-
Notifications
You must be signed in to change notification settings - Fork 0
/
playbook.yaml
30 lines (29 loc) · 3.05 KB
/
playbook.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
- hosts: "bastion" # This is the host that we will be running the role on.
module_defaults: # Configure the module defaults.
ansible.builtin.setup: # Configure the setup module defaults.
gather_subset: # This is a list of facts that will be gathered (we don't need this so let's speed things up).
- "!min" # Ignore the minimum facts..
- "!all" # and then ignore all remaining facts.
roles: # This is a list of roles that will be run.
- name: "/Users/matthewdavis/workspace/ansible/ansible-wireguard-server"
vars: # These are the variables that will be passed to the role.
wireguard: # This is the wireguard configuration passed to the role.
dns_servers: # This is a list of DNS servers that the wireguard clients will use.
- "168.63.129.16" # Azure private zone DNS resolver.
- "1.1.1.1" # Cloudflare DNS resolver.
server: # This is the server side configuration.
path: "/etc/wireguard" # This is the path where the wireguard configurations will be written to.
interface_name: "wg0" # This is the name of the wireguard interface server side.
cidr: "172.172.0.0/22" # This is the CIDR block that the wireguard server will use (/22 has the range of 172.172.0.0 - 172.172.3.255).
address: "172.172.0.1/32" # This is the IP address that the wireguard server will assume.
public_address: "bastion.matthewdavis.io" # This is the public IP address or hostname that the wireguard server is listening on.
public_port: 51820 # This is the port that the wireguard server will listen on.
routes: # This is a list of CIDR blocks that will be routed through the wireguard clients.
- "10.1.0.0/24" # This is a CIDR block that will be routed through the wireguard clients.
clients: # This is the client side configurations.
output_path: "/tmp/wireguard-clients" # This is the path where the client config files will be written to.
peers: # This is a list of clients that will be able to connect to the server.
address: "172.172.0.10/32" # This is the IP address that the end users wireguard client will assume.
address: "172.172.0.11/32" # This is the IP address that the end users wireguard client will assume.