Refactor: Organize Ansible project structure

- Reorganized Ansible project structure to follow best practices. - Created dedicated directories: , , , , and . - Categorized playbooks into (host-specific) and (service-specific). - Moved all roles into the directory and standardized their naming conventions. - Relocated to for better variable management. - Renamed to to reflect its global variable scope. - Created to correctly set the to the new directory. - Moved and into the directory. - Added to providing explanations for common commands. - Cleaned up directories from all individual roles to centralize version control.
2026-01-26 11:54:00 +01:00
parent 25fa9eaf25
commit 5bbc551106
177 changed files with 4162 additions and 77 deletions
--- a/roles/wireguard_server/templates/wireguardclient.conf
+++ b/roles/wireguard_server/templates/wireguardclient.conf
@@ -0,0 +1,14 @@
+[Interface]
+Address = {{ IP }}/24
+DNS = 192.168.5.5
+#PostUP = wifi-wireguard -e
+#PostDOWN = wifi-wireguard -d
+SaveConfig = false
+ListenPort = 40041
+PrivateKey = {{ priv }}
+
+[Peer]
+PublicKey = {{ wireguard_server_pub }}
+AllowedIPs = 10.0.0.0/24, 192.168.5.0/24, 192.168.6.0/24, 192.168.100.0/24
+Endpoint = 185.61.86.153:51822
+PersistentKeepalive = 20
--- a/roles/wireguard_server/templates/wireguardserver.conf
+++ b/roles/wireguard_server/templates/wireguardserver.conf
@@ -0,0 +1,26 @@
+[Interface]
+PrivateKey = {{ wireguard_server_key }}
+Address=10.0.0.1/24
+PostUp=iptables -A FORWARD -i wireguardserver -o ens18 -j ACCEPT; iptables -A FORWARD -i ens18 -o wireguardserver -j ACCEPT; iptables -t nat -A POSTROUTING -o ens18 -j MASQUERADE;
+PostDown=iptables -D FORWARD -i wireguardserver -o ens18 -j ACCEPT; iptables -D FORWARD -i ens18 -o wireguardserver -j ACCEPT; iptables -t nat -D POSTROUTING -o ens18 -j MASQUERADE;
+ListenPort=51822
+
+[Peer]
+PublicKey = {{ wireguard_ntb_pub }}
+AllowedIPs = {{ wireguard_ntb_ip }}/32
+
+[Peer]
+PublicKey = {{ wireguard_kate_pub }}
+AllowedIPs = {{ wireguard_kate_ip }}/32
+
+[Peer]
+PublicKey = {{ wireguard_tata_pub }}
+AllowedIPs = {{ wireguard_tata_ip }}/32
+
+[Peer]
+PublicKey = {{ wireguard_pi_pub }}
+AllowedIPs = {{ wireguard_pi_ip }}/32
+
+[Peer]
+PublicKey = {{ wireguard_desktop_pub }}
+AllowedIPs = {{ wireguard_desktop_ip }}/32