Warezjoe/ansible_uni_deploy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Swap version of wstunnel (previos not exist). Creating wireguard-server variables

Browse Source
This commit is contained in:
warezjoe
2026-02-27 10:30:56 +01:00
parent 3bb33db037
commit 7852d99940
5 changed files with 8 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
group_vars/.all.yml.swp
View File

Binary file not shown.

4
group_vars/all.yml
View File

@@ -4,6 +4,10 @@ ip_admin: 192.168.6.7
mysql_host: "{{ ip_admin }}" mysql_host: "{{ ip_admin }}"
gateway: 192.168.6.1 gateway: 192.168.6.1
wireguard-server:
wstunnel-download-url: https://github.com/erebe/wstunnel/releases/download/v10.5.2/wstunnel_10.5.2_linux_amd64.tar.gz
internal-port: 51822
wireguard-client: wireguard-client:
ntb: ntb:
ip: 10.0.0.2 ip: 10.0.0.2

2
playbooks/services/wireguard-cerberus.yml
View File

@@ -3,7 +3,7 @@
become: true become: true
vars_files: vars_files:
- vault.yml - vault.yml
- zeus-vars.yml - all.yml
tasks: tasks:
- name: wireguard-server - name: wireguard-server
ansible.builtin.include_role: ansible.builtin.include_role:

4
roles/wireguard_server/tasks/wstunnel.yml
View File

@@ -9,7 +9,7 @@
block: block:
- name: Download and unarchive wstunnel package - name: Download and unarchive wstunnel package
ansible.builtin.unarchive: ansible.builtin.unarchive:
src: https://github.com/erebe/wstunnel/releases/download/v5.1/wstunnel_5.1_linux_amd64.tar.gz src: "{{ wstunnel-download-url }}"
dest: /tmp dest: /tmp
remote_src: yes remote_src: yes
creates: /tmp/wstunnel creates: /tmp/wstunnel
@@ -38,7 +38,7 @@
[Service] [Service]
Type=simple Type=simple
User=nobody User=nobody
ExecStart=/usr/local/bin/wstunnel -s 127.0.0.1:8080 -t udp://127.0.0.1:51820 ExecStart=/usr/local/bin/wstunnel -s 0.0.0.0:8080 -t udp://127.0.0.1:{{ wireguard-server.internal-port }}
Restart=always Restart=always
RestartSec=3 RestartSec=3

2
roles/wireguard_server/templates/wireguardserver.conf
View File

@@ -3,7 +3,7 @@ PrivateKey = {{ wireguard-server.key }}
Address=10.0.0.1/24 Address=10.0.0.1/24
PostUp=iptables -A FORWARD -i wireguardserver -o ens18 -j ACCEPT; iptables -A FORWARD -i ens18 -o wireguardserver -j ACCEPT; iptables -t nat -A POSTROUTING -o ens18 -j MASQUERADE; PostUp=iptables -A FORWARD -i wireguardserver -o ens18 -j ACCEPT; iptables -A FORWARD -i ens18 -o wireguardserver -j ACCEPT; iptables -t nat -A POSTROUTING -o ens18 -j MASQUERADE;
PostDown=iptables -D FORWARD -i wireguardserver -o ens18 -j ACCEPT; iptables -D FORWARD -i ens18 -o wireguardserver -j ACCEPT; iptables -t nat -D POSTROUTING -o ens18 -j MASQUERADE; PostDown=iptables -D FORWARD -i wireguardserver -o ens18 -j ACCEPT; iptables -D FORWARD -i ens18 -o wireguardserver -j ACCEPT; iptables -t nat -D POSTROUTING -o ens18 -j MASQUERADE;
ListenPort=51822 ListenPort={{ wireguard-server.internal-port }}
{% for user in wireguard %} {% for user in wireguard %}
[Peer] [Peer]