tobias/infrastructure
1
0
Fork 0
Code Issues 5 Pull Requests Projects Activity

Refactor: Dir structure

Browse Source
This commit is contained in:
Tobias Manske
2023-09-14 06:48:05 +02:00
parent c361625230
commit af3e66f901
157 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ansible/plays/services/wireguard/.env Normal file
View File

@ -0,0 +1 @@
COMPOSE_PROJECT_NAME=wireguard

32
ansible/plays/services/wireguard/docker-compose.yaml Normal file
View File

@ -0,0 +1,32 @@
---
version: '3.9'
services:
wireguard:
image: registry.tobiasmanske.de/wireguard:latest
container_name: wireguard
cap_add:
- NET_ADMIN
security_opt:
- label:disable
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
volumes:
- ./wg0.conf:/etc/wireguard/wg0.conf:ro,z
ports:
- 51820:51820/udp
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
- net.ipv6.conf.all.disable_ipv6=0
restart: unless-stopped
networks:
- default
- internal_services
networks:
internal_services:
name: internal_services
internal: true
...

24
ansible/plays/services/wireguard/wg0.conf Normal file
View File

@ -0,0 +1,24 @@
[Interface]
{% for addr in wireguard.cidr %}
Address = {{ addr }}
{% endfor %}
MTU = 1420
SaveConfig = true
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = {{ wireguard.port }}
PrivateKey = {{ wireguard.private_key }}
{% for peer in wireguard_peers %}
# Peer: {{ peer.name }}
[Peer]
PublicKey = {{ peer.pubkey }}
AllowedIPs = {{ peer.allowedips | join(", ") }}
{% if peer.endpoint is defined %}
Endpoint = {{ peer.endpoint }}
{% endif %}
{% if peer.keepalive is defined %}
PersistentKeepalive = {{ peer.keepalive }}
{% endif %}
{% endfor %}