works

2023-03-09 22:21:26 +01:00 · 2023-03-09 22:21:26 +01:00 · e26a802c70
parent 9f0338371f
commit e26a802c70
3 changed files with 20 additions and 5 deletions
--- a/vg/Vagrantfile
+++ b/vg/Vagrantfile
@ -1,7 +1,7 @@
 # -*- mode: ruby -*-
 # vi: set ft=ruby :
 #
-n_peer_nodes = 2
+n_peer_nodes = 4

 Vagrant.configure("2") do |config|
  config.vm.box = "generic/ubuntu2004"
@ -27,7 +27,7 @@ Vagrant.configure("2") do |config|
      ansible.playbook = "playbooks/server_init.yml"
      ansible.become = true
      ansible.host_key_checking = false
-      ansible.verbose = "vv"
+      ansible.verbose = "vvvvv"
      ansible.extra_vars = {
        "n_peer_nodes" => n_peer_nodes 
      }
--- a/vg/playbooks/peer_init.yml
+++ b/vg/playbooks/peer_init.yml
@ -26,8 +26,13 @@
      ansible.builtin.set_fact:
        peer_node_private_key: "{{ lookup('file', private_keyfile_location) }}"

-
    - name: Install the peer wireguard template to the server
      ansible.builtin.template:
        src: "./templates/peer_wg0.conf"
        dest: "/etc/wireguard/wg0.conf"
+
+    - name: Start the wireguard service
+      ansible.builtin.service:
+        name: wg-quick@wg0.service
+        enabled: yes
+        state: started
--- a/vg/playbooks/server_init.yml
+++ b/vg/playbooks/server_init.yml
@ -2,7 +2,6 @@
 - hosts: all
  become: yes
  vars:
-    peer_node_privkeys: []
    peer_node_pubkeys: []
  tasks:
    - name: Install wireguard and ufw
@ -55,6 +54,13 @@
        flat: yes
      loop: "{{ range(1, n_peer_nodes + 1) | list }}"
         
+    - name: Fill in the pubkeys array
+      ansible.builtin.set_fact:
+        peer_node_pubkeys: "{{ peer_node_pubkeys + [lookup('file', './keys/peer'+item|string+'_public_key.txt') | string] }}"
+      loop: "{{ range(1, n_peer_nodes + 1) | list }}"
+      become: false
+      delegate_to: localhost
+
    - name: Get the default public interface
      ansible.builtin.shell: "ip route list | grep default | awk '{print $5}'"
      register: server_public_interface_stdout
@ -138,3 +144,7 @@
        dest: "./keys/root_node_public_ip.txt"
      become: false
      delegate_to: localhost
+
+    - name: Add each peer to root node configuration
+      ansible.builtin.shell: "wg set wg0 peer {{ peer_node_pubkeys[item] }} allowed-ips 10.6.0.{{ item+2 }}"
+      loop: "{{ range(0, n_peer_nodes) | list }}"