PiFrame
/
ansible
3
0
Fork 0
Code Issues Releases Activity
Browse Source

Add a more flexible routing config to wireguard ; enable wireguard dns reresolver daily service/timer

master
KemoNine 2 years ago
parent
c189491024
commit
b003ebdcfd
4 changed files with 50 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      inventory.example
  2. 29
      roles/wireguard/tasks/main.yml
  3. 8
      roles/wireguard/templates/wireguard_reresolve-dns.service
  4. 8
      roles/wireguard/templates/wireguard_reresolve-dns.timer

6
inventory.example
Unescape View File

@ -17,6 +17,10 @@ frames:
monit_wireguard_ip: 192.168.254.1
rtty_server: 192.168.254.1
munin_server: 192.168.254.1
wireguard_postup:
- ip route add 192.168.254.0/24 dev wg0
wireguard_postdown:
- ip route del 192.168.254.0/24 dev wg0
wg:
hosts:
frame1:
@ -27,7 +31,6 @@ wg:
wireguard_remote_directory: "/opt/wireguard"
wireguard_address: 192.168.254.1/32
wireguard_allowed_ips: "192.168.254.0/24"
wireguard_table: "off"
wireguard_postup:
- ip route add 192.168.254.0/24 via 192.168.254.1 dev wg0
- iptables -t nat -A PREROUTING -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT
@ -43,6 +46,7 @@ wg:
- iptables -D -A INPUT -i wg0 -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT
- iptables -D -A INPUT -i wg0 -s 192.168.254.0/24 -d 0.0.0.0/0 -j DROP
vars:
wireguard_table: "off"
wireguard_port: 51821
wireguard_endpoint: 192.168.0.2
wireguard_persistent_keepalive: 30

29
roles/wireguard/tasks/main.yml
Unescape View File

@ -131,3 +131,32 @@
state: started
enabled: yes
when: not wireguard_containerized
- name: Setup wg dns-reresolver service
template:
src: wireguard_reresolve-dns.service
dest: "/etc/systemd/system/wireguard_reresolve-dns.service"
owner: root
group: root
mode: 0644
tags:
- wg-config
when: not wireguard_containerized
- name: Setup wg dns-reresolver timer
template:
src: wireguard_reresolve-dns.timer
dest: "/etc/systemd/system/wireguard_reresolve-dns.timer"
owner: root
group: root
mode: 0644
tags:
- wg-config
when: not wireguard_containerized
- name: Enable wg dns-reresolver timer
systemd:
name: wireguard_reresolve-dns.timer
daemon_reload: yes
enabled: yes
state: restarted

8
roles/wireguard/templates/wireguard_reresolve-dns.service
Unescape View File

@ -0,0 +1,8 @@
[Unit]
Description=Reresolve DNS of all WireGuard endpoints
Wants=network-online.target
After=network-online.target
[Service]
Type=oneshot
ExecStart=/bin/sh -c 'for i in /etc/wireguard/*.conf; do /usr/share/doc/wireguard-tools/examples/reresolve-dns/reresolve-dns.sh "$i"; done'

8
roles/wireguard/templates/wireguard_reresolve-dns.timer
Unescape View File

@ -0,0 +1,8 @@
[Unit]
Description=Periodically reresolve DNS of all WireGuard endpoints
[Timer]
OnCalendar=*-*-* 01:00:00
[Install]
WantedBy=timers.target
Write Preview
Loading…
Cancel
Save