Decentrala/dmzconf
23
1
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: Decentrala:ansible
Branches Tags
Decentrala:master Decentrala:ansible Decentrala:man Decentrala:bydir
..
compare: Decentrala:master
Branches Tags
Decentrala:master Decentrala:ansible Decentrala:man Decentrala:bydir

2 Commits
ansible ... master

Author SHA1 Message Date
Malin Freeborn
5fbd20ce15 delete krov items 2026-02-04 16:41:38 +01:00
Malin Freeborn
871d669b32 add nimbus to xecut 2026-02-04 16:33:56 +01:00
10 changed files with 4 additions and 216 deletions
Expand all files Collapse all files

46
ansible/Makefile
View File

@@ -1,46 +0,0 @@
hosts = $(wildcard host_vars/*.yml)
logs = $(patsubst host_vars/%.yml, logs/%.json, $(hosts) )
playbooks = $(wildcard playbooks/*.yml)
plays = $(patsubst playbooks/%.yml, %, $(playbooks) )
defaults += $(wildcard logs/*)
###### Recipes ######
.PHONY: help
help: ## Print the help message.
@awk 'BEGIN {FS = ":.*?## "} /^[0-9a-zA-Z._-]+:.*?## / {printf "\033[36m%s\033[0m : %s\n", $$1, $$2}' $(MAKEFILE_LIST) | \
column -s ':' -t
.PHONY: lint
lint: $(playbooks) | .ansible/ ## Check syntax and lint all playbooks
ansible-playbook --syntax-check $^
ansible-lint $^
.PHONY: records
records: $(logs) ## Current info on each host
$(logs): logs/%.json: | logs/
ansible -m setup $(basename $(@F) ) > $@
-include logs/play.mk
make_play = printf '.PHONY: %s\n%s: %s \#\# %s\n\n' '$(notdir $(basename $1) )' '$(notdir $(basename $1) )' '$1' '$(shell grep -m1 -oP 'name: \K.*' $1)'
logs/play.mk: playbooks/*.yml
@$(RM) $@
@$(foreach book, $^, \
$(call make_play, $(book), $@ ) >> $@ ; \
printf '\t%s\n\n' 'ansible-playbook $(book)' >> $@ ; \
)
%/:
mkdir $@
echo '*' > $@.gitignore
.PHONY: clean
clean: ## Remove generated files.
$(RM) $(defaults)

7
ansible/ansible.cfg
View File

@@ -1,7 +0,0 @@
[defaults]
inventory = hosts.yaml
local_tmp = .ansible
cow_selection = random
vault_password_file = pass.sh
interpreter_python = auto_silent

7
ansible/files/wireguard/server_private_key
View File

@@ -1,7 +0,0 @@
$ANSIBLE_VAULT;1.1;AES256
39653235613163636362653036663563383839313836643563323462616163353364323862313039
6564656661323039393563636133303132626663366233390a343535383963353763383364376438
36306435396461393132653161393238623562393465356166343764336661376434333335643863
3865373732363761620a613236613963396638613831326332386530326239373062333933646239
39313336383366636133646336653236303261346238306336663564373063383634313361356335
6334353863363931643338663833333065343435333231623466

1
ansible/files/wireguard/server_public_key
View File

@@ -1 +0,0 @@
GH+qA1Au9BraGhNt7Aqp8tdhGVfH8ENnY3VzKhe69XQ=

9
ansible/host_vars/nimbus.yml
View File

@@ -1,9 +0,0 @@
$ANSIBLE_VAULT;1.1;AES256
37363765623839666637633861353139353935323364343538356536653561373266336161353937
3466653434666163313936393366613666393863616262320a643930663038326666653064613062
62613661396538363539643938323033663932326362626335333438653865623038336136623030
3735366564366431330a373061393766346631643434383364646431346231356466663737626435
64303835343237383761633939643431333439643933636139666163393637363430633261633736
34626631366163616439366534393031353063363138356638323634313430666330613833386661
61346365313534353535633365626364303565363565353765353833363065343232633866633132
63643930633266653765

16
ansible/hosts.yaml
View File

@@ -1,16 +0,0 @@
all:
vars:
username: dmz
locale: Europe/Belgrade
libc_locale: en_GB.UTF-8 UTF-8
var_locale: LANG=en_GB.UTF-8
ungrouped:
hosts:
nimbus:
cloud:
hosts:
nimbus:
arch:
hosts:
nimbus:

