M playbooks/local.yml => playbooks/local.yml +1 -1
@@ 8,4 8,4 @@
- { role: ssh }
- { role: croc }
- { role: minio_client }
- - { role: wireguard_vpn_client }
+ - { role: wireguard_desktop }
A roles/wireguard_desktop/tasks/main.yml => roles/wireguard_desktop/tasks/main.yml +16 -0
@@ 0,0 1,16 @@
+---
+- name: Configure wg-vpn
+ ansible.builtin.template:
+ src: wg-vpn.conf.j2
+ dest: /etc/wireguard/wg-vpn.conf
+ owner: root
+ group: root
+ mode: 0600
+
+- name: Configure wg-internal
+ ansible.builtin.template:
+ src: wg-internal.conf.j2
+ dest: /etc/wireguard/wg-internal.conf
+ owner: root
+ group: root
+ mode: 0600
A roles/wireguard_desktop/templates/wg-internal.conf.j2 => roles/wireguard_desktop/templates/wg-internal.conf.j2 +9 -0
@@ 0,0 1,9 @@
+[Interface]
+Address = 10.0.0.1/24
+PrivateKey = {{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/wireguard/localhost.key:content') | trim }}
+
+[Peer]
+PublicKey = {{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/wireguard/xenrox.net.pub:content') | trim }}
+PresharedKey = {{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/wireguard/localhost.psk:content') | trim }}
+Endpoint = xenrox.net:51820
+AllowedIPs = 10.0.0.2/32
R roles/wireguard_vpn_client/templates/wg1.conf.j2 => roles/wireguard_desktop/templates/wg-vpn.conf.j2 +0 -0
D roles/wireguard_vpn_client/tasks/main.yml => roles/wireguard_vpn_client/tasks/main.yml +0 -8
@@ 1,8 0,0 @@
----
-- name: Configure wireguard
- ansible.builtin.template:
- src: wg1.conf.j2
- dest: /etc/wireguard/wg1.conf
- owner: root
- group: root
- mode: 0600