From bf9621fd69ed680d3ef52127f7cce1c11625eb8f Mon Sep 17 00:00:00 2001 From: ivan Date: Wed, 20 Aug 2025 22:46:12 +1000 Subject: [PATCH] add wg to sys and rename cfg --- ...ufw-playbook.yaml => install-software.yaml | 1 + roles/wireguard/defaults/main.yml | 5 +++ roles/wireguard/files/wg0.conf | 12 +++++++ roles/wireguard/handlers/main.yml | 6 ++++ roles/wireguard/tasks/main.yml | 31 +++++++++++++++++++ 5 files changed, 55 insertions(+) rename install-docker-compose-and-ufw-playbook.yaml => install-software.yaml (96%) create mode 100644 roles/wireguard/defaults/main.yml create mode 100644 roles/wireguard/files/wg0.conf create mode 100644 roles/wireguard/handlers/main.yml create mode 100644 roles/wireguard/tasks/main.yml diff --git a/install-docker-compose-and-ufw-playbook.yaml b/install-software.yaml similarity index 96% rename from install-docker-compose-and-ufw-playbook.yaml rename to install-software.yaml index 386035d..af72b66 100644 --- a/install-docker-compose-and-ufw-playbook.yaml +++ b/install-software.yaml @@ -19,3 +19,4 @@ - firewall - fail2ban - rsync + - wireguard diff --git a/roles/wireguard/defaults/main.yml b/roles/wireguard/defaults/main.yml new file mode 100644 index 0000000..dace85d --- /dev/null +++ b/roles/wireguard/defaults/main.yml @@ -0,0 +1,5 @@ +--- +wireguard_interface: wg0 +wireguard_config_src: "wg0.conf" +wireguard_config_dest: "/etc/wireguard/wg0.conf" + diff --git a/roles/wireguard/files/wg0.conf b/roles/wireguard/files/wg0.conf new file mode 100644 index 0000000..b36e99b --- /dev/null +++ b/roles/wireguard/files/wg0.conf @@ -0,0 +1,12 @@ +[Interface] +PrivateKey = 0JbU1C+rJSj7PWXPABZy3+fRR0UU5Hf0lRy6BIE2Smg= +Address = 10.0.0.3/32 +DNS = 1.1.1.1, 1.0.0.1 +MTU = 1420 + +[Peer] +PublicKey = h31B3s731FwhWnbrnmDr4swVz25LuOJ3xAhhstH+sTg= +AllowedIPs = 10.0.0.0/24 +PersistentKeepalive = 25 +Endpoint = 192.168.1.116:48129 +PresharedKey = tajJo61lYJ6E/PvOktpVkL3spBGEeUp65yvye5Jx1Ys= diff --git a/roles/wireguard/handlers/main.yml b/roles/wireguard/handlers/main.yml new file mode 100644 index 0000000..9c295c2 --- /dev/null +++ b/roles/wireguard/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: Restart wireguard + systemd: + name: "wg-quick@{{ wireguard_interface }}" + state: restarted + diff --git a/roles/wireguard/tasks/main.yml b/roles/wireguard/tasks/main.yml new file mode 100644 index 0000000..5e27b76 --- /dev/null +++ b/roles/wireguard/tasks/main.yml @@ -0,0 +1,31 @@ +--- +- name: Установить wireguard (Debian/Ubuntu) + apt: + name: wireguard + state: present + update_cache: true + when: ansible_os_family == "Debian" + +- name: Создать каталог /etc/wireguard + file: + path: /etc/wireguard + state: directory + owner: root + group: root + mode: "0700" + +- name: Скопировать конфиг интерфейса + copy: + src: "{{ wireguard_config_src }}" + dest: "{{ wireguard_config_dest }}" + owner: root + group: root + mode: "0600" + notify: Restart wireguard + +- name: Включить и запустить сервис + systemd: + name: "wg-quick@{{ wireguard_interface }}" + enabled: true + state: started +