connectivity

4.1 KB•YML

wireguard.yml

4.1 KB • 123 lines • yaml

1---
2# ========================================
3# WIREGUARD VPN SERVICE DEPLOYMENT
4# ========================================
5# Deploys WireGuard VPN using wg-easy container
6# Provides web UI for client management
7
8- name: "Display WireGuard deployment information"
9  ansible.builtin.debug:
10    msg:
11      - "Deploying WireGuard VPN service"
12      - "Service: {{ connectivity_wireguard_service_name }}"
13      - "VPN Port: {{ connectivity_wireguard_port }}"
14      - "Web UI Port: {{ connectivity_wireguard_web_port }}"
15      - "VPN Subnet: {{ connectivity_wireguard_subnet }}"
16      - "External Host: {{ connectivity_wireguard_host }}"
17  tags: [wireguard]
18
19- name: "Create WireGuard configuration directory"
20  ansible.builtin.file:
21    path: "{{ connectivity_docker_base_path }}/wireguard/config"
22    state: directory
23    owner: "{{ connectivity_docker_owner }}"
24    group: "{{ connectivity_docker_group }}"
25    mode: "0750"
26  tags: [wireguard, config]
27
28- name: "Create WireGuard Docker Compose file"
29  ansible.builtin.template:
30    src: wireguard-compose.yml.j2
31    dest: "{{ connectivity_docker_base_path }}/wireguard/docker-compose.yml"
32    owner: "{{ connectivity_docker_owner }}"
33    group: "{{ connectivity_docker_group }}"
34    mode: "0644"
35  notify: restart wireguard
36  tags: [wireguard, compose]
37
38- name: "Create WireGuard environment file"
39  ansible.builtin.template:
40    src: wireguard.env.j2
41    dest: "{{ connectivity_docker_base_path }}/wireguard/.env"
42    owner: "{{ connectivity_docker_owner }}"
43    group: "{{ connectivity_docker_group }}"
44    mode: "0600"  # Secure environment file
45  notify: restart wireguard
46  tags: [wireguard, config, secrets]
47
48- name: "Enable IP forwarding for WireGuard"
49  ansible.posix.sysctl:
50    name: net.ipv4.ip_forward
51    value: '1'
52    state: present
53    reload: yes
54  tags: [wireguard, sysctl]
55
56- name: "Enable IPv6 forwarding for WireGuard (if IPv6 enabled)"
57  ansible.posix.sysctl:
58    name: net.ipv6.conf.all.forwarding
59    value: '1'
60    state: present
61    reload: yes
62  when: connectivity_wireguard_default_allowed_ips | regex_search('::/0')
63  tags: [wireguard, sysctl, ipv6]
64
65- name: "Configure iptables rules for WireGuard"
66  ansible.builtin.iptables:
67    table: nat
68    chain: POSTROUTING
69    source: "{{ connectivity_wireguard_subnet }}"
70    out_interface: "{{ connectivity_wireguard_device_name }}"
71    jump: MASQUERADE
72    comment: "WireGuard VPN NAT"
73  notify: save iptables
74  tags: [wireguard, iptables]
75
76
77- name: "Start WireGuard service"
78  community.docker.docker_compose:
79    project_src: "{{ connectivity_docker_base_path }}/wireguard"
80    pull: yes
81    state: present
82  tags: [wireguard, service]
83
84- name: "Wait for WireGuard service to be ready"
85  ansible.builtin.wait_for:
86    port: "{{ connectivity_wireguard_web_port }}"
87    host: "{{ ansible_default_ipv4.address }}"
88    delay: 5
89    timeout: 60
90  tags: [wireguard, health]
91
92- name: "Verify WireGuard container is running"
93  community.docker.docker_container_info:
94    name: "{{ connectivity_wireguard_container_name }}"
95  register: connectivity_wireguard_container_status
96  tags: [wireguard, verify]
97
98- name: "Display WireGuard service status"
99  ansible.builtin.debug:
100    msg:
101      - "WireGuard VPN service deployed successfully"
102      - "Container status: {{ connectivity_wireguard_container_status.container.State.Status | default('Unknown') }}"
103      - "VPN Access: UDP {{ ansible_default_ipv4.address }}:{{ connectivity_wireguard_port }}"
104      - "Web UI: http://{{ ansible_default_ipv4.address }}:{{ connectivity_wireguard_web_port }}"
105      - "Web UI Password: {{ connectivity_wireguard_password }}"
106      - ""
107      - "Next steps:"
108      - "1. Access Web UI to create VPN clients"
109      - "2. Download client configurations"
110      - "3. Configure client devices"
111  tags: [wireguard, info]
112
113
114- name: "Label WireGuard container for connectivity service group"
115  community.docker.docker_container:
116    name: "{{ connectivity_wireguard_container_name }}"
117    labels:
118      com.connectivity.service: "wireguard"
119      com.connectivity.type: "vpn"
120      com.connectivity.port: "{{ connectivity_wireguard_port }}"
121    state: started
122    recreate: no
123  tags: [wireguard, labels]

