You've already forked ansible-role-wireguard
37 lines
898 B
Markdown
37 lines
898 B
Markdown
# Wireguard
|
|
|
|
The present role :
|
|
|
|
- Installs wireguard and wireguard-tools
|
|
- Configures a server
|
|
- Adds peers to the server
|
|
- Generates configuration for the peers
|
|
|
|
It can also be configured with forwarding rules to a local interface.
|
|
|
|
It has been tested on :
|
|
|
|
- Debian 11
|
|
- Debian 12
|
|
|
|
## Example variables
|
|
|
|
```yml
|
|
wireguard_config: "wg0"
|
|
wireguard_listen_addr: "10.9.0.1/32"
|
|
wireguard_listen_port: "51820"
|
|
wireguard_persistent_keepalive: "25"
|
|
wireguard_private_key: "{{ wireguard_server_privkey }}"
|
|
wireguard_public_key: "{{ wireguard_server_pubkey }}"
|
|
wireguard_endpoint: "<ip>:51820"
|
|
wireguard_forwarding: "ens18"
|
|
|
|
# Generate the keys with: `wg genkey | tee /dev/tty | wg pubkey`
|
|
wireguard_users:
|
|
- name: "tchivert"
|
|
address: "10.9.0.2/32"
|
|
private_key: "{{ wireguard_tchivert_privkey }}"
|
|
public_key: "{{ wireguard_tchivert_pubkey }}"
|
|
allowed_ips: "10.9.0.1/32, 10.0.60.0/24"
|
|
```
|