Initial ansible attempts
This commit is contained in:
parent
afb1bc4712
commit
e527d3fd8a
7
ansible/README.md
Normal file
7
ansible/README.md
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
# Ansible
|
||||||
|
|
||||||
|
Some basic Ansible 'stuff' for managing PiFrames.
|
||||||
|
|
||||||
|
This is very much WIP and nothing in this directory should **NOT** be used unless you plan on submitting patches / fixes / etc.
|
||||||
|
|
||||||
|
For now the goal of this code is to get a basic WireGuard deployment going for the PiFrameFleet area of the project.
|
6
ansible/deploy-controller.sh
Normal file
6
ansible/deploy-controller.sh
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# https://www.tauceti.blog/post/kubernetes-the-not-so-hard-way-with-ansible-wireguard/
|
||||||
|
# https://github.com/githubixx/ansible-role-wireguard
|
||||||
|
|
||||||
|
TAGS_SKIP=wg_install ansible -i inventory-wireguard -m include_role -a name=githubixx.ansible_role_wireguard wg --limit controller --check
|
31
ansible/inventory-wireguard
Normal file
31
ansible/inventory-wireguard
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
---
|
||||||
|
wg:
|
||||||
|
hosts:
|
||||||
|
frame1:
|
||||||
|
ansible_host: 10.5.5.100
|
||||||
|
wireguard_address: 192.168.254.11/32
|
||||||
|
frame2:
|
||||||
|
ansible_host: 10.5.5.101
|
||||||
|
wireguard_address: 192.168.254.11/32
|
||||||
|
controller:
|
||||||
|
ansible_connection: local
|
||||||
|
wireguard_address: 192.168.254.1/32
|
||||||
|
wireguard_endpoint: ""
|
||||||
|
wireguard_postup:
|
||||||
|
- ip route add 192.168.254.0/24 via 192.168.254.1 dev wg0
|
||||||
|
- iptables -t nat -A PREROUTING -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT
|
||||||
|
- iptables -A FORWARD -i wg0 -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT
|
||||||
|
- iptables -A FORWARD -i wg0 -s 192.168.254.0/24 -d 0.0.0.0/0 -j DROP
|
||||||
|
- iptables -A INPUT -i wg0 -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT
|
||||||
|
- iptables -A INPUT -i wg0 -s 192.168.254.0/24 -d 0.0.0.0/0 -j DROP
|
||||||
|
wireguard_postdown:
|
||||||
|
- ip route del 192.168.254.0/24 via 192.168.254.1 dev wg0
|
||||||
|
- iptables -D -t nat -A PREROUTING -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT
|
||||||
|
- iptables -D -A FORWARD -i wg0 -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT
|
||||||
|
- iptables -D -A FORWARD -i wg0 -s 192.168.254.0/24 -d 0.0.0.0/0 -j DROP
|
||||||
|
- iptables -D -A INPUT -i wg0 -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT
|
||||||
|
- iptables -D -A INPUT -i wg0 -s 192.168.254.0/24 -d 0.0.0.0/0 -j DROP
|
||||||
|
vars:
|
||||||
|
wireguard_allowed_ips: "172.16.8.10/24"
|
||||||
|
wireguard_endpoint: piframefleet.domain.tld
|
||||||
|
wireguard_persistent_keepalive: 30
|
Loading…
Reference in a new issue