ingress

2026-05-26 17:21:03 +02:00
parent af81ce3df8
commit 34d8d82dbf
14 changed files with 309 additions and 38 deletions
@@ -0,0 +1,36 @@
+[Interface]
+PrivateKey = {{ wireguard_server_private_key }}
+Address = 10.10.1.1/24
+ListenPort = 41194
+PostUp   = sysctl -w net.ipv4.ip_forward=1
+
+PreUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 25 -j DNAT --to-destination 10.10.1.2:25
+PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 25 -j DNAT --to-destination 10.10.1.2:25
+
+PreUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 993 -j DNAT --to-destination 10.10.1.2:993
+PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 993 -j DNAT --to-destination 10.10.1.2:993
+
+PreUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 587 -j DNAT --to-destination 10.10.1.2:587
+PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 587 -j DNAT --to-destination 10.10.1.2:587
+
+PreUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 465 -j DNAT --to-destination 10.10.1.2:465
+PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 465 -j DNAT --to-destination 10.10.1.2:465
+
+PreUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 10.10.1.2:80
+PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 10.10.1.2:80
+
+PreUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to-destination 10.10.1.2:443
+PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to-destination 10.10.1.2:443
+
+PreUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8448 -j DNAT --to-destination 10.10.1.2:8448
+PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 8448 -j DNAT --to-destination 10.10.1.2:8448
+
+PreUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 4444 -j DNAT --to-destination 10.10.1.2:4444
+PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 4444 -j DNAT --to-destination 10.10.1.2:4444
+
+#PreUp = iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE
+#PostDown = iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE
+ 
+[Peer]
+PublicKey = oI69uWkbkwtpuIYxDNGmzg4nRjY1BIZFVFjZwguIvwE=
+AllowedIPs = 10.10.1.2/32
@@ -0,0 +1,31 @@
+- name: Wireguard-ingress
+  hosts: animeistrash
+  become: true
+  vars:
+    wireguard_server_private_key: !vault |
+              $ANSIBLE_VAULT;1.1;AES256
+              34313837363964633333373936636462666138386538653939663435376666626230393564366630
+              6637333264303638383938326132336130343833393466370a623633623163303762616333663135
+              61666433393939303938623735666439663361633638613466393361626439326465303966303266
+              3239666637326337650a636433616264386162326535306461326233323961643664373134363634
+              35633238393933386231373535353635646462383763613362363761363935363965383836366431
+              3766343166643632306162343761613030653631353361373936
+  tasks:
+    - name: Install wireguard
+      ansible.builtin.apt:
+        name: wireguard
+        state: present
+
+    - name: Down wg0
+      changed_when: true
+      ansible.builtin.command: wg-quick down wg0
+
+    - name: Copy wg0.conf
+      ansible.builtin.template:
+        src: wg0.conf.j2
+        dest: /etc/wireguard/wg0.conf
+        mode: '0600'
+
+    - name: Up wg0
+      changed_when: true
+      ansible.builtin.command: wg-quick up wg0