Running config v1

2022-05-09 12:16:09 +02:00 · 2022-05-09 12:16:09 +02:00 · 150be2ac7c
commit 150be2ac7c
parent f7674cd5bb
5 changed files with 38 additions and 45 deletions
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -1,29 +0,0 @@
 ---
 - name: restart wireguard
  ansible.builtin.service:
    name: "wg-quick@{{ wireguard_interface }}"
    state: "{{ item }}"
  loop:
    - stopped
    - started
  when:
    - wireguard__restart_interface
    - not ansible_os_family == 'Darwin'
    - wireguard_service_enabled == "yes"
  listen: "reconfigure wireguard"
 - name: syncconf wireguard
  ansible.builtin.shell: |
    set -o errexit
    set -o pipefail
    set -o nounset
    systemctl is-active wg-quick@{{ wireguard_interface|quote }} || systemctl start wg-quick@{{ wireguard_interface|quote }}
    wg syncconf {{ wireguard_interface|quote }} <(wg-quick strip /etc/wireguard/{{ wireguard_interface|quote }}.conf)
    exit 0
  args:
    executable: "/bin/bash"
  when:
    - not wireguard__restart_interface
    - not ansible_os_family == 'Darwin'
    - wireguard_service_enabled == "yes"
  listen: "reconfigure wireguard"
--- a/host_vars/troisdorf7.yml
+++ b/host_vars/troisdorf7.yml
@ -1,5 +1,21 @@
 wireguard_unmanaged_peers:
-  vpn1-stefan:
+  vpn1-testing:
    public_key: 8BoLoKRwSNRdUe0uygneYFdTIx5iHwoMENbnzpomYCI=
    allowed_ips: 10.255.1.2/32, 10.1.0.0/16
-    persistent_keepalive: 25
+    persistent_keepalive: 25
 #  vpn2-stefan:
 #    public_key: NvJKN6xorzvwL7NhMoY2bEwpDVTl9Ob/1gx9g8tHfic=
 #    allowed_ips: 10.255.1.3/32, 10.2.0.0/16
 #    persistent_keepalive: 25
 #  vpn3-empty:
 #    public_key: pwD87EgTk8fGctR1Cz6/DfwGuzTg8VO2YC2CM58Sdlw=
 #    allowed_ips: 10.255.1.2/32, 10.1.0.0/16
 #    persistent_keepalive: 25
 #  vpn4-empty:
 #    public_key: N54OfQCIQGbPltC4sq/1gvV/2UXFKcQAti9ORNvlFxA=
 #    allowed_ips: 10.255.1.2/32, 10.1.0.0/16
 #    persistent_keepalive: 25
 #  vpn5-empty:
 #    public_key: sKi7h1W89XEe9tzxbXbev3oHBoS0VOLXFFLvwQZ+wAM=
 #    allowed_ips: 10.255.1.2/32, 10.1.0.0/16
 #    persistent_keepalive: 25
--- a/roles/00-system-set-network/tasks/templates/50-ifdown-hooks.sh.j2
+++ b/roles/00-system-set-network/tasks/templates/50-ifdown-hooks.sh.j2
@ -1,6 +0,0 @@
 #!/bin/bash
 if [ "$IFACE" == "gre*" ];
 then
        iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source {{ ffrl_ipv4 }}
 fi
--- a/roles/00-system-set-network/tasks/templates/50-ifup-hooks.sh.j2
+++ b/roles/00-system-set-network/tasks/templates/50-ifup-hooks.sh.j2
@ -1,8 +0,0 @@
 #!/bin/bash
 if [ "$IFACE" == "gre*" ];
 then
    iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source {{ ffrl_ipv4 }}
    iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
    ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
 fi
--- a/roles/21-install-wireguard/handlers/main.yml
+++ b/roles/21-install-wireguard/handlers/main.yml
@ -0,0 +1,20 @@
 ---
 - name: restart wireguard
  ansible.builtin.service:
    name: "wg-quick@vpn01"
    state: "{{ item }}"
  loop:
    - stopped
    - started
  listen: "reconfigure wireguard"
 - name: syncconf wireguard
  ansible.builtin.shell: |
    set -o errexit
    set -o pipefail
    set -o nounset
    systemctl is-active wg-quick@vpn01 || systemctl start wg-quick@vpn01
    wg syncconf vpn01 <(wg-quick strip /etc/wireguard/vpn01.conf)
    exit 0
  args:
    executable: "/bin/bash"
  listen: "reconfigure wireguard"