diff options
Diffstat (limited to 'wireguard.yml')
-rw-r--r-- | wireguard.yml | 88 |
1 files changed, 0 insertions, 88 deletions
diff --git a/wireguard.yml b/wireguard.yml deleted file mode 100644 index db1278c..0000000 --- a/wireguard.yml +++ /dev/null @@ -1,88 +0,0 @@ ---- -- name: Wireguard config - hosts: tamriel - remote_user: ansible_worker - become: yes - vars_files: - - secrets.yml - tasks: - - name: install wireguard - apt: - name: wireguard - - name: IPv4 forwarding - sysctl: - name: net.ipv4.ip_forward - value: "1" - state: present - - name: ARP proxy - sysctl: - name: net.ipv4.conf.all.proxy_arp - value: "1" - state: present - - - - name: Generate wireguard config - template: - src: templates/wg.conf.j2 - dest: /etc/wireguard/wg0.conf - - - - lineinfile: - dest: /etc/network/interfaces - state: present - insertafter: "^source /etc/network/interfaces.d/*" - line: auto wg0 - - lineinfile: - dest: /etc/network/interfaces - state: present - insertafter: "^auto wg0" - line: iface wg0 inet static - - - interfaces_file: - iface: wg0 - option: address - value: 10.0.27.1 - - interfaces_file: - iface: wg0 - option: netmask - value: 255.255.255.0 - - interfaces_file: - iface: wg0 - option: pre-up - value: ip link add $IFACE type wireguard - - interfaces_file: - iface: wg0 - option: pre-up - value: wg setconf $IFACE /etc/wireguard/$IFACE.conf - - interfaces_file: - iface: wg0 - option: post-down - value: ip link del $IFACE - - - iptables: - chain: INPUT - match: conntrack - ctstate: ["RELATED","ESTABLISHED"] - jump: ACCEPT - - iptables: - chain: FORWARD - match: conntrack - ctstate: ["RELATED","ESTABLISHED"] - jump: ACCEPT - - iptables: - chain: FORWARD - in_interface: wg0 - out_interface: wg0 - match: conntrack - ctstate: ["NEW"] - jump: ACCEPT - - - iptables: - chain: FORWARD - in_interface: wg0 - jump: ACCEPT - - iptables: - table: nat - chain: POSTROUTING - out_interface: ens2 - jump: MASQUERADE |