An Ansible Role that manages setup and configuration of WireGuard
Available variables listed below, along with default values (see defaults/main.yml):
wireguard_port: 51820
The port WireGuard will listen.
wireguard_interface: wg0
The interface name that WireGuard should use.
wireguard_postup:
- iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE;
The hooks for to do some network related stuff after a WireGuard interface comes up.
wireguard_postdown:
- iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE;
The hooks for to do some network related stuff after a WireGuard interface goes down.
wireguard_group_destinations:
some-group:
- 8.8.8.8 # or 8.8.8.8/32
Destination groups are for routing traffic to specific group hosts (WireGuard AllowedIPs)
wireguard_allowed_groups:
- some-client-groups
Allowed groups is for granting access to the server hosts for client hosts.
- hosts: servers
roles:
- sananguliyev.wireguard
vars:
wireguard_port: 51820
wireguard_interface: wg0
Use docker-molecule following the instructions to run Molecule or install Molecule locally (not recommended, version conflicts might appear).
Provide Hetzner Cloud token:
export HCLOUD_TOKEN=123abc456efg
Use following to run tests:
molecule test --all
See the LICENSE.md file for details.
This role was created in 2020 by Sanan Guliyev.