diff --git a/ansible/wireguard/hosts b/ansible/wireguard/hosts new file mode 100644 index 0000000..99ee1fd --- /dev/null +++ b/ansible/wireguard/hosts @@ -0,0 +1,12 @@ +[wg] +ap32-mon +ap32-test +#ap32-prod + +[wg-cli] +ap32-test +#ap32-prod + +[wg-master] +ap32-mon + diff --git a/ansible/wireguard/mkwgconf-p2p.sh b/ansible/wireguard/mkwgconf-p2p.sh new file mode 100644 index 0000000..5da0380 --- /dev/null +++ b/ansible/wireguard/mkwgconf-p2p.sh @@ -0,0 +1,51 @@ +#!/bin/bash +set -u +set -e + +AddressAwg=10.0.0.1/32 # Adresse VPN Wireguard extremite A +EndpointA=172.16.0.112 # Adresse extremite A +PortA=51820 # Port ecoute extremite A +AddressBwg=10.0.0.2/32 # Adresse VPN Wireguard extremite B +EndpointB=172.16.0.111 # Adresse extremite B +PortB=51820 # Port ecoute extremite B + +umask 077 ; +wg genkey > endpoint-a.key +wg pubkey < endpoint-a.key > endpoint-a.pub + +wg genkey > endpoint-b.key +wg pubkey < endpoint-b.key > endpoint-b.pub + +PKA=$(cat endpoint-a.key) +pKA=$(cat endpoint-a.pub) +PKB=$(cat endpoint-b.key) +pKB=$(cat endpoint-b.pub) + +cat < wg0-1.conf +# local settings for Endpoint A +[Interface] +PrivateKey = $PKA +Address = $AddressAwg +ListenPort = $PortA + +# remote settings for Endpoint B +[Peer] +PublicKey = $pKB +Endpoint = ${EndpointB}:$PortB +AllowedIPs = $AddressBwg +FINI + + +cat < wg0-2.conf +# local settings for Endpoint B +[Interface] +PrivateKey = $PKB +Address = $AddressBwg +ListenPort = $PortB + +# remote settings for Endpoint A +[Peer] +PublicKey = $pKA +Endpoint = ${EndpointA}:$PortA +AllowedIPs = $AddressAwg +FINI diff --git a/ansible/wireguard/wg.yml b/ansible/wireguard/wg.yml new file mode 100644 index 0000000..e866271 --- /dev/null +++ b/ansible/wireguard/wg.yml @@ -0,0 +1,65 @@ +--- +- hosts: wg + become: true + + tasks: + - name: Installation paquets + apt: + name: "{{ item }}" + with_items: + - wireguard + - wireguard-tools + + +- hosts: wg-master + become: true + + tasks: + - name: Copie du script mkwgconf-p2p.sh sur ap32-mon + copy: + src: mkwgconf-p2p.sh + dest: mkwgconf-p2p.sh + + - name: Generation des fichiers de conf + shell: bash mkwgconf-p2p.sh + + - name: Recuperation du fichier de conf 1 + ansible.builtin.fetch: + src: wg0-1.conf + dest: wg0-1.conf + flat: yes + + - name: Recuperation du fichier de conf 2 + ansible.builtin.fetch: + src: wg0-2.conf + dest: wg0-2.conf + flat: yes + + +- hosts: wg + become: true + + tasks: + - name: Copie du fichier de conf sur serveur + copy: + src: wg0-1.conf + dest: /etc/wireguard/wg0.conf + when: ansible_hostname == "ap32-mon" + + + - name: Copie du fichier de conf sur le client + copy: + src: wg0-2.conf + dest: /etc/wireguard/wg0.conf + when: ansible_hostname == "ap32-test" + + + - name: Activation du service wireguard au demarrage + ansible.builtin.service: + name: wg-quick@wg0.service + enabled: true + + - name: Restart du service wireguard + ansible.builtin.service: + name: wg-quick@wg0.service + state: restarted