diff --git a/ansible/hosts b/ansible/hosts index fd1298f..aff0ea3 100644 --- a/ansible/hosts +++ b/ansible/hosts @@ -1,12 +1,3 @@ [pt] ap33-pt -[wg] -ap33-mon -ap33-prod - -[wg_master] -ap33-mon - -[wg_cli] -ap33-prod diff --git a/ansible/wireguard/hosts b/ansible/wireguard/hosts new file mode 100644 index 0000000..7221469 --- /dev/null +++ b/ansible/wireguard/hosts @@ -0,0 +1,11 @@ +[wg] +ap33-prod +ap33-test +ap33-mon + +[wg_master] +ap33-mon + +[wg_cli] +ap33-test +ap33-prod diff --git a/ansible/mkwgconf.sh b/ansible/wireguard/mkwgconf.sh similarity index 60% rename from ansible/mkwgconf.sh rename to ansible/wireguard/mkwgconf.sh index db23337..ac7f054 100644 --- a/ansible/mkwgconf.sh +++ b/ansible/wireguard/mkwgconf.sh @@ -6,8 +6,11 @@ AddressAwg=10.0.0.1/24 # Adresse VPN Wireguard extremite A EndpointA=172.16.0.122 # Adresse extremite A PortA=51820 # Port ecoute extremite A AddressBwg=10.0.0.2/24 # Adresse VPN Wireguard extremite B -EndpointB=172.16.0.121 # Adresse extremite B +EndpointB=172.16.0.120 # Adresse extremite B PortB=51820 # Port ecoute extremite B +AddressCwg=10.0.0.3/24 # Adresse VPN Wireguard extremite C +EndpointC=172.16.0.121 # Adresse extremite C +PortC=51820 # Port ecoute extremite C umask 077 ; wg genkey > endpoint-a.key @@ -16,10 +19,15 @@ wg pubkey < endpoint-a.key > endpoint-a.pub wg genkey > endpoint-b.key wg pubkey < endpoint-b.key > endpoint-b.pub +wg genkey > endpoint-c.key +wg pubkey < endpoint-c.key > endpoint-c.pub + PKA=$(cat endpoint-a.key) pKA=$(cat endpoint-a.pub) PKB=$(cat endpoint-b.key) pKB=$(cat endpoint-b.pub) +PKC=$(cat endpoint-c.key) +pKC=$(cat endpoint-c.pub) cat < wg0-1.conf # local settings for Endpoint A @@ -33,6 +41,12 @@ ListenPort = $PortA PublicKey = $pKB Endpoint = ${EndpointB}:$PortB AllowedIPs = $AddressBwg + +# remote settings for Endpoint C +[Peer] +PublicKey = $pKC +Endpoint = ${EndpointC}:$PortC +AllowedIPs = $AddressCwg FINI cat < wg0-2.conf @@ -48,3 +62,17 @@ PublicKey = $pKA Endpoint = ${EndpointA}:$PortA AllowedIPs = $AddressAwg FINI + +cat < wg0-3.conf +#local settings for Endpoint C +[Interface] +PrivateKey = $PKC +Address = $AddressCwg +ListenPort = $PortC + +# remote settings for Endpoint A +[Peer] +PublicKey = $pKA +Endpoint = ${EndpointA}:$PortA +AllowedIPs = $AddressAwg +FINI diff --git a/ansible/wg.yml b/ansible/wireguard/wg.yml similarity index 76% rename from ansible/wg.yml rename to ansible/wireguard/wg.yml index 8fb6120..6455fde 100644 --- a/ansible/wg.yml +++ b/ansible/wireguard/wg.yml @@ -16,7 +16,7 @@ - hosts: wg_master tasks: - - name: copie le fichier wg0-1.conf et wg0-2.conf vers les machines master et cli + - name: copie le fichier wg0-1.conf, wg0-2.conf et wg0-3.conf vers les machines master et cli copy: src: mkwgconf.sh dest: mkwgconf.sh @@ -36,6 +36,12 @@ dest: wg0-2.conf flat: yes + - name: récupération du fichier wg0-3.conf vers ap33-ans + fetch: + src: wg0-3.conf + dest: wg0-3.conf + flat: yes + - hosts: wg become: yes tasks: @@ -51,6 +57,12 @@ dest: /etc/wireguard/wg0.conf when: ansible_hostname == "ap33-prod" + - name: copie fichier wg0-3.conf vers les clients + copy: + src: wg0-3.conf + dest: /etc/wireguard/wg0.conf + when: ansible_hostname == "ap33-test" + - hosts: wg become: yes tasks: diff --git a/ansible/wireguard/wg0-1.conf b/ansible/wireguard/wg0-1.conf new file mode 100644 index 0000000..40a0fdc --- /dev/null +++ b/ansible/wireguard/wg0-1.conf @@ -0,0 +1,17 @@ +# local settings for Endpoint A +[Interface] +PrivateKey = CNafmAzvjGGAFA5RsDCHtypTh9RGnAxpkxZCt9cBkXo= +Address = 10.0.0.1/24 +ListenPort = 51820 + +# remote settings for Endpoint B +[Peer] +PublicKey = UMlB4+d/SYufqAGbuHDvGvkOhGKEihIgR+rhFzk3Aj0= +Endpoint = 172.16.0.120:51820 +AllowedIPs = 10.0.0.2/24 + +# remote settings for Endpoint C +[Peer] +PublicKey = EWOjtZLwhNLDokDWJCONaBtqpGbr+x5tzNFeUI0hHEE= +Endpoint = 172.16.0.121:51820 +AllowedIPs = 10.0.0.3/24 diff --git a/ansible/wireguard/wg0-2.conf b/ansible/wireguard/wg0-2.conf new file mode 100644 index 0000000..03f3822 --- /dev/null +++ b/ansible/wireguard/wg0-2.conf @@ -0,0 +1,11 @@ +# local settings for Endpoint B +[Interface] +PrivateKey = SLBteS7RJPIZ0TlZ5b9D6xtHF/5VzuQGmqnzW0Kkb0g= +Address = 10.0.0.2/24 +ListenPort = 51820 + +# remote settings for Endpoint A +[Peer] +PublicKey = Fqd4WMaBpI7DAK6p2BaNhaE9VYzMRmfLxaO9uOmWTys= +Endpoint = 172.16.0.122:51820 +AllowedIPs = 10.0.0.1/24 diff --git a/ansible/wireguard/wg0-3.conf b/ansible/wireguard/wg0-3.conf new file mode 100644 index 0000000..381751b --- /dev/null +++ b/ansible/wireguard/wg0-3.conf @@ -0,0 +1,11 @@ +#local settings for Endpoint C +[Interface] +PrivateKey = wBu8AaHa061bI+6Eb+FmghV3iGKdp0a2Kq6At8UNzHo= +Address = 10.0.0.3/24 +ListenPort = 51820 + +# remote settings for Endpoint A +[Peer] +PublicKey = Fqd4WMaBpI7DAK6p2BaNhaE9VYzMRmfLxaO9uOmWTys= +Endpoint = 172.16.0.122:51820 +AllowedIPs = 10.0.0.1/24