works
parent
9f0338371f
commit
e26a802c70
|
@ -1,7 +1,7 @@
|
||||||
# -*- mode: ruby -*-
|
# -*- mode: ruby -*-
|
||||||
# vi: set ft=ruby :
|
# vi: set ft=ruby :
|
||||||
#
|
#
|
||||||
n_peer_nodes = 2
|
n_peer_nodes = 4
|
||||||
|
|
||||||
Vagrant.configure("2") do |config|
|
Vagrant.configure("2") do |config|
|
||||||
config.vm.box = "generic/ubuntu2004"
|
config.vm.box = "generic/ubuntu2004"
|
||||||
|
@ -27,7 +27,7 @@ Vagrant.configure("2") do |config|
|
||||||
ansible.playbook = "playbooks/server_init.yml"
|
ansible.playbook = "playbooks/server_init.yml"
|
||||||
ansible.become = true
|
ansible.become = true
|
||||||
ansible.host_key_checking = false
|
ansible.host_key_checking = false
|
||||||
ansible.verbose = "vv"
|
ansible.verbose = "vvvvv"
|
||||||
ansible.extra_vars = {
|
ansible.extra_vars = {
|
||||||
"n_peer_nodes" => n_peer_nodes
|
"n_peer_nodes" => n_peer_nodes
|
||||||
}
|
}
|
||||||
|
|
|
@ -26,8 +26,13 @@
|
||||||
ansible.builtin.set_fact:
|
ansible.builtin.set_fact:
|
||||||
peer_node_private_key: "{{ lookup('file', private_keyfile_location) }}"
|
peer_node_private_key: "{{ lookup('file', private_keyfile_location) }}"
|
||||||
|
|
||||||
|
|
||||||
- name: Install the peer wireguard template to the server
|
- name: Install the peer wireguard template to the server
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "./templates/peer_wg0.conf"
|
src: "./templates/peer_wg0.conf"
|
||||||
dest: "/etc/wireguard/wg0.conf"
|
dest: "/etc/wireguard/wg0.conf"
|
||||||
|
|
||||||
|
- name: Start the wireguard service
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: wg-quick@wg0.service
|
||||||
|
enabled: yes
|
||||||
|
state: started
|
||||||
|
|
|
@ -2,7 +2,6 @@
|
||||||
- hosts: all
|
- hosts: all
|
||||||
become: yes
|
become: yes
|
||||||
vars:
|
vars:
|
||||||
peer_node_privkeys: []
|
|
||||||
peer_node_pubkeys: []
|
peer_node_pubkeys: []
|
||||||
tasks:
|
tasks:
|
||||||
- name: Install wireguard and ufw
|
- name: Install wireguard and ufw
|
||||||
|
@ -55,6 +54,13 @@
|
||||||
flat: yes
|
flat: yes
|
||||||
loop: "{{ range(1, n_peer_nodes + 1) | list }}"
|
loop: "{{ range(1, n_peer_nodes + 1) | list }}"
|
||||||
|
|
||||||
|
- name: Fill in the pubkeys array
|
||||||
|
ansible.builtin.set_fact:
|
||||||
|
peer_node_pubkeys: "{{ peer_node_pubkeys + [lookup('file', './keys/peer'+item|string+'_public_key.txt') | string] }}"
|
||||||
|
loop: "{{ range(1, n_peer_nodes + 1) | list }}"
|
||||||
|
become: false
|
||||||
|
delegate_to: localhost
|
||||||
|
|
||||||
- name: Get the default public interface
|
- name: Get the default public interface
|
||||||
ansible.builtin.shell: "ip route list | grep default | awk '{print $5}'"
|
ansible.builtin.shell: "ip route list | grep default | awk '{print $5}'"
|
||||||
register: server_public_interface_stdout
|
register: server_public_interface_stdout
|
||||||
|
@ -138,3 +144,7 @@
|
||||||
dest: "./keys/root_node_public_ip.txt"
|
dest: "./keys/root_node_public_ip.txt"
|
||||||
become: false
|
become: false
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
|
|
||||||
|
- name: Add each peer to root node configuration
|
||||||
|
ansible.builtin.shell: "wg set wg0 peer {{ peer_node_pubkeys[item] }} allowed-ips 10.6.0.{{ item+2 }}"
|
||||||
|
loop: "{{ range(0, n_peer_nodes) | list }}"
|
||||||
|
|
Loading…
Reference in New Issue