WireGuard

Tests Goss
2022-02-09 14:55:41 +01:00 · 2022-02-08 09:06:20 +01:00
19 changed files with 164 additions and 0 deletions
--- a/AP4/onfarbo41/ansible/hosts
+++ b/AP4/onfarbo41/ansible/hosts
--- a/AP4/onfarbo41/ansible/playbook.yml
+++ b/AP4/onfarbo41/ansible/playbook.yml
--- a/AP4/onfarbo41/ansible/roles/onfarbo/README.md
+++ b/AP4/onfarbo41/ansible/roles/onfarbo/README.md
--- a/AP4/onfarbo41/ansible/roles/onfarbo/files/dokuwiki.sh
+++ b/AP4/onfarbo41/ansible/roles/onfarbo/files/dokuwiki.sh
--- a/AP4/onfarbo41/ansible/roles/onfarbo/handlers/main.yml
+++ b/AP4/onfarbo41/ansible/roles/onfarbo/handlers/main.yml
--- a/AP4/onfarbo41/ansible/roles/onfarbo/tasks/main.yml
+++ b/AP4/onfarbo41/ansible/roles/onfarbo/tasks/main.yml
--- a/AP4/onfarbo41/ansible/roles/onfarbo/vars/main.yml
+++ b/AP4/onfarbo41/ansible/roles/onfarbo/vars/main.yml
--- a/AP4/onfarbo41/gosstest/goss.yaml
+++ b/AP4/onfarbo41/gosstest/goss.yaml
@@ -0,0 +1,36 @@
+#Ici, on test MariaDB
+port:
+  tcp:3306:
+    listening: true
+    ip:
+    - 127.0.0.1
+
+#Ici, on test ssh
+service:
+  ssh:
+    enabled: true
+    running: true
+group:
+  ssh:
+    exists: true
+    gid: 111
+
+#Ici, on test le serveur web
+http:
+  http://10.121.38.206:
+    status: 200
+    allow-insecure: false
+    no-follow-redirects: false
+    timeout: 5000
+    body:
+    - works
+
+#Ici, on test dokuwiki
+http:
+  http://10.121.38.206/doku/:
+    status: 200
+    allow-insecure: false
+    no-follow-redirects: false
+    timeout: 5000
+    body:
+    - Trace
--- a/AP4/onfarbo41/wireguard/wireguard-script/endpoint-a.key
+++ b/AP4/onfarbo41/wireguard/wireguard-script/endpoint-a.key
@@ -0,0 +1 @@
+qKycHr1Ukwzlkw9fI0H4gKbAHpdmwa3HDkWX7rso9Vw=
--- a/AP4/onfarbo41/wireguard/wireguard-script/endpoint-a.pub
+++ b/AP4/onfarbo41/wireguard/wireguard-script/endpoint-a.pub
@@ -0,0 +1 @@
+qxFRWqsOToqCiV3xlCNFh33mDCm0Mb1U/yDukcfcA2o=
--- a/AP4/onfarbo41/wireguard/wireguard-script/endpoint-b.key
+++ b/AP4/onfarbo41/wireguard/wireguard-script/endpoint-b.key
@@ -0,0 +1 @@
+KClI53wv5L7AZ9ZOQPNzPqIuQVyfda0VpzLsykuXdXg=
--- a/AP4/onfarbo41/wireguard/wireguard-script/endpoint-b.pub
+++ b/AP4/onfarbo41/wireguard/wireguard-script/endpoint-b.pub
@@ -0,0 +1 @@
+GoHn0zP27+IFPcApQl/Je7EZg2gCrpvr1+Vt6H35AA0=
--- a/AP4/onfarbo41/wireguard/wireguard-script/endpoint-c.key
+++ b/AP4/onfarbo41/wireguard/wireguard-script/endpoint-c.key
@@ -0,0 +1 @@
+cD01vjVVw642INlyE+Rmbwf9/Y6Msz6pLTI1zCRjeWM=
--- a/AP4/onfarbo41/wireguard/wireguard-script/endpoint-c.pub
+++ b/AP4/onfarbo41/wireguard/wireguard-script/endpoint-c.pub
@@ -0,0 +1 @@
+e/GFlV6jH219ewqRpNKOKw2SVo/+4g9M5Cz7vZ35JAE=
