add wireguard hopefully

This commit is contained in:
Arya 2024-01-12 17:37:22 +05:30
parent 6a5372a0c7
commit 8d33c4664e
Signed by: arya
GPG Key ID: 842D12BDA50DF120
2 changed files with 24 additions and 0 deletions

View File

@ -0,0 +1,13 @@
[Interface]
Address = 10.7.0.1/24, fddd:2c4:2c4:2c4::1/64
PrivateKey = {{wireguard_private_key}}
ListenPort = 51820
PostUp = iptables -I FORWARD -s 10.7.0.0/24 -j ACCEPT; iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT; ip6tables -I FORWARD -s fddd:2c4:2c4:2c4::/64 -j ACCEPT; ip6tables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -I POSTROUTING -s 10.7.0.0/24 ! -d 10.7.0.0/24 -j SNAT --to 89.33.85.209; ip6tables -t nat -I POSTROUTING -s fddd:2c4:2c4:2c4::/64 ! -d fddd:2c4:2c4:2c4::/64 -j SNAT --to 2a12:bec0:20b:21fe::1
PostUp = iptables -D FORWARD -s 10.7.0.0/24 -j ACCEPT; iptables -D FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT; ip6tables -D FORWARD -s fddd:2c4:2c4:2c4::/64 -j ACCEPT; ip6tables -D FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -D POSTROUTING -s 10.7.0.0/24 ! -d 10.7.0.0/24 -j SNAT --to 89.33.85.209; ip6tables -t nat -D POSTROUTING -s fddd:2c4:2c4:2c4::/64 ! -d fddd:2c4:2c4:2c4::/64 -j SNAT --to 2a12:bec0:20b:21fe::1
[Peer]
PublicKey = {{wireguard_pubnix_pubkey}}
AllowedIPs = 10.7.0.2/32, fddd:2c4:2c4:2c4::2/128
[Peer]
PublicKey = {{wireguard_in_gluetun_pubkey}}
AllowedIPs = 10.7.0.3/32, fddd:2c4:2c4:2c4::3/128

View File

@ -12,6 +12,7 @@
- knot-dnsutils - knot-dnsutils
- knot-module-geoip - knot-module-geoip
- haproxy - haproxy
- wireguard
- name: Setup postfix configs - name: Setup postfix configs
ansible.builtin.copy: ansible.builtin.copy:
src: ./configs/postfix src: ./configs/postfix
@ -43,3 +44,13 @@
name: haproxy name: haproxy
enabled: true enabled: true
state: restarted state: restarted
- name: Setup wireguard configs
ansible.builtin.template:
src: ./configs/wireguard/wg0.conf
dest: /etc/wireguard/wg0.conf
mode: preserve
- name: Enable wireguard
ansible.builtin.service:
name: wg-quick@wg0
enabled: true
state: started