First release

2020-08-03 23:24:28 +02:00 · 2020-08-03 23:24:28 +02:00 · c71ca190ab
commit c71ca190ab
parent ee0c4f54b2
11 changed files with 154 additions and 1 deletions
--- a/templates/etc/firewalld/services/wireguard.xml
+++ b/templates/etc/firewalld/services/wireguard.xml
@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8"?>
+<service>
+  <short>WireGuard</short>
+  <description>WireGuard is a virtual private network (VPN) solution. It is used to create encrypted point-to-point tunnels between computers. If you plan to provide a VPN service, enable this option.</description>
+  <port protocol="udp" port="{{ wireguard_port }}"/>
+</service>
--- a/templates/etc/wireguard.conf.j2
+++ b/templates/etc/wireguard.conf.j2
@ -0,0 +1,14 @@
+[Interface]
+PrivateKey = {{ wireguard_private_key }}
+#Address = 10.0.0.1/24
+DNS = {{ vpn_network }}.1
+SaveConfig = true
+ListenPort = {{ wireguard_port }}
+PostUp     = firewall-cmd --add-port {{ wireguard_port }}/udp && firewall-cmd --add-masquerade
+PostDown   = firewall-cmd --remove-port {{ wireguard_port }}/udp && firewall-cmd --remove-masquerade
+
+[Peer]
+PublicKey = {{ public_key_files.results[0].stdout }}
+AllowedIPs = 0.0.0.0/0,::/0
+Endpoint = {{ ansible_default_ipv4.address }}:{{ vpn_port }}
+PersistentKeepalive = 20