Add WireGuard VPN

This commit is contained in:
Kris Lamoureux 2021-05-07 00:24:52 -04:00
parent ef8f38c09e
commit e3a89aecc2
Signed by: kris
GPG Key ID: 3EDA9C3441EDA925
4 changed files with 73 additions and 0 deletions

View File

@ -0,0 +1 @@
deb http://deb.debian.org/debian buster-backports main

View File

@ -11,3 +11,7 @@
- import_tasks: ddclient.yml - import_tasks: ddclient.yml
tags: ddclient tags: ddclient
when: ddclient is defined when: ddclient is defined
- import_tasks: wireguard.yml
tags: wireguard
when: wireguard is defined

View File

@ -0,0 +1,49 @@
# Copyright (C) 2021 Kris Lamoureux
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
- name: Add Debian Buster backports
copy:
src: buster-backports.list
dest: /etc/apt/sources.list.d/buster-backports.list
owner: root
group: root
mode: '0644'
- name: Install WireGuard
apt:
name: wireguard
state: present
update_cache: true
- name: Generate WireGuard keys
shell: wg genkey | tee privatekey | wg pubkey > publickey
args:
chdir: /etc/wireguard/
creates: /etc/wireguard/privatekey
- name: Grab WireGuard private key for configuration
slurp:
src: /etc/wireguard/privatekey
register: wgkey
- name: Install WireGuard configuration
template:
src: wireguard.j2
dest: /etc/wireguard/wg0.conf
- name: Start WireGuard interface
service:
name: wg-quick@wg0
state: started
enabled: true

View File

@ -0,0 +1,19 @@
[Interface]
PrivateKey = {{ wgkey['content'] | b64decode | trim }}
Address = {{ wireguard.address }}
{% if wireguard.listenport is defined %}
ListenPort = {{ wireguard.listenport }}
{% endif %}
{% for peer in wireguard.peers %}
[Peer]
PublicKey = {{ peer.publickey }}
{% if peer.endpoint is defined %}
Endpoint = {{ peer.endpoint }}
{% endif %}
AllowedIPs = {{ peer.allowedips }}
{% if peer.keepalive is defined %}
PersistentKeepalive = {{ peer.keepalive }}
{% endif %}
{% endfor %}