3
ansible/pass.sh
View File

@@ -1,3 +0,0 @@
#!/bin/sh
pass dmz/xecut/dmz_ansible

106
ansible/playbooks/wireguard.yml
View File

@@ -1,106 +0,0 @@
---
- name: Install Wireguard on Server
hosts: nimbus
become: true
tasks:
- name: Install wireguard tools and dig
ansible.builtin.package:
name:
- wireguard-tools
- bind
- name: Copy keys to server
ansible.builtin.copy:
src: wireguard/
dest: /etc/wireguard/server_public_key
- name: Remember the public key
ansible.builtin.command: cat /etc/wireguard/server_public_key
register: wireguard_public_key
- name: Get server public IP
ansible.builtin.command: dig +short myip.opendns.com @resolver1.opendns.com
register: wireguard_public_ip
- name: Allow ipv4 forwarding
ansible.builtin.lineinfile:
path: /etc/sysctl.d/wg.conf
line: net.ipv4.ip_forward=1
create: yes
- name: Start the wireguard service
ansible.builtin.service:
name: wg-quick@wg0
enabled: yes
- name: Install Wireguard on Host
hosts: localhost
become: true
tasks:
- name: Install wireguard tools
ansible.builtin.package:
name:
- wireguard-tools
- name: Create private key
ansible.builtin.shell:
chdir: /etc/wireguard/
creates: /etc/wireguard/dmz_public_key
cmd: "wg genkey | tee dmz_private_key | wg pubkey > dmz_public_key"
- name: Remember the public key
ansible.builtin.command: cat /etc/wireguard/dmz_public_key
register: client_public_key
- name: Generate Server Config
hosts: nimbus
become: true
tasks:
- name: Create wg0 configuration
ansible.builtin.shell:
chdir: /etc/wireguard/
creates: /etc/wireguard/wg0.conf
cmd: |
echo "
[Interface]
Address = 10.0.0.1/24
SaveConfig = true
PrivateKey = $(cat server_private_key)
ListenPort = 51900
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer]
PublicKey = {{ hostvars['localhost']['client_public_key']['stdout'] }}
AllowedIPs = 10.0.0.2/32
" > /etc/wireguard/wg0.conf
- name: Generate Client Config
hosts: localhost
become: true
tasks:
- name: Create wg0 client configuration
ansible.builtin.shell:
chdir: /etc/wireguard/
creates: /etc/wireguard/wg0-client.conf
cmd: |
echo "
[Interface]
Address = 10.0.0.2/32
PrivateKey = $(cat dmz_private_key)
DNS = 9.9.9.9
[Peer]
PublicKey = {{ hostvars['nimbus']['wireguard_public_key']['stdout'] }}
Endpoint = space.xecut.me:51900
AllowedIPs = 10.0.0.1/32
" > /etc/wireguard/wg0-client.conf

14
ansible/templates/wireguard/wg0.conf
View File

@@ -1,14 +0,0 @@
[Interface]
Address = 10.0.0.1/24
SaveConfig = true
PrivateKey = {{ wg_private_key }}
ListenPort = 51900
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer]
PublicKey = {{ wg_public_key }}
AllowedIPs = 10.0.0.2/32

11
network.rec
View File

@@ -5,10 +5,6 @@ name: ISP Router
location: kralizec location: kralizec
ISP: Orion ISP: Orion
name: ISP Router
location: krov
ISP: Yettel
%rec: host %rec: host
%doc: These are the real machines, most of which run VMs or containters. %doc: These are the real machines, most of which run VMs or containters.
%key: name %key: name
@@ -17,8 +13,10 @@ name: moxx
location: kralizec location: kralizec
local_access: 192.168.1.200:8006 local_access: 192.168.1.200:8006
name: Serverko name: nimbus
location: krov location: xecut
description: raspberry pi
os: Arch Linux Aarm
%rec: lxc %rec: lxc
%doc: A container, usually on a Proxmox host. %doc: A container, usually on a Proxmox host.
@@ -90,4 +88,3 @@ host: Serverko
name: tor12 name: tor12
host: nginx host: nginx