@ -73,5 +73,5 @@
       #!/bin/sh
       rm -rf /etc/wireguard
       ln -s /rw/config/wireguard /etc/wireguard
-      wg-quick up wg0
+      systemctl start wg-quick@wg0
 
diff --git a/host/roles/wireguard/tasks/server.yml b/host/roles/wireguard/tasks/server.yml
@@ -20,7 +20,7 @@
     - option: PrivateKey
       value: '{{ wg_server_private_key }}'
     - option: Address
-      value: 10.0.0.1/24
+      value: '{{ wg_server_ip }}/32'
     - option: ListenPort
       value: '{{ wireguard_port }}'
   notify: restart server wireguard
@@ -38,5 +38,12 @@
     - option: PublicKey
       value: '{{ wg_client_public_key }}'
     - option: AllowedIPs
-      value: 10.0.0.2/32
+      value: '{{ wg_client_ip }}/32'
   notify: restart server wireguard
+
+
+- name: enable wireguard service
+  service:
+    name: wg-quick@wg0
+    enabled: true
+