From 0df756b5853685a99c8da687fc07551932c01480 Mon Sep 17 00:00:00 2001 From: Fabio Sinibaldi Date: Mon, 11 May 2026 16:24:58 +0200 Subject: [PATCH] Wireguard VPN Server --- .../group_vars/wireguard_server/sifi.yaml | 14 ++++++ .../roles/wireguard_server/tasks/main.yaml | 44 +++++++++++++++++++ .../templates/wireguard_server.jinja | 11 +++++ ansible/playbooks/vpn_server.yaml | 5 +++ 4 files changed, 74 insertions(+) create mode 100644 ansible/inventories/group_vars/wireguard_server/sifi.yaml create mode 100644 ansible/playbooks/roles/wireguard_server/tasks/main.yaml create mode 100644 ansible/playbooks/roles/wireguard_server/templates/wireguard_server.jinja create mode 100644 ansible/playbooks/vpn_server.yaml diff --git a/ansible/inventories/group_vars/wireguard_server/sifi.yaml b/ansible/inventories/group_vars/wireguard_server/sifi.yaml new file mode 100644 index 0000000..c88ec6e --- /dev/null +++ b/ansible/inventories/group_vars/wireguard_server/sifi.yaml @@ -0,0 +1,14 @@ +server_port: "51820" + +peers: +- publicKey: "NRGPm2GV+ocsXImNxJ5pT/FuQCPg8uQcvydB6OSQEBg=" + allowedIPs: "192.168.99.4/32" + + + +# client +{% for peer in peers %} +[Peer] +PublicKey = {{ peers[peer].publicKey}} +AllowedIPs = {{ peers[peer].allowedIPs}} +{{% endfor %}} \ No newline at end of file diff --git a/ansible/playbooks/roles/wireguard_server/tasks/main.yaml b/ansible/playbooks/roles/wireguard_server/tasks/main.yaml new file mode 100644 index 0000000..b182880 --- /dev/null +++ b/ansible/playbooks/roles/wireguard_server/tasks/main.yaml @@ -0,0 +1,44 @@ +--- +- name: Install Wireguard Server + apt: + pkg: + - wireguard + state: latest + update_cache: true + + +- name: Creating server privatekey and publickey + shell: wg genkey | tee privatekey | wg pubkey > publickey + args: + chdir: /etc/wireguard/keys + +- name: Get Private Key [privatekey => ]var_privatekey + shell: cat privatekey + register: var_privatekey + args: + chdir: /etc/wireguard/keys + + +- name: Add WireGuard interface + command: ip link add dev wg0 type wireguard + become: true + + +- name: Updating configuration + template: + src: wireguard_server + dest: /etc/wireguard/wg0.conf + +- name: Activating link + command: ip link set up dev wg0 + become: true + +- name: Getting public key + shell: cat publickey + register: var_publickey + args: + chdir: /etc/wireguard/keys + +- name: Printing public key + debug: + msg: "Server public key is {{ var_publickey }}" diff --git a/ansible/playbooks/roles/wireguard_server/templates/wireguard_server.jinja b/ansible/playbooks/roles/wireguard_server/templates/wireguard_server.jinja new file mode 100644 index 0000000..254264d --- /dev/null +++ b/ansible/playbooks/roles/wireguard_server/templates/wireguard_server.jinja @@ -0,0 +1,11 @@ +# device +[Interface] +PrivateKey = {{ var_privatekey.stdout }} +ListenPort = {{ server_port }} + +# client +{% for peer in peers %} +[Peer] +PublicKey = {{ peers[peer].publicKey}} +AllowedIPs = {{ peers[peer].allowedIP}} +{{% endfor %}} \ No newline at end of file diff --git a/ansible/playbooks/vpn_server.yaml b/ansible/playbooks/vpn_server.yaml new file mode 100644 index 0000000..03695df --- /dev/null +++ b/ansible/playbooks/vpn_server.yaml @@ -0,0 +1,5 @@ +--- +- name: Configure VPN Server + hosts: wireguard_server + roles: + - wireguard_server