PiFrame
/
ansible
3
0
Fork 0
Code Issues Releases Activity
Browse Source

Add a more flexible routing config to wireguard ; enable wireguard dns reresolver daily service/timer

master
KemoNine 1 year ago
parent
c189491024
commit
b003ebdcfd
4 changed files with 50 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      inventory.example
  2. 29
      roles/wireguard/tasks/main.yml
  3. 8
      roles/wireguard/templates/wireguard_reresolve-dns.service
  4. 8
      roles/wireguard/templates/wireguard_reresolve-dns.timer

6
inventory.example
View File

@ -17,6 +17,10 @@ frames:
monit_wireguard_ip: 192.168.254.1
rtty_server: 192.168.254.1
munin_server: 192.168.254.1
wireguard_postup:
- ip route add 192.168.254.0/24 dev wg0
wireguard_postdown:
- ip route del 192.168.254.0/24 dev wg0
wg:
hosts:
frame1:
@ -27,7 +31,6 @@ wg:
wireguard_remote_directory: "/opt/wireguard"
wireguard_address: 192.168.254.1/32
wireguard_allowed_ips: "192.168.254.0/24"
wireguard_table: "off"
wireguard_postup:
- ip route add 192.168.254.0/24 via 192.168.254.1 dev wg0
- iptables -t nat -A PREROUTING -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT
@ -43,6 +46,7 @@ wg:
- iptables -D -A INPUT -i wg0 -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT
- iptables -D -A INPUT -i wg0 -s 192.168.254.0/24 -d 0.0.0.0/0 -j DROP
vars:
wireguard_table: "off"
wireguard_port: 51821
wireguard_endpoint: 192.168.0.2
wireguard_persistent_keepalive: 30

29
roles/wireguard/tasks/main.yml
View File

@ -131,3 +131,32 @@
state: started
enabled: yes
when: not wireguard_containerized
- name: Setup wg dns-reresolver service
template:
src: wireguard_reresolve-dns.service
dest: "/etc/systemd/system/wireguard_reresolve-dns.service"
owner: root
group: root
mode: 0644
tags:
- wg-config
when: not wireguard_containerized
- name: Setup wg dns-reresolver timer
template:
src: wireguard_reresolve-dns.timer
dest: "/etc/systemd/system/wireguard_reresolve-dns.timer"
owner: root
group: root
mode: 0644
tags:
- wg-config
when: not wireguard_containerized
- name: Enable wg dns-reresolver timer
systemd:
name: wireguard_reresolve-dns.timer
daemon_reload: yes
enabled: yes
state: restarted

8
roles/wireguard/templates/wireguard_reresolve-dns.service
View File

@ -0,0 +1,8 @@
[Unit]
Description=Reresolve DNS of all WireGuard endpoints
Wants=network-online.target
After=network-online.target
[Service]
Type=oneshot
ExecStart=/bin/sh -c 'for i in /etc/wireguard/*.conf; do /usr/share/doc/wireguard-tools/examples/reresolve-dns/reresolve-dns.sh "$i"; done'

8
roles/wireguard/templates/wireguard_reresolve-dns.timer
View File

@ -0,0 +1,8 @@
[Unit]
Description=Periodically reresolve DNS of all WireGuard endpoints
[Timer]
OnCalendar=*-*-* 01:00:00
[Install]
WantedBy=timers.target
Write Preview
Loading…
Cancel
Save