--- a/AP4/onfarbo41/wireguard/wireguard-script/wg0-a.conf
+++ b/AP4/onfarbo41/wireguard/wireguard-script/wg0-a.conf
@@ -0,0 +1,15 @@
+# local settings for Endpoint A
+[Interface]
+PrivateKey = qKycHr1Ukwzlkw9fI0H4gKbAHpdmwa3HDkWX7rso9Vw=       #Clé privée du serveur vpn
+Address = 10.0.0.1/32   #Adresse du serveur vpn
+ListenPort = 51820
+
+# remote settings for Endpoint B
+[Peer]
+PublicKey = GoHn0zP27+IFPcApQl/Je7EZg2gCrpvr1+Vt6H35AA0=        #Clé publique du client
+AllowedIPs = 10.0.0.2/32 #Adresse vpn du client
+
+# remote settings for Endpoint C
+[Peer]
+PublicKey = e/GFlV6jH219ewqRpNKOKw2SVo/+4g9M5Cz7vZ35JAE=        #Clé publique du client
+AllowedIPs = 10.0.0.3/32 #Adresse vpn du client
--- a/AP4/onfarbo41/wireguard/wireguard-script/wg0-b.conf
+++ b/AP4/onfarbo41/wireguard/wireguard-script/wg0-b.conf
@@ -0,0 +1,11 @@
+# local settings for Endpoint B
+[Interface]
+PrivateKey = KClI53wv5L7AZ9ZOQPNzPqIuQVyfda0VpzLsykuXdXg=       #Clé privée du client
+Address = 10.0.0.2/32   #Adresse du client
+ListenPort = 51820
+
+# remote settings for Endpoint A
+[Peer]
+PublicKey = qxFRWqsOToqCiV3xlCNFh33mDCm0Mb1U/yDukcfcA2o=       #Clé publique du serveur vpn
+Endpoint = 10.121.38.66:51820 #Adresse en dhcp (pont) du serveur vpn avec le port qu'on utilise
+AllowedIPs = 10.0.0.1/32 #Adresse du serveur vpn
--- a/AP4/onfarbo41/wireguard/wireguard-script/wg0-c.conf
+++ b/AP4/onfarbo41/wireguard/wireguard-script/wg0-c.conf
@@ -0,0 +1,11 @@
+# local settings for Endpoint C
+[Interface]
+PrivateKey = cD01vjVVw642INlyE+Rmbwf9/Y6Msz6pLTI1zCRjeWM=       #Clé privée du client
+Address = 10.0.0.3/32   #Adresse du client
+ListenPort = 51820
+
+# remote settings for Endpoint A
+[Peer]
+PublicKey = qxFRWqsOToqCiV3xlCNFh33mDCm0Mb1U/yDukcfcA2o=       #Clé publique du serveur vpn
+Endpoint = 10.121.38.66:51820 #Adresse en dhcp (pont) du serveur vpn avec le port qu'on utilise
+AllowedIPs = 10.0.0.1/32 #Adresse du serveur vpn
--- a/AP4/onfarbo41/wireguard/wireguard-script/wireguard-init.sh
+++ b/AP4/onfarbo41/wireguard/wireguard-script/wireguard-init.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+bash wireguard.sh
+cp endpoint-a.* wg0-a.conf /etc/wireguard
+cd /etc/wireguard
+mv wg0-a.conf wg0.conf
+systemctl start wg-quick@wg0
+systemctl enable wg-quick@wg0
--- a/AP4/onfarbo41/wireguard/wireguard-script/wireguard.sh
+++ b/AP4/onfarbo41/wireguard/wireguard-script/wireguard.sh
@@ -0,0 +1,78 @@
+#!/bin/bash
+set -u
+set -e
+
+AddressAwg=10.0.0.1/32  # Adresse VPN Wireguard extremite A
+EndpointA=10.121.38.66 # Adresse extremite A
+PortA=51820             # Port ecoute extremite A
