From 2f4941c25e11d12b38d7757803e63116839bc935 Mon Sep 17 00:00:00 2001
From: uap33-2025-r <rahaingo05@gmail.com>
Date: Thu, 14 Nov 2024 15:39:47 +0000
Subject: [PATCH] ajout des playbooks wireguard

---
 ansible/.wg.yml.swp | Bin 12288 -> 0 bytes
 ansible/hosts       |  10 ++++++
 ansible/mkwgconf.sh |   8 ++---
 ansible/wg.yml      |  79 +++++++++++++++++++++++++++++++++-----------
 4 files changed, 74 insertions(+), 23 deletions(-)
 delete mode 100644 ansible/.wg.yml.swp

diff --git a/ansible/.wg.yml.swp b/ansible/.wg.yml.swp
deleted file mode 100644
index 35c62d83311eb4cca093df242e7870769bd0dc50..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 12288
zcmeI%J&O}T7zgkt2bQOzg^j{<XFYkjAbMNbDje9v>x9W>vKel(8~2$Q(r9_$x3IFa
z6Kw4cKZTvGosEe9eGA^5oN$G3@C^JjnVt7vND(sbKYwz-``tdF+$7pLd5}DPzeOLe
z5l!6K+pO%kxY)&TXly1Ik0N?qFW8fbm%V*6>|u@{r>?h3y6buRuj$&a0xED>fn}JQ
zN86*}-k|!b-{0Ng+qXuST}|hyfC{L93aEezsDKKnfC^kefw1V%8=QNqIs2Wa?wqNc
zrdBGT0xF;aDxd-?paLqO0xF;aDxd;aP{2-z-fk29LdyUD+u#2`ZxDS)z9C<b&&WsQ
z9de8m$V=n}GD14YkLyHVkrU(-BFG`~40((^M9O{cp}vb~Q2`ZD0ToaI6;J^cPyrQC
z0TuXP0?dXpJ9iPs`NBJ%`grDD!K-9oEW1#>8S^Vw2&YasPQA;5Ffj)!M-q|YSuQ~$
zj5O#)M_H(Rk(o==h{slDJU?0`ah^@PGDBaxY2q?h*x>U_Hd~jYe6p+`^U4=4S=wTP
z_4{VfEqigUxY~eun%WTY+DX%%I6?dLW;h8;5ubmIE3YF=Y)?}Yq-PY`Eo+Lpwegr+
zcx8Z@TM2N3SdH)(oq7m0CzW6W*cXKph&B()vuti`LY}AX#ZL7!qpJ_DdT$ru&x`mB
StEafgVXKEx=TAh&82Syk?8_1W

diff --git a/ansible/hosts b/ansible/hosts
index 99bae8b..fd1298f 100644
--- a/ansible/hosts
+++ b/ansible/hosts
@@ -1,2 +1,12 @@
 [pt]
 ap33-pt
+
+[wg]
+ap33-mon
+ap33-prod
+
+[wg_master]
+ap33-mon
+
+[wg_cli]
+ap33-prod
diff --git a/ansible/mkwgconf.sh b/ansible/mkwgconf.sh
index 9dcb877..db23337 100644
--- a/ansible/mkwgconf.sh
+++ b/ansible/mkwgconf.sh
@@ -2,10 +2,10 @@
 set -u
 set -e
 
-AddressAwg=172.16.0.1/24  # Adresse VPN Wireguard extremite A
+AddressAwg=10.0.0.1/24  # Adresse VPN Wireguard extremite A
 EndpointA=172.16.0.122  # Adresse extremite A
 PortA=51820             # Port ecoute extremite A
-AddressBwg=172.16.0.2/24  # Adresse VPN Wireguard extremite B
+AddressBwg=10.0.0.2/24  # Adresse VPN Wireguard extremite B
 EndpointB=172.16.0.121  # Adresse extremite B
 PortB=51820             # Port ecoute extremite B
 
@@ -21,7 +21,7 @@ pKA=$(cat endpoint-a.pub)
 PKB=$(cat endpoint-b.key)
 pKB=$(cat endpoint-b.pub)
 
-cat <<FINI > wg1-a.conf
+cat <<FINI > wg0-1.conf
 # local settings for Endpoint A
 [Interface]
 PrivateKey = $PKA
@@ -35,7 +35,7 @@ Endpoint = ${EndpointB}:$PortB
 AllowedIPs = $AddressBwg
 FINI
 
-cat <<FINI > wg1-b.conf
+cat <<FINI > wg0-2.conf
 # local settings for Endpoint B
 [Interface]
 PrivateKey = $PKB
diff --git a/ansible/wg.yml b/ansible/wg.yml
index 326b2df..8fb6120 100644
--- a/ansible/wg.yml
+++ b/ansible/wg.yml
@@ -1,24 +1,65 @@
 ---
 - hosts: wg
+  become: yes
   tasks:
-  - name: installe Wireguard
-    apt:
-      name:
-        - wireguard
-        - wireguard-tools
-      state: present
+    - name: arrete unattended-upgrades
+      service:
+        name: unattended-upgrades
+        state: stopped
 
-- hosts: wg-master
-  tasks:
-  - name: copie le fichier wg1-a.conf et wg1-b.conf vers les machines master et cli
-    copy:
-      src: mkwgconf.sh
-      dest: mkwgconf.sh
-      flat: yes
-  - name: generations fichier configuration wireguard wg0-1.conf etc
-    shell: bash mkwgconf.sh
-      
-- hosts: wg-cli
-  tasks:
-  - name: copie fichier 
+    - name: installe Wireguard
+      apt:
+        name:
+          - wireguard
+          - wireguard-tools
+        state: present
 
+- hosts: wg_master
+  tasks:
+    - name: copie le fichier wg0-1.conf et wg0-2.conf vers les machines master et cli
+      copy:
+        src: mkwgconf.sh
+        dest: mkwgconf.sh
+
+    - name: generations fichier configuration wireguard wg0-1.conf etc
+      shell: bash mkwgconf.sh
+
+    - name: récupération du fichier wg0-1.conf vers ap33-ans
+      fetch:
+        src: wg0-1.conf
+        dest: wg0-1.conf
+        flat: yes
+
+    - name: récupération du fichier wg0-2.conf vers ap33-ans
+      fetch:
+        src: wg0-2.conf
+        dest: wg0-2.conf
+        flat: yes
+
+- hosts: wg
+  become: yes
+  tasks:
+    - name: copie fichier  wg0-1 vers les clients
+      copy:
+        src: wg0-1.conf
+        dest: /etc/wireguard/wg0.conf
+      when: ansible_hostname == "ap33-mon"
+
+    - name: copie fichier  wg0-2 vers les clients
+      copy:
+        src: wg0-2.conf
+        dest: /etc/wireguard/wg0.conf
+      when: ansible_hostname == "ap33-prod"
+
+- hosts: wg
+  become: yes
+  tasks:
+    - name: Activation de wireguard
+      service:
+        name: wg-quick@wg0.service
+        enabled: yes
+
+    - name: Redémarre le wireguard
+      service:
+        name: wg-quick@wg0.service
+        state: restarted