1--- 2# ======================================== 3# WIREGUARD VPN SERVICE DEPLOYMENT 4# ======================================== 5# Deploys WireGuard VPN using wg-easy container 6# Provides web UI for client management 7 8- name: "Display WireGuard deployment information" 9 ansible.builtin.debug: 10 msg: 11 - "Deploying WireGuard VPN service" 12 - "Service: {{ connectivity_wireguard_service_name }}" 13 - "VPN Port: {{ connectivity_wireguard_port }}" 14 - "Web UI Port: {{ connectivity_wireguard_web_port }}" 15 - "VPN Subnet: {{ connectivity_wireguard_subnet }}" 16 - "External Host: {{ connectivity_wireguard_host }}" 17 tags: [wireguard] 18 19- name: "Create WireGuard configuration directory" 20 ansible.builtin.file: 21 path: "{{ connectivity_docker_base_path }}/wireguard/config" 22 state: directory 23 owner: "{{ connectivity_docker_owner }}" 24 group: "{{ connectivity_docker_group }}" 25 mode: "0750" 26 tags: [wireguard, config] 27 28- name: "Create WireGuard Docker Compose file" 29 ansible.builtin.template: 30 src: wireguard-compose.yml.j2 31 dest: "{{ connectivity_docker_base_path }}/wireguard/docker-compose.yml" 32 owner: "{{ connectivity_docker_owner }}" 33 group: "{{ connectivity_docker_group }}" 34 mode: "0644" 35 notify: restart wireguard 36 tags: [wireguard, compose] 37 38- name: "Create WireGuard environment file" 39 ansible.builtin.template: 40 src: wireguard.env.j2 41 dest: "{{ connectivity_docker_base_path }}/wireguard/.env" 42 owner: "{{ connectivity_docker_owner }}" 43 group: "{{ connectivity_docker_group }}" 44 mode: "0600" # Secure environment file 45 notify: restart wireguard 46 tags: [wireguard, config, secrets] 47 48- name: "Enable IP forwarding for WireGuard" 49 ansible.posix.sysctl: 50 name: net.ipv4.ip_forward 51 value: '1' 52 state: present 53 reload: yes 54 tags: [wireguard, sysctl] 55 56- name: "Enable IPv6 forwarding for WireGuard (if IPv6 enabled)" 57 ansible.posix.sysctl: 58 name: net.ipv6.conf.all.forwarding 59 value: '1' 60 state: present 61 reload: yes 62 when: connectivity_wireguard_default_allowed_ips | regex_search('::/0') 63 tags: [wireguard, sysctl, ipv6] 64 65- name: "Configure iptables rules for WireGuard" 66 ansible.builtin.iptables: 67 table: nat 68 chain: POSTROUTING 69 source: "{{ connectivity_wireguard_subnet }}" 70 out_interface: "{{ connectivity_wireguard_device_name }}" 71 jump: MASQUERADE 72 comment: "WireGuard VPN NAT" 73 notify: save iptables 74 tags: [wireguard, iptables] 75 76 77- name: "Start WireGuard service" 78 community.docker.docker_compose: 79 project_src: "{{ connectivity_docker_base_path }}/wireguard" 80 pull: yes 81 state: present 82 tags: [wireguard, service] 83 84- name: "Wait for WireGuard service to be ready" 85 ansible.builtin.wait_for: 86 port: "{{ connectivity_wireguard_web_port }}" 87 host: "{{ ansible_default_ipv4.address }}" 88 delay: 5 89 timeout: 60 90 tags: [wireguard, health] 91 92- name: "Verify WireGuard container is running" 93 community.docker.docker_container_info: 94 name: "{{ connectivity_wireguard_container_name }}" 95 register: connectivity_wireguard_container_status 96 tags: [wireguard, verify] 97 98- name: "Display WireGuard service status" 99 ansible.builtin.debug: 100 msg: 101 - "WireGuard VPN service deployed successfully" 102 - "Container status: {{ connectivity_wireguard_container_status.container.State.Status | default('Unknown') }}" 103 - "VPN Access: UDP {{ ansible_default_ipv4.address }}:{{ connectivity_wireguard_port }}" 104 - "Web UI: http://{{ ansible_default_ipv4.address }}:{{ connectivity_wireguard_web_port }}" 105 - "Web UI Password: {{ connectivity_wireguard_password }}" 106 - "" 107 - "Next steps:" 108 - "1. Access Web UI to create VPN clients" 109 - "2. Download client configurations" 110 - "3. Configure client devices" 111 tags: [wireguard, info] 112 113 114- name: "Label WireGuard container for connectivity service group" 115 community.docker.docker_container: 116 name: "{{ connectivity_wireguard_container_name }}" 117 labels: 118 com.connectivity.service: "wireguard" 119 com.connectivity.type: "vpn" 120 com.connectivity.port: "{{ connectivity_wireguard_port }}" 121 state: started 122 recreate: no 123 tags: [wireguard, labels]