Add wireguard
This commit is contained in:
parent
2a36002124
commit
a259572a20
7 changed files with 83 additions and 0 deletions
|
|
@ -5,6 +5,12 @@ server:
|
|||
ssh_port: 22
|
||||
work_dir: /mnt/test
|
||||
backup_dir: /mnt/btest
|
||||
vpn:
|
||||
subnet: 192.168.1.0/24
|
||||
ip: 192.168.1.254
|
||||
port: 22
|
||||
peers: test
|
||||
|
||||
acme:
|
||||
email: test@test.fr
|
||||
debug: true
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@
|
|||
roles:
|
||||
- { role: docker, tags: ["docker"] }
|
||||
- { role: ssh, tags: ["ssh"] }
|
||||
- { role: wireguard, tags: ["wireguard"] }
|
||||
- { role: traefik, tags: ["traefik"] }
|
||||
- { role: whoami, tags: ["whoami"] }
|
||||
- { role: protonmail, tags: ["protonmail"] }
|
||||
|
|
|
|||
|
|
@ -83,3 +83,6 @@
|
|||
/sbin/iptables -A OUTPUT -j ACCEPT -d 172.17.0.0/16
|
||||
/sbin/iptables -A INPUT -j ACCEPT -d 192.168.1.0/24
|
||||
/sbin/iptables -A OUTPUT -j ACCEPT -d 192.168.1.0/24
|
||||
|
||||
# VPN
|
||||
/sbin/iptables -A INPUT -p udp --dport {{ server.vpn.port }} -j ACCEPT
|
||||
|
|
|
|||
22
roles/wireguard/tasks/base.yml
Normal file
22
roles/wireguard/tasks/base.yml
Normal file
|
|
@ -0,0 +1,22 @@
|
|||
---
|
||||
|
||||
- name: Check wireguard directory exist
|
||||
ansible.builtin.file:
|
||||
path: wireguard
|
||||
state: directory
|
||||
|
||||
- name: Copy template conf
|
||||
ansible.builtin.template:
|
||||
src: "{{ item.src }}"
|
||||
dest: "wireguard/{{ item.dest }}"
|
||||
loop:
|
||||
- { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' }
|
||||
register: wireguard_copy_templates_results
|
||||
|
||||
- name: Update and restart container
|
||||
community.docker.docker_compose:
|
||||
project_src: wireguard
|
||||
state: present
|
||||
pull: true
|
||||
restarted: "{{ wireguard_copy_templates_results.changed }}"
|
||||
become: true
|
||||
8
roles/wireguard/tasks/main.yml
Normal file
8
roles/wireguard/tasks/main.yml
Normal file
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
|
||||
- ansible.builtin.import_tasks: network.yml
|
||||
name: network
|
||||
|
||||
- ansible.builtin.import_tasks: base.yml
|
||||
name: base
|
||||
|
||||
9
roles/wireguard/tasks/network.yml
Normal file
9
roles/wireguard/tasks/network.yml
Normal file
|
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
|
||||
- name: Create vpn network
|
||||
community.docker.docker_network:
|
||||
name: vpn
|
||||
ipam_config:
|
||||
- subnet: "{{ server.vpn.subnet }}"
|
||||
state: present
|
||||
become: true
|
||||
34
roles/wireguard/templates/docker-compose.yml.j2
Normal file
34
roles/wireguard/templates/docker-compose.yml.j2
Normal file
|
|
@ -0,0 +1,34 @@
|
|||
version: '3'
|
||||
|
||||
services:
|
||||
wireguard:
|
||||
image: lscr.io/linuxserver/wireguard:latest
|
||||
container_name: wireguard
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
- SYS_MODULE
|
||||
environment:
|
||||
- PUID=1000
|
||||
- PGID=1000
|
||||
- TZ=Europe/Paris
|
||||
- SERVERURL=vpn.mrdev023.fr
|
||||
- SERVERPORT={{ server.vpn.port }}
|
||||
- ALLOWEDIPS={{ server.vpn.subnet }}
|
||||
- PEERDNS=8.8.8.8
|
||||
- PEERS={{ server.vpn.peers }}
|
||||
- LOG_CONFS=false
|
||||
volumes:
|
||||
- {{ server.work_dir }}/wireguard/base:/config
|
||||
- /lib/modules:/lib/modules
|
||||
ports:
|
||||
- {{ server.vpn.port }}:{{ server.vpn.port }}/udp
|
||||
networks:
|
||||
vpn:
|
||||
ipv4_address: {{ server.vpn.ip }}
|
||||
sysctls:
|
||||
- net.ipv4.conf.all.src_valid_mark=1
|
||||
restart: unless-stopped
|
||||
|
||||
networks:
|
||||
vpn:
|
||||
external: true
|
||||
Loading…
Reference in a new issue