+AddressBwg=10.0.0.2/32  # Adresse VPN Wireguard extremite B
+EndpointB=192.168.2.14  # Adresse extremite B
+PortB=51820             # Port ecoute extremite B
+AddressCwg=10.0.0.3/32  # Adresse VPN Wireguard extremite C
+EndpointC=192.168.2.15  # Adresse extremite C
+PortC=51820             # Port ecoute extremite C
+
+umask 077 ;
+wg genkey > endpoint-a.key
+wg pubkey < endpoint-a.key > endpoint-a.pub
+
+wg genkey > endpoint-b.key
+wg pubkey < endpoint-b.key > endpoint-b.pub
+
+wg genkey > endpoint-c.key
+wg pubkey < endpoint-c.key > endpoint-c.pub
+
+PKA=$(cat endpoint-a.key)
+pKA=$(cat endpoint-a.pub)
+PKB=$(cat endpoint-b.key)
+pKB=$(cat endpoint-b.pub)
+PKC=$(cat endpoint-c.key)
+pKC=$(cat endpoint-c.pub)
+
+cat <<FINI > wg0-a.conf
+# local settings for Endpoint A
+[Interface]
+PrivateKey = $PKA       #Clé privée du serveur vpn
+Address = $AddressAwg   #Adresse du serveur vpn
+ListenPort = $PortA
+
+# remote settings for Endpoint B
+[Peer]
+PublicKey = $pKB        #Clé publique du client
+AllowedIPs = $AddressBwg #Adresse vpn du client
+
+# remote settings for Endpoint C
+[Peer]
+PublicKey = $pKC        #Clé publique du client
+AllowedIPs = $AddressCwg #Adresse vpn du client
+FINI
+
+
+cat <<FINI > wg0-b.conf
+# local settings for Endpoint B
+[Interface]
+PrivateKey = $PKB       #Clé privée du client
+Address = $AddressBwg   #Adresse du client
+ListenPort = $PortB
+
+# remote settings for Endpoint A
+[Peer]
+PublicKey = $pKA       #Clé publique du serveur vpn
+Endpoint = ${EndpointA}:$PortA #Adresse en dhcp (pont) du serveur vpn avec le port qu'on utilise
+AllowedIPs = $AddressAwg #Adresse du serveur vpn
+FINI
+
+
+cat <<FINI > wg0-c.conf
+# local settings for Endpoint C
+[Interface]
+PrivateKey = $PKC       #Clé privée du client
+Address = $AddressCwg   #Adresse du client
+ListenPort = $PortC
+
+# remote settings for Endpoint A
+[Peer]
+PublicKey = $pKA       #Clé publique du serveur vpn
+Endpoint = ${EndpointA}:$PortA #Adresse en dhcp (pont) du serveur vpn avec le port qu'on utilise
+AllowedIPs = $AddressAwg #Adresse du serveur vpn
+FINI
Author	SHA1	Message	Date
IDEZ Ugo	689aa9faa2	WireGuard	2022-02-09 14:55:41 +01:00
IDEZ Ugo	254b9810be	Tests Goss	2022-02-08 09:06:20 +01:00
				`@@ -0,0 +1 @@`
				`qKycHr1Ukwzlkw9fI0H4gKbAHpdmwa3HDkWX7rso9Vw=`
				`@@ -0,0 +1 @@`
				`qxFRWqsOToqCiV3xlCNFh33mDCm0Mb1U/yDukcfcA2o=`
				`@@ -0,0 +1 @@`
				`KClI53wv5L7AZ9ZOQPNzPqIuQVyfda0VpzLsykuXdXg=`
				`@@ -0,0 +1 @@`
				`GoHn0zP27+IFPcApQl/Je7EZg2gCrpvr1+Vt6H35AA0=`
				`@@ -0,0 +1 @@`
				`cD01vjVVw642INlyE+Rmbwf9/Y6Msz6pLTI1zCRjeWM=`
				`@@ -0,0 +1 @@`
				`e/GFlV6jH219ewqRpNKOKw2SVo/+4g9M5Cz7vZ35JAE=`