diff --git a/pizza1/configs/wireguard/wg0.conf b/pizza1/configs/wireguard/wg0.conf new file mode 100644 index 0000000..88e9edf --- /dev/null +++ b/pizza1/configs/wireguard/wg0.conf @@ -0,0 +1,13 @@ +[Interface] +Address = 10.7.0.1/24, fddd:2c4:2c4:2c4::1/64 +PrivateKey = {{wireguard_private_key}} +ListenPort = 51820 +PostUp = iptables -I FORWARD -s 10.7.0.0/24 -j ACCEPT; iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT; ip6tables -I FORWARD -s fddd:2c4:2c4:2c4::/64 -j ACCEPT; ip6tables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -I POSTROUTING -s 10.7.0.0/24 ! -d 10.7.0.0/24 -j SNAT --to 89.33.85.209; ip6tables -t nat -I POSTROUTING -s fddd:2c4:2c4:2c4::/64 ! -d fddd:2c4:2c4:2c4::/64 -j SNAT --to 2a12:bec0:20b:21fe::1 +PostUp = iptables -D FORWARD -s 10.7.0.0/24 -j ACCEPT; iptables -D FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT; ip6tables -D FORWARD -s fddd:2c4:2c4:2c4::/64 -j ACCEPT; ip6tables -D FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -D POSTROUTING -s 10.7.0.0/24 ! -d 10.7.0.0/24 -j SNAT --to 89.33.85.209; ip6tables -t nat -D POSTROUTING -s fddd:2c4:2c4:2c4::/64 ! -d fddd:2c4:2c4:2c4::/64 -j SNAT --to 2a12:bec0:20b:21fe::1 + +[Peer] +PublicKey = {{wireguard_pubnix_pubkey}} +AllowedIPs = 10.7.0.2/32, fddd:2c4:2c4:2c4::2/128 +[Peer] +PublicKey = {{wireguard_in_gluetun_pubkey}} +AllowedIPs = 10.7.0.3/32, fddd:2c4:2c4:2c4::3/128 diff --git a/pizza1/playbook.yaml b/pizza1/playbook.yaml index b554ac8..d312c5e 100644 --- a/pizza1/playbook.yaml +++ b/pizza1/playbook.yaml @@ -12,6 +12,7 @@ - knot-dnsutils - knot-module-geoip - haproxy + - wireguard - name: Setup postfix configs ansible.builtin.copy: src: ./configs/postfix @@ -43,3 +44,13 @@ name: haproxy enabled: true state: restarted + - name: Setup wireguard configs + ansible.builtin.template: + src: ./configs/wireguard/wg0.conf + dest: /etc/wireguard/wg0.conf + mode: preserve + - name: Enable wireguard + ansible.builtin.service: + name: wg-quick@wg0 + enabled: true + state: started