11 mesiacov pred · ab5e7655ac
--- a/files/servers/vpn/packages.txt
+++ b/files/servers/vpn/packages.txt
@@ -0,0 +1,4 @@
 
				+epel-release
			
 
				+elrepo-release 
			
 
				+kmod-wireguard
			
 
				+wireguard-tools
			
--- a/files/workstations/packages.txt
+++ b/files/workstations/packages.txt
@@ -6,7 +6,6 @@ go
 
				 rust
			
 
				 make
			
 
				 pulseaudio
			
 
				-nvim
			
 
				 zsh
			
 
				 wireguard-tools
			
 
				 wayland
			
@@ -19,4 +18,3 @@ thunderbird
 
				 vlc
			
 
				 yay
			
 
				 vscodium
			
 
				-NetworkManager
			
--- a/tasks/tasks_enable_service_units/dns/enable_service_units.yml
+++ b/tasks/tasks_enable_service_units/dns/enable_service_units.yml
--- a/tasks/tasks_enable_service_units/socks_proxy/enable_service_units.yml
+++ b/tasks/tasks_enable_service_units/socks_proxy/enable_service_units.yml
--- a/tasks/tasks_enable_service_units/vpn/enable_service_units.yml
+++ b/tasks/tasks_enable_service_units/vpn/enable_service_units.yml
--- a/tasks/tasks_enable_service_units/workstation/enable_service_units.yml
+++ b/tasks/tasks_enable_service_units/workstation/enable_service_units.yml
--- a/tasks/tasks_machine_configuration/vpn/configuration.yml
+++ b/tasks/tasks_machine_configuration/vpn/configuration.yml
@@ -0,0 +1,39 @@
 
				+---
			
 
				+- name: "00: Create Wireguard directory"
			
 
				+  ansible.builtin.file:
			
 
				+    path: "/etc/wireguard"
			
 
				+    state: "directory"
			
 
				+
			
 
				+- name: "10: Create Public and Private server keys"
			
 
				+  ansible.builtin.shell:
			
 
				+    command: "wg genkey | sudo tee /etc/wireguard/privatekey | wg pubkey | sudo tee /etc/wireguard/publickey"
			
 
				+    become: True
			
 
				+
			
 
				+- name: "20: Modify Private key permissions"
			
 
				+  ansible.builtin.file:
			
 
				+    path: "/etc/wireguard/privatekey"
			
 
				+    mode: '0600'
			
 
				+
			
 
				+- name: "30: Set VPN configuration variables"
			
 
				+  become: True
			
 
				+  ansible.builtin.set_fact:
			
 
				+    vpn_network_address: "{{ vpn_network_address }}"
			
 
				+    vpn_server_port: "{{ vpn_server_port }}"
			
 
				+    vpn_private_key_content: "{{ lookup('ansible.builtin.file', '/etc/wireguard/privatekey') }}"
			
 
				+
			
 
				+- name: "40: Create server configuration file"
			
 
				+  become: True
			
 
				+  ansible.builtin.template:
			
 
				+    src: "templates/wg0.conf.j2"
			
 
				+    dest: "/etc/wireguard/wg0.conf"
			
 
				+
			
 
				+
			
 
				+- name: "50: Modify Server config file permissions"
			
 
				+  become: True
			
 
				+  ansible.builtin.file:
			
 
				+    path: "/etc/wireguard/wg0.conf"
			
 
				+    mode: "0600"
			
 
				+  ansible.builtin.file:
			
 
				+    path: "/etc/wireguard/privatekey"
			
 
				+    mode: "0600"
			
 
				+  
			
--- a/tasks/tasks_machine_configuration/workstation/configuration.yml
+++ b/tasks/tasks_machine_configuration/workstation/configuration.yml
--- a/templates/resolv.conf.j2
+++ b/templates/resolv.conf.j2
@@ -0,0 +1,6 @@
 
				+# generated from ansible jinja 2 
			
 
				+
			
 
				+search void
			
 
				+nameserver {{ ns_resolver_one }}
			
 
				+nameserver {{  ns_resolver_two }}
			
 
				+
			
--- a/templates/wg0.conf.j2
+++ b/templates/wg0.conf.j2
@@ -0,0 +1,8 @@
 
				+[Interface]
			
 
				+Address = {{ ansible_facts['vpn_network_address'] }}
			
 
				+SaveConfig = true
			
 
				+ListenPort = {{ ansible_facts['vpn_server_port'] }}
			
 
				+PrivateKey = {{ ansible_facts['vpn_private_key_content'] }}
			
 
				+PostUp     = firewall-cmd --zone=public --add-port {{ ansible_facts['vpn_server_port'] }}/udp && firewall-cmd --zone=public --add-masquerade
			
 
				+PostDown   = firewall-cmd --zone=public --remove-port {{ ansible_facts['vpn_server_port'] }}/udp && firewall-cmd --zone=public --remove-masquerade
			
 
				+