Running config v1

2022-05-09 12:16:09 +02:00 · 2022-05-09 12:16:09 +02:00 · 150be2ac7c
commit 150be2ac7c
parent f7674cd5bb
5 changed files with 38 additions and 45 deletions
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -1,29 +0,0 @@
---
- name: restart wireguard
-  ansible.builtin.service:
-    name: "wg-quick@{{ wireguard_interface }}"
-    state: "{{ item }}"
-  loop:
-    - stopped
-    - started
-  when:
-    - wireguard__restart_interface
-    - not ansible_os_family == 'Darwin'
-    - wireguard_service_enabled == "yes"
-  listen: "reconfigure wireguard"
-
- name: syncconf wireguard
-  ansible.builtin.shell: |
-    set -o errexit
-    set -o pipefail
-    set -o nounset
-    systemctl is-active wg-quick@{{ wireguard_interface|quote }} || systemctl start wg-quick@{{ wireguard_interface|quote }}
-    wg syncconf {{ wireguard_interface|quote }} <(wg-quick strip /etc/wireguard/{{ wireguard_interface|quote }}.conf)
-    exit 0
-  args:
-    executable: "/bin/bash"
-  when:
-    - not wireguard__restart_interface
-    - not ansible_os_family == 'Darwin'
-    - wireguard_service_enabled == "yes"
-  listen: "reconfigure wireguard"
--- a/host_vars/troisdorf7.yml
+++ b/host_vars/troisdorf7.yml
@ -1,5 +1,21 @@
 wireguard_unmanaged_peers:
-  vpn1-stefan:
+  vpn1-testing:
    public_key: 8BoLoKRwSNRdUe0uygneYFdTIx5iHwoMENbnzpomYCI=
    allowed_ips: 10.255.1.2/32, 10.1.0.0/16
-    persistent_keepalive: 25
+    persistent_keepalive: 25
+#  vpn2-stefan:
+#    public_key: NvJKN6xorzvwL7NhMoY2bEwpDVTl9Ob/1gx9g8tHfic=
+#    allowed_ips: 10.255.1.3/32, 10.2.0.0/16
+#    persistent_keepalive: 25
+#  vpn3-empty:
+#    public_key: pwD87EgTk8fGctR1Cz6/DfwGuzTg8VO2YC2CM58Sdlw=
+#    allowed_ips: 10.255.1.2/32, 10.1.0.0/16
+#    persistent_keepalive: 25
+#  vpn4-empty:
+#    public_key: N54OfQCIQGbPltC4sq/1gvV/2UXFKcQAti9ORNvlFxA=
+#    allowed_ips: 10.255.1.2/32, 10.1.0.0/16
+#    persistent_keepalive: 25
+#  vpn5-empty:
+#    public_key: sKi7h1W89XEe9tzxbXbev3oHBoS0VOLXFFLvwQZ+wAM=
+#    allowed_ips: 10.255.1.2/32, 10.1.0.0/16
+#    persistent_keepalive: 25
--- a/roles/00-system-set-network/tasks/templates/50-ifdown-hooks.sh.j2
+++ b/roles/00-system-set-network/tasks/templates/50-ifdown-hooks.sh.j2
@ -1,6 +0,0 @@
-#!/bin/bash
-
-if [ "$IFACE" == "gre*" ];
-then
-        iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source {{ ffrl_ipv4 }}
-fi
--- a/roles/00-system-set-network/tasks/templates/50-ifup-hooks.sh.j2
+++ b/roles/00-system-set-network/tasks/templates/50-ifup-hooks.sh.j2
@ -1,8 +0,0 @@
-#!/bin/bash
-
-if [ "$IFACE" == "gre*" ];
-then
-    iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source {{ ffrl_ipv4 }}
-    iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
-    ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
-fi
--- a/roles/21-install-wireguard/handlers/main.yml
+++ b/roles/21-install-wireguard/handlers/main.yml
@ -0,0 +1,20 @@
+---
+- name: restart wireguard
+  ansible.builtin.service:
+    name: "wg-quick@vpn01"
+    state: "{{ item }}"
+  loop:
+    - stopped
+    - started
+  listen: "reconfigure wireguard"
+- name: syncconf wireguard
+  ansible.builtin.shell: |
+    set -o errexit
+    set -o pipefail
+    set -o nounset
+    systemctl is-active wg-quick@vpn01 || systemctl start wg-quick@vpn01
+    wg syncconf vpn01 <(wg-quick strip /etc/wireguard/vpn01.conf)
+    exit 0
+  args:
+    executable: "/bin/bash"
+  listen: "reconfigure wireguard"