From bf612b6ac2c5eaff872e0550e8ee07b809ac1022 Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Tue, 3 Nov 2020 21:43:16 -0600 Subject: [PATCH] re-org playbook files --- ansible/playbook.yml | 4 +--- ansible/sample_conf/wg-client.conf | 21 --------------------- ansible/sample_conf/wg-server.conf | 21 --------------------- 3 files changed, 1 insertion(+), 45 deletions(-) delete mode 100644 ansible/sample_conf/wg-client.conf delete mode 100644 ansible/sample_conf/wg-server.conf diff --git a/ansible/playbook.yml b/ansible/playbook.yml index 2e5e838d3..3fa095a50 100644 --- a/ansible/playbook.yml +++ b/ansible/playbook.yml @@ -22,9 +22,6 @@ hosts: all become: yes tasks: - - name: copy files - shell: | - cp /vagrant/ansible/sample_conf/wg-server.conf /etc/wireguard/wg0.conf - name: ensure ipv4 forward lineinfile: path: /etc/sysctl.conf @@ -42,3 +39,4 @@ - name: Install FireGuard deb shell: | wget https://github.com/CloudFire-LLC/fireguard/releases/download/0.1.0/fireguard_0.1.0-1_amd64.deb + dpkg -i fireguard_0.1.0-1_amd64.deb diff --git a/ansible/sample_conf/wg-client.conf b/ansible/sample_conf/wg-client.conf deleted file mode 100644 index 4e0eb1d3a..000000000 --- a/ansible/sample_conf/wg-client.conf +++ /dev/null @@ -1,21 +0,0 @@ -# CLIENT, place this in the client's config -[Interface] -# Generate with "wg genkey" -PrivateKey = UBwwUjHGJzFM6dt4d20ADvTNHlIcZgFfiBgSxtTpmnI= - -# Same network as server above -Address = 192.168.10.2/32 - -# Set this to a reachable DNS server through the tunnel -# Important: Set this properly to avoid leaking -DNS = 1.1.1.1 - -[Peer] -# Server's public key -PublicKey = MW7uvigH6bTAZf6UuuJ5wttYGU4R04RP5K/sLCJN2F8= - -# The IPs you want to route through the tunnel -AllowedIPs = 0.0.0.0/0, ::/0 - -# IP address and port of the server -Endpoint = 172.16.1.2:51820 diff --git a/ansible/sample_conf/wg-server.conf b/ansible/sample_conf/wg-server.conf deleted file mode 100644 index b5ce2716b..000000000 --- a/ansible/sample_conf/wg-server.conf +++ /dev/null @@ -1,21 +0,0 @@ -# SERVER -- place this in /etc/wireguard/wg0.conf or similar -[Interface] -# Generate with "wg genkey" -PrivateKey = 8N/cWwL0awtz/fhjexGKFXMvweAdQohTG6rWCJfh9Ek= - -# This should be an unused address / network -Address = 192.168.10.1/24 - -# UDP port to listen on -ListenPort = 51820 - -# These are for NAT'ing the traffic in and out of the server properly -PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE -PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE - -[Peer] -# PubKey of client you want to allow to connect -PublicKey = oflqThjCEPOP/mpkfn+T+hLpKmMdmcMF2PkJmD9ILxk= - -# Private IP the client has configured (same network as the Address above) -AllowedIPs = 192.168.10.2/32