mail

2026-05-24 19:38:38 +02:00
parent 8c66580dab
commit 366a8cc197
35 changed files with 998 additions and 372 deletions
@@ -0,0 +1,9 @@
+[Interface]
+PrivateKey = {{ wireguard_private_key }}
+Address = 10.10.1.2/24
+ 
+[Peer]
+PublicKey = r0XaxIE3AVud9Z42UPZF3mwoh2R0B0M1EUDY9cvuyDA=
+Endpoint = 192.3.44.243:41194
+AllowedIPs = 10.10.1.0/24
+PersistentKeepalive = 25
@@ -0,0 +1,18 @@
+[Interface]
+PrivateKey = {{ wireguard_server_private_key }}
+Address = 10.10.1.1/24
+ListenPort = 41194
+PostUp   = sysctl -w net.ipv4.ip_forward=1
+PreUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 25 -j DNAT --to-destination 10.10.1.2:25
+PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 25 -j DNAT --to-destination 10.10.1.2:25
+PreUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 993 -j DNAT --to-destination 10.10.1.2:993
+PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 993 -j DNAT --to-destination 10.10.1.2:993
+PreUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 587 -j DNAT --to-destination 10.10.1.2:587
+PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 587 -j DNAT --to-destination 10.10.1.2:587
+
+PreUp = iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE
+PostDown = iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE
+ 
+[Peer]
+PublicKey = oI69uWkbkwtpuIYxDNGmzg4nRjY1BIZFVFjZwguIvwE=
+AllowedIPs = 10.10.1.2/32
@@ -0,0 +1,37 @@
+- name: Wireguard
+  hosts: pi
+  become: true
+  vars:
+    wireguard_private_key: !vault |
+              $ANSIBLE_VAULT;1.1;AES256
+              64663235376666616263333732653733633362393634663130356638353431633635373437323961
+              3030636636626339316366326161623236303937623338380a656639636338643937323037366139
+              64633263646664303962323830663435343531393231393939663633343165383163626466633231
+              3138326563386233390a386237633630656436663062633264366562616632633035343733323331
+              64366538386364623938663836336661313632376131336338643432646338303738616438623361
+              6237653737666662336665326237623331383132653431343466
+    wireguard_server_private_key: !vault |
+              $ANSIBLE_VAULT;1.1;AES256
+              38633732343939346261653834393536313335376166616661373266616266353938633363373464
+              3233646466303834656633656237643632666462323264360a333066313361323038366265316330
+              32626534313239353833653638353364313136333932386331373132356333663935366466653435
+              3636323037366333350a313761643565633165643938303330386431623237356262323332306533
+              34623734623661333266393930306439336533343566306635633638326334303364353036383036
+              3461343263306434386135356638623636393030646236346531
+  tasks:
+    - name: Install wireguard
+      ansible.builtin.apt:
+        name: wireguard
+        state: present
+
+    - name: Copy wg0.conf
+      ansible.builtin.template:
+        src: wg0.conf.j2
+        dest: /etc/wireguard/wg0.conf
+        mode: '0600'
+
+    - name: Start service
+      ansible.builtin.service:
+        name: wg-quick@wg0
+        state: restarted
+        enabled: true