diff options
Diffstat (limited to 'roles/install_wireguard_vpn')
| -rw-r--r-- | roles/install_wireguard_vpn/tasks/main.yml | 24 | ||||
| -rw-r--r-- | roles/install_wireguard_vpn/templates/down.sh.j2 | 6 | ||||
| -rw-r--r-- | roles/install_wireguard_vpn/templates/up.sh.j2 | 9 | ||||
| -rw-r--r-- | roles/install_wireguard_vpn/templates/wg.conf.j2 | 7 |
4 files changed, 46 insertions, 0 deletions
diff --git a/roles/install_wireguard_vpn/tasks/main.yml b/roles/install_wireguard_vpn/tasks/main.yml new file mode 100644 index 0000000..3ca9dcc --- /dev/null +++ b/roles/install_wireguard_vpn/tasks/main.yml @@ -0,0 +1,24 @@ +--- +- name: create wireguard config for wgmyk + template: + src: wg.conf.j2 + dest: /etc/wireguard/wgmyk.conf + mode: 0400 + +- name: create wireguard up scripts for wgmyk + template: + src: up.sh.j2 + dest: /etc/wireguard/upmyk.sh + mode: 0744 + +- name: create wireguard down scripts for wgmyk + template: + src: down.sh.j2 + dest: /etc/wireguard/downmyk.sh + mode: 0744 + +- name: start and enable wireguard mesh + systemd: + name: wg-quick@wgmyk.service + enabled: yes + state: started diff --git a/roles/install_wireguard_vpn/templates/down.sh.j2 b/roles/install_wireguard_vpn/templates/down.sh.j2 new file mode 100644 index 0000000..d33011f --- /dev/null +++ b/roles/install_wireguard_vpn/templates/down.sh.j2 @@ -0,0 +1,6 @@ +#!/bin/bash + +ip -6 route del {{ wireguard_vpn_client_range }} table ffmyk dev wgmyk + +ip -6 rule del iif wgmyk +ip -6 rule del from {{ wireguard_vpn_client_range }} diff --git a/roles/install_wireguard_vpn/templates/up.sh.j2 b/roles/install_wireguard_vpn/templates/up.sh.j2 new file mode 100644 index 0000000..c57d16f --- /dev/null +++ b/roles/install_wireguard_vpn/templates/up.sh.j2 @@ -0,0 +1,9 @@ +#!/bin/bash + +ip -6 rule add iif wgmyk table ffmyk priority 10 +ip -6 rule add from {{ wireguard_vpn_client_range }} table ffmyk priority 10 + +ip -6 rule add from all iif wgmyk type unreachable priority 200 + +ip -6 route add {{ wireguard_vpn_client_range }} table ffmyk dev wgmyk +systemctl restart named.service diff --git a/roles/install_wireguard_vpn/templates/wg.conf.j2 b/roles/install_wireguard_vpn/templates/wg.conf.j2 new file mode 100644 index 0000000..3e25549 --- /dev/null +++ b/roles/install_wireguard_vpn/templates/wg.conf.j2 @@ -0,0 +1,7 @@ +[Interface] +ListenPort = {{ wireguard_vpn_port }} +PrivateKey = {{ wireguard_vpn_priv_key }} +Address = {{ wireguard_vpn_address }}/128 +MTU = 1400 +PostUp = /etc/wireguard/upmyk.sh +PreDown = /etc/wireguard/downmyk.sh |