Last active
October 8, 2019 07:16
-
-
Save tapionx/1cbe674e95d6777959e13c949729bc18 to your computer and use it in GitHub Desktop.
wireguard server ansible playbook (debian 10)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Interface] | |
| Address = 10.8.0.1/24 | |
| PrivateKey = XXXXXXXXXX | |
| PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE | |
| PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE | |
| ListenPort = 51821 | |
| [Peer] | |
| PublicKey = XXXXXXXXXX | |
| AllowedIPs = 10.8.0.2/24 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Interface] | |
| Address = 10.8.0.2/24 | |
| PrivateKey = XXXXXXXXXX | |
| DNS = 10.8.0.1 | |
| [Peer] | |
| PublicKey = XXXXXXXXXX | |
| Endpoint = XXXXXXXXXX:51821 | |
| AllowedIPs = 0.0.0.0/0 | |
| PersistentKeepalive = 21 | |
| # qrencode -t ansiutf8 < client.conf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| - hosts: all | |
| remote_user: root | |
| tasks: | |
| - name: add unstable repositories for wireguard | |
| copy: | |
| content: 'deb http://deb.debian.org/debian/ unstable main' | |
| dest: /etc/apt/sources.list.d/unstable.list | |
| - name: pin unstable repository preferences | |
| copy: | |
| content: | | |
| Package: * | |
| Pin: release a=unstable | |
| Pin-Priority: 90 | |
| dest: /etc/apt/preferences.d/limit-unstable | |
| - name: apt update | |
| apt: | |
| update_cache: yes | |
| - name: Install packages | |
| apt: | |
| name: "{{ packages }}" | |
| vars: | |
| packages: | |
| - wireguard | |
| - linux-headers-{{ ansible_kernel }} | |
| - qrencode | |
| - name: UFW allow WireGuard | |
| ufw: | |
| rule: allow | |
| port: "51821" | |
| proto: udp | |
| - name: add wireguard kernel module | |
| modprobe: | |
| name: wireguard | |
| - name: copy wireguard server config | |
| copy: | |
| src: ../templates/wireguard/vpn.conf | |
| dest: /etc/wireguard/vpn.conf | |
| owner: root | |
| group: root | |
| mode: 0600 | |
| - name: enable IP forwarding | |
| sysctl: | |
| name: net.ipv4.ip_forward | |
| value: "1" | |
| sysctl_set: yes | |
| state: present | |
| reload: yes | |
| - name: enable wireguard vpn service | |
| systemd: | |
| name: wg-quick@vpn.service | |
| enabled: yes | |
| - name: start wireguard vpn service | |
| systemd: | |
| name: wg-quick@vpn.service | |
| state: started | |
| notify: | |
| - reboot | |
| handlers: | |
| - name: reboot | |
| reboot: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment