Add wireguard server config
This commit is contained in:
parent
730246e67f
commit
23a472f764
GPG key ID:
57AFB45680EDD477
7 changed files with 62 additions and 9 deletions
|
|
@ -40,7 +40,7 @@ defaults
|
||||||
listen https
|
listen https
|
||||||
bind *:443
|
bind *:443
|
||||||
mode tcp
|
mode tcp
|
||||||
server default {{ upstream }}:443 check send-proxy
|
server default {{ wireguard.intersect_ip }}:443 check send-proxy
|
||||||
|
|
||||||
listen http
|
listen http
|
||||||
bind *:80
|
bind *:80
|
||||||
|
|
@ -48,15 +48,15 @@ listen http
|
||||||
stats show-node
|
stats show-node
|
||||||
stats uri /haproxy
|
stats uri /haproxy
|
||||||
stats auth stats:{{ haproxy_stats_pass }}
|
stats auth stats:{{ haproxy_stats_pass }}
|
||||||
server default {{ upstream }}:80 check
|
server default {{ wireguard.intersect_ip }}:80 check
|
||||||
|
|
||||||
|
|
||||||
listen matrix
|
listen matrix
|
||||||
bind *:8448
|
bind *:8448
|
||||||
mode tcp
|
mode tcp
|
||||||
server default {{ upstream }}:8448 check
|
server default {{ wireguard.intersect_ip }}:8448 check
|
||||||
|
|
||||||
listen gitea
|
listen gitea
|
||||||
bind *:3022
|
bind *:3022
|
||||||
mode tcp
|
mode tcp
|
||||||
server default {{ upstream }}:3022 check
|
server default {{ wireguard.intersect_ip }}:3022 check
|
||||||
|
|
|
||||||
9
ansible/roles/gateway/files/wireguard.conf
Normal file
9
ansible/roles/gateway/files/wireguard.conf
Normal file
|
|
@ -0,0 +1,9 @@
|
||||||
|
[Interface]
|
||||||
|
Address = {{ wireguard.server_ip }}
|
||||||
|
PrivateKey = {{ wireguard.server_private_key }}
|
||||||
|
ListenPort = {{ wireguard.server_port }}
|
||||||
|
|
||||||
|
[Peer]
|
||||||
|
# intersect
|
||||||
|
PublicKey = {{ wireguard.intersect_public_key }}
|
||||||
|
AllowedIPs = {{ wireguard.intersect_ip }}/32
|
||||||
|
|
@ -6,11 +6,7 @@
|
||||||
|
|
||||||
- name: Import vault
|
- name: Import vault
|
||||||
include_vars:
|
include_vars:
|
||||||
file: vault.yml
|
file: vars/gateway.yml
|
||||||
|
|
||||||
- name: Define context
|
|
||||||
set_fact:
|
|
||||||
upstream: 10.23.0.2
|
|
||||||
|
|
||||||
- name: Haproxy config
|
- name: Haproxy config
|
||||||
template:
|
template:
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,7 @@
|
||||||
|
- name: Import wireguard variables
|
||||||
|
include_vars:
|
||||||
|
file: vars/wireguard.yml
|
||||||
|
|
||||||
- name: Configure HAproxy
|
- name: Configure HAproxy
|
||||||
include: haproxy.yml
|
include: haproxy.yml
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -29,3 +29,21 @@
|
||||||
- wireguard-tools
|
- wireguard-tools
|
||||||
become: true
|
become: true
|
||||||
become_user: root
|
become_user: root
|
||||||
|
|
||||||
|
- name: Wireguard server config
|
||||||
|
template:
|
||||||
|
src: files/wireguard.conf
|
||||||
|
dest: /etc/wireguard/wg0.conf
|
||||||
|
backup: yes
|
||||||
|
become: true
|
||||||
|
become_user: root
|
||||||
|
register: wireguard_conf
|
||||||
|
|
||||||
|
- name: Enable wireguard
|
||||||
|
service:
|
||||||
|
name: wg-quick@wg0
|
||||||
|
state: reloaded
|
||||||
|
enabled: true
|
||||||
|
when: wireguard_conf.changed
|
||||||
|
become: true
|
||||||
|
become_user: root
|
||||||
|
|
|
||||||
26
ansible/vars/wireguard.yml
Normal file
26
ansible/vars/wireguard.yml
Normal file
|
|
@ -0,0 +1,26 @@
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
32306163623065373337346431363262336565326231316162383363346337616538616536383235
|
||||||
|
3735316334343437373065386533366332303139353466340a633639643233356136383431653065
|
||||||
|
37636637373562323561303235333733663164663037643632653562383461646561616238666331
|
||||||
|
6433393062313035340a353535393737646538633563633639393061653634386231373663663461
|
||||||
|
31323334363733393938616161666139356564626534613839626332653961363163346265333937
|
||||||
|
63646133616430353264303636663034366630323861303666313234363134343462343235623734
|
||||||
|
34306233663263383237626237363731343565303235303932353038353937303234386630383838
|
||||||
|
65633266353539656533396133646664316561313732656131303561336339343835643638643035
|
||||||
|
37663338363438353638663936353232623332623366356635313962303964633266613130386233
|
||||||
|
62323764386535653637626637303562316234333239393435633234373437653232326361653638
|
||||||
|
35613766656437306566343866663236333536323532646635613833383863336564613933666635
|
||||||
|
30343036626637333330663030386135636538663361623134366336653762363965653234346561
|
||||||
|
66633530326366313138376137306432376531333230383839376131366433636461393264353363
|
||||||
|
38336231396237316262326132373032303938623762366465323139656438333466343230353137
|
||||||
|
38656137383361316532353137663736303736323935323830376437313462623632303331363739
|
||||||
|
61343037323663633830633638313032643165306365636630386237646266346139333664663437
|
||||||
|
38323030363437386638363431623863346361636364396636383934663739303635316136323937
|
||||||
|
30663034613665663236303936396164343430336536363538396234623663613837643737333733
|
||||||
|
31393665626361343032303865376566633333333939373866323762663432623366313263613937
|
||||||
|
31313139663131623366333532636137383563306233343139616562343163323337643362363237
|
||||||
|
31623039363863613732633861323038366632643439376632386139653030643066643566646436
|
||||||
|
65316430343561613332323665366332316332386563323963313638363266356237363461373762
|
||||||
|
61656431666631633235633636393761653061356264333734643936306532333238356264306536
|
||||||
|
64386230343065346330333061396639343937306530353831643365373038393361633334346633
|
||||||
|
3964
|
||||||
Loading…
Reference in a new issue