Premier commit

2023-12-18 23:20:30 +01:00
parent ec25c6dba9
commit 62ef5fa4e9
577 changed files with 46490 additions and 1 deletions
--- a/roles/wireguard-r/README.md
+++ b/roles/wireguard-r/README.md
@@ -0,0 +1,32 @@
+
+# <p align="center">Procédure d'installation </p>
+  
+de **r-vp1** et de copie du fichier wg0-b.conf.
+
+***
+## Sur **r-vp1**:
+Attendre la fin de l'installation. Ensuite lancer un serveur http avec python3 pour récuperer le fichier wg0-b.conf sur **r-vp2** . 
+
+### 🛠️ Lancer le script
+```bash
+cd /tools/ansible/gsb2023/Scripts
+```
+```bash
+bash r-vp1-post.sh
+```
+## Sur **r-vp2**:
+
+Lancer le script r-vp2-post.sh pour récuperer le fichier de configuration et activer l'interface wg0.
+### 🛠️ Lancer le script
+```bash
+cd /tools/ansible/gsb2023/Scripts
+```
+```bash
+bash r-vp2-post.sh
+```
+## Fin
+
+redemarer les machines
+```bash
+reboot
+```
--- a/roles/wireguard-r/files/mk-wgconf.sh
+++ b/roles/wireguard-r/files/mk-wgconf.sh
@@ -0,0 +1,70 @@
+#!/bin/bash
+set -u
+set -e
+# Version Site to Site 
+ 
+AddressAwg=10.0.0.1/32  # Adresse VPN Wireguard cote A
+EndpointA=192.168.0.51  # Adresse extremite A
+PortA=51820  # Port ecoute extremite A
+NetworkA=192.168.1.0/24 # reseau cote A
+NetworkC=192.168.200.0/24 #reseau cote A
+NetworkD=172.16.0.0/24 #reseau cote A
+
+AddressBwg=10.0.0.2/32  # Adresse VPN Wireguard cote B
+EndpointB=192.168.0.52 # Adresse extremite B
+PortB=51820  # Port ecoute extremite B
+NetworkB=172.16.128.0/24 # reseau cote B
+ 
+umask 077
+wg genkey > endpoint-a.key
+wg pubkey < endpoint-a.key > endpoint-a.pub
+ 
+wg genkey > endpoint-b.key
+wg pubkey < endpoint-b.key > endpoint-b.pub
+ 
+ 
+PKA=$(cat endpoint-a.key)
+pKA=$(cat endpoint-a.pub)
+PKB=$(cat endpoint-b.key)
+pKB=$(cat endpoint-b.pub)
+ 
+cat <<FINI > wg0-a.conf
+# local settings for Endpoint A
+[Interface]
+PrivateKey = $PKA
+Address = $AddressAwg
+ListenPort = $PortA
+ 
+# IP forwarding
+PreUp = sysctl -w net.ipv4.ip_forward=1
+ 
+# remote settings for Endpoint B
+[Peer]
+PublicKey = $pKB
+Endpoint = ${EndpointB}:$PortB
+AllowedIPs = $AddressBwg, $NetworkB
+ 
+FINI
+ 
+ 
+cat <<FINI > wg0-b.conf
+# local settings for Endpoint B
+[Interface]
+PrivateKey = $PKB
+Address = $AddressBwg
+ListenPort = $PortB
+ 
+# IP forwarding
+PreUp = sysctl -w net.ipv4.ip_forward=1
+ 
+# remote settings for Endpoint A
+[Peer]
+PublicKey = $pKA
+Endpoint = ${EndpointA}:$PortA
+AllowedIPs = $AddressAwg, $NetworkA, $NetworkC, $NetworkD
+ 
+FINI
+ 
+echo "wg0-a.conf et wg0-b.conf sont generes ..."
+echo "copier wg0-b.conf sur la machine b et renommer les fichiers de configuration ..."
+
--- a/roles/wireguard-r/files/scriptwg.sh
+++ b/roles/wireguard-r/files/scriptwg.sh
@@ -0,0 +1,67 @@
+#!/bin/bash
+set -u
+set -e
+# Version Site to Site 
+ 
+AddressAwg=10.0.0.1/32  # Adresse VPN Wireguard cote A
+EndpointA=192.168.0.51  # Adresse extremite A
+PortA=51820  # Port ecoute extremite A
+NetworkA=192.168.1.0/24 # reseau cote A
+ 
+AddressBwg=10.0.0.2/32  # Adresse VPN Wireguard cote B
+EndpointB=192.168.0.52 # Adresse extremite B
+PortB=51820  # Port ecoute extremite B
+NetworkB=172.16.128.0/24 # reseau cote B
+ 
+umask 077
+wg genkey > endpoint-a.key
+wg pubkey < endpoint-a.key > endpoint-a.pub
+ 
+wg genkey > endpoint-b.key
+wg pubkey < endpoint-b.key > endpoint-b.pub
+ 
+ 
+PKA=$(cat endpoint-a.key)
+pKA=$(cat endpoint-a.pub)
+PKB=$(cat endpoint-b.key)
+pKB=$(cat endpoint-b.pub)
+ 
+cat <<FINI > wg0-a.conf
+# local settings for Endpoint A
+[Interface]
+PrivateKey = $PKA
+Address = $AddressAwg
+ListenPort = $PortA
+ 
+# IP forwarding
+PreUp = sysctl -w net.ipv4.ip_forward=1
+ 
+# remote settings for Endpoint B
+[Peer]
+PublicKey = $pKB
+Endpoint = ${EndpointB}:$PortB
+AllowedIPs = $AddressBwg, $NetworkB
+ 
+FINI
+ 
+ 
+cat <<FINI > wg0-b.conf
+# local settings for Endpoint B
+[Interface]
+PrivateKey = $PKB
+Address = $AddressBwg
+ListenPort = $PortB
+ 
+# IP forwarding
+PreUp = sysctl -w net.ipv4.ip_forward=1
+ 
+# remote settings for Endpoint A
+[Peer]
+PublicKey = $pKA
+Endpoint = ${EndpointA}:$PortA
+AllowedIPs = $AddressAwg, $NetworkA
+ 
+FINI
+ 
+echo "wg0-a.conf et wg0-b.conf sont generes ..."
+echo "copier wg0-b.conf sur la machine b et renommer les fichiers de configuration ..."
--- a/roles/wireguard-r/tasks/main.yml
+++ b/roles/wireguard-r/tasks/main.yml
@@ -0,0 +1,42 @@
+---
+- name: installation de wireguard
+  apt:
+    name: wireguard
+    state: present
+
+- name: installation de ferm
+  apt:
+    name: ferm
+    state: present
+
+- name: installation de wireguard-tools
+  apt:
+    name: wireguard-tools
+    state: present
+
+- name: création du dossier conf
+  file:
+    path: /root/confwg
+    state: directory
+
+- name: copie du script mk-wgconf.sh
+  copy:
+    src: mk-wgconf.sh
+    dest: /root/confwg
+
+- name: execution script mk-wgconf.sh
+  command: bash ./mk-wgconf.sh
+  args:
+    chdir: /root/confwg
+       
+- name: copie du fichier de configuration
+  copy:
+    src: /root/confwg/wg0-a.conf
+    dest: /etc/wireguard/wg0.conf
+
+- name: Restart service httpd, in all cases
+  ansible.builtin.service:
+    name: wg-quick@wg0
+    enabled: yes
+    state: restarted
+