Add vpn:base role

2022-12-07 22:07:39 +01:00 · 2022-12-07 22:07:39 +01:00 · 149e023534
commit 149e023534
parent 2551993f86
6 changed files with 17 additions and 10 deletions
--- a/main.yml
+++ b/main.yml
@ -1,2 +1,3 @@
 ---
 - ansible.builtin.import_playbook: "plays/system/main.yml"
+- ansible.builtin.import_playbook: "plays/vpn/main.yml"
--- a/playbooks/01-vpn.yml
+++ b/playbooks/01-vpn.yml
@ -3,6 +3,5 @@
  hosts: asgard

  tasks:
-    - import_tasks: tasks/vpn/ipforward.yml
    - import_tasks: tasks/vpn/bridge.yml
    - import_tasks: tasks/vpn/wireguard.yml
--- a/playbooks/tasks/vpn/ipforward.yml
+++ b/playbooks/tasks/vpn/ipforward.yml
@ -1,5 +0,0 @@
- sysctl:
-    name: net.ipv4.ip_forward
-    value: '1'
-    sysctl_file: /etc/sysctl.d/local.conf
-    reload: yes
--- a/playbooks/tasks/vpn/wireguard.yml
+++ b/playbooks/tasks/vpn/wireguard.yml
@ -1,7 +1,3 @@
- name: Install WireGuard
-  apt:
-    name: wireguard
-
 - name: WireGuard interface configuration
  template:
    src: ./filesystem/{{ ansible_hostname }}/etc/wireguard/wg0.conf.j2
--- a/plays/vpn/main.yml
+++ b/plays/vpn/main.yml
@ -0,0 +1,6 @@
+---
+- name: "vpn : group:all"
+  hosts: "all"
+  roles:
+    - role: "base"
+      tags: "vpn:base"
--- a/plays/vpn/roles/base/tasks/main.yml
+++ b/plays/vpn/roles/base/tasks/main.yml
@ -0,0 +1,10 @@
+- name: "enable ipv4 forwarding"
+  ansible.posix.sysctl:
+    name: "net.ipv4.ip_forward"
+    value: "1"
+    sysctl_file: "/etc/sysctl.d/local.conf"
+    reload: true
+
+- name: "install wireguard"
+  ansible.builtin.apt:
+    name: "wireguard"