|
|
@@ -1,48 +1,10 @@
|
|
|
---
|
|
|
-- hosts: dhcp
|
|
|
- become: True
|
|
|
- gather_facts: False
|
|
|
- vars:
|
|
|
- wg_allowed_ips: '0.0.0.0/0,::0/0'
|
|
|
+- hosts: 10.0.0.2
|
|
|
+ become: true
|
|
|
+ gather_facts: false
|
|
|
|
|
|
tasks:
|
|
|
- - name: Load potential endpoints
|
|
|
- include_vars:
|
|
|
- file: ../vars/vault.yaml
|
|
|
-
|
|
|
- - name: Select a random endpoint
|
|
|
- set_fact:
|
|
|
- wg_info: "{{ vaulted_wg_info | shuffle | first }}"
|
|
|
-
|
|
|
- - name: Update settings to connect to {{ wg_info.name }}
|
|
|
- set_fact:
|
|
|
- wg_private_key: "{{ wg_info.private_key }}"
|
|
|
- wg_address: "{{ wg_info.address }}"
|
|
|
- wg_public_key: "{{ wg_info.pubkey }}"
|
|
|
- wg_endpoint: "{{ wg_info.endpoint }}"
|
|
|
-
|
|
|
-
|
|
|
- - name: Update wireguard config
|
|
|
- template:
|
|
|
- src: ../roles/wg-gateway/templates/wg.conf.j2
|
|
|
- dest: /etc/wireguard/wg0.conf
|
|
|
- owner: root
|
|
|
- group: root
|
|
|
- mode: '0644'
|
|
|
-
|
|
|
- - name: Restart wireguard interface
|
|
|
- systemd:
|
|
|
- name: wg-quick@wg0
|
|
|
- state: restarted
|
|
|
-
|
|
|
- - name: Edit /etc/motd
|
|
|
- lineinfile:
|
|
|
- path: /etc/motd
|
|
|
- regex: "^VPN Traffic tunneled through server: "
|
|
|
- line: "VPN Traffic tunneled through server: {{ wg_info.name }}"
|
|
|
- delegate_to: 10.0.0.4
|
|
|
-
|
|
|
- - name: Restart unbound
|
|
|
- systemd:
|
|
|
- name: unbound
|
|
|
+ - name: Restart VPN
|
|
|
+ ansible.builtin.systemd_service:
|
|
|
+ name: openvpn@proton
|
|
|
state: restarted
|
Blaine Story