diff --git a/partie2/ansible/mkwgconf-p2p.sh b/partie2/ansible/mkwgconf-p2p.sh new file mode 100644 index 0000000..d374f3c --- /dev/null +++ b/partie2/ansible/mkwgconf-p2p.sh @@ -0,0 +1,91 @@ +รจ-#!/bin/bash +set -u +set -e + +AddressAwg=10.0.0.1/32 # Adresse VPN Wireguard extremite A +EndpointA=172.16.0.101 # Adresse extremite A +PortA=51820 # Port ecoute extremite A +AddressBwg=10.0.0.2/32 # Adresse VPN Wireguard extremite B +EndpointB=172.16.0.102 # Adresse extremite B +PortB=51820 # Port ecoute extremite B +AddressCwg=10.0.0.3/32 # Adresse VPN Wireguard extremite C +EndpointC=172.0.0.103 # Adresse extremite C +PortC=51820 # Port ecoute extremite C + +umask 077 ; +wg genkey > endpoint-a.key +wg pubkey < endpoint-a.key > endpoint-a.pub + +wg genkey > endpoint-b.key +wg pubkey < endpoint-b.key > endpoint-b.pub + +wg genkey > endpoint-c.key +wg pubkey < endpoint-c.key > endpoint-c.pub + +PKA=$(cat endpoint-a.key) +pKA=$(cat endpoint-a.pub) +PKB=$(cat endpoint-b.key) +pKB=$(cat endpoint-b.pub) +PKC=$(cat endpoint-c.key) +pKC=$(cat endpoint-c.pub) + +cat < wg0-a.conf +# local settings for Endpoint A +[Interface] +PrivateKey = $PKA +Address = $AddressAwg +ListenPort = $PortA + +# remote settings for Endpoint B +[Peer] +PublicKey = $pKB +Endpoint = ${EndpointB}:$PortB +AllowedIPs = $AddressBwg + +# remote settings for Endpoint C +[Peer] +PublicKey = $pKC +Endpoint = ${EndpointC}:$PortC +AllowedIPs = $AddressCwg +FINI + + +cat < wg0-b.conf +# local settings for Endpoint B +[Interface] +PrivateKey = $PKB +Address = $AddressBwg +ListenPort = $PortB + +# remote settings for Endpoint A +[Peer] +PublicKey = $pKA +Endpoint = ${EndpointA}:$PortA +AllowedIPs = $AddressAwg + +# remote settings for Endpoint C +[Peer] +PublicKey = $pKC +Endpoint = ${EndpointC}:$PortC +AllowedIPs = $AddressCwg +FINI + +cat < wg0-c.conf +# local settings for Endpoint C +[Interface] +PrivateKey = $PKC +Address = $AddressBwg +ListenPort = $PortB + +# remote settings for Endpoint A +[Peer] +PublicKey = $pKA +Endpoint = ${EndpointA}:$PortA +AllowedIPs = $AddressAwg + +# remote settings for Endpoint B +[Peer] +PublicKey = $pKB +Endpoint = ${EndpointB}:$PortB +AllowedIPs = $AddressBwg +FINI diff --git a/partie2/ansible/wg.yml b/partie2/ansible/wg.yml new file mode 100644 index 0000000..0b89f98 --- /dev/null +++ b/partie2/ansible/wg.yml @@ -0,0 +1,60 @@ +--- +- name: WireGuard pour apx31-prod et apx31-test + hosts: + - ap31-test + - ap31-prod + become: true + + tasks: + + - name: Installer WireGuard + apt: + name: + - wireguard + - wireguard-tools + state: present + update_cache: true + + - name: Copier le script mkwgconf-p2p.sh dans /tmp + ansible.builtin.copy: + src: mkwgconf-p2p.sh + dest: /tmp/mkwgconf-p2p.sh + mode: '0755' + + - name: Executer le script mkwgconf + ansible.builtin.shell: + cmd: cd /tmp && /tmp/mkwgconf-p2p.sh + when: inventory_hostname == "ap31-test" + + - name: Recupere wg0-a.conf + ansible.builtin.fetch: + src: /tmp/wg0-a.conf + dest: /tmp/ + # mode: '0600' + flat: yes + when: inventory_hostname == "ap31-test" + + - name: Recupere wg0-b.conf + ansible.builtin.fetch: + src: /tmp/wg0-b.conf + dest: /tmp/ + # mode: '0600' + flat: yes + when: inventory_hostname == "ap31-test" + + - name: Renvoi wg0-a.conf + ansible.builtin.copy: + src: /tmp/wg0-a.conf + dest: /etc/wireguard/wg0.conf + # mode: '0600' + when: inventory_hostname == "ap31-test" + + - name: Renvoi wg0-b.conf + ansible.builtin.copy: + src: /tmp/wg0-b.conf + dest: /etc/wireguard/wg0.conf + #mode: '0600' + when: inventory_hostname == "ap31-prod" + + +