kjuulh/clank-manage
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

feat: add drone vm

Browse Source
This commit is contained in:
Kasper Juul Hermansen 2023-05-14 21:52:03 +02:00
parent 7e73d346ce
commit 6889aea631
Signed by: kjuulh
GPG Key ID: 57B6E1465221F912
4 changed files with 53 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
hosts
View File

@ -1,5 +1,10 @@
[bespoke] [bespoke]
renovate ansible_ssh_private_key_file=~/.ssh/id_clank ansible_host=10.0.9.9
drone ansible_ssh_private_key_file=~/.ssh/id_clank ansible_host=10.0.10.2
[wireguard]
renovate ansible_ssh_private_key_file=~/.ssh/id_clank ansible_host=10.0.9.9 wireguard_peer_ip=10.0.9.9 renovate ansible_ssh_private_key_file=~/.ssh/id_clank ansible_host=10.0.9.9 wireguard_peer_ip=10.0.9.9
[renovate] [renovate]
renovate ansible_ssh_private_key_file=~/.ssh/id_clank ansible_host=10.0.9.9 wireguard_peer_ip=10.0.9.9 renovate ansible_ssh_private_key_file=~/.ssh/id_clank ansible_host=10.0.9.9

48
roles/bespoke/tasks/main.yaml
View File

@ -1,52 +1,4 @@
--- ---
- name: install wireguard
apt:
name: wireguard
update_cache: yes
cache_valid_time: 3600
- name: generate private and public key pair
args:
creates: /etc/wireguard
shell: |
mkdir -p /etc/wireguard/
cd /etc/wireguard/
wg genkey | tee clank-privatekey | wg pubkey > clank-publickey
chmod 0400 clank-privatekey
chmod 0400 clank-publickey
- name: read public key
command: cat /etc/wireguard/clank-publickey
register: wireguard_publickey
- name: read private key
command: cat /etc/wireguard/clank-privatekey
register: wireguard_privatekey
- name: print publickey
debug:
msg: "{{ wireguard_publickey.stdout_lines[0] }}"
- name: Generate WireGuard configuration
template:
src: wireguard.conf.j2
dest: /etc/wireguard/wg0.conf
vars:
interface_address: "{{ wireguard_peer_ip }}"
listen_port: " {{ main_wireguard_port }} "
private_key: "{{ wireguard_privatekey.stdout_lines[0] }}"
allowed_ips: "10.0.9.0/24"
peer_public_key: "{{ main_wireguard_public_key }}"
endpoint: "{{ main_wireguard_ip }}:{{ main_wireguard_port }}"
persistent_keepalive: 25
- name: enable and start wireguard service
systemd:
name: "wg-quick@wg0"
state: started
enabled: yes
- name: Update apt cache - name: Update apt cache
apt: apt:
update_cache: yes update_cache: yes

47
roles/wireguard/tasks/main.yaml Normal file
View File

@ -0,0 +1,47 @@
---
- name: install wireguard
apt:
name: wireguard
update_cache: yes
cache_valid_time: 3600
- name: generate private and public key pair
args:
creates: /etc/wireguard
shell: |
mkdir -p /etc/wireguard/
cd /etc/wireguard/
wg genkey | tee clank-privatekey | wg pubkey > clank-publickey
chmod 0400 clank-privatekey
chmod 0400 clank-publickey
- name: read public key
command: cat /etc/wireguard/clank-publickey
register: wireguard_publickey
- name: read private key
command: cat /etc/wireguard/clank-privatekey
register: wireguard_privatekey
- name: print publickey
debug:
msg: "{{ wireguard_publickey.stdout_lines[0] }}"
- name: Generate WireGuard configuration
template:
src: wireguard.conf.j2
dest: /etc/wireguard/wg0.conf
vars:
interface_address: "{{ wireguard_peer_ip }}"
listen_port: " {{ main_wireguard_port }} "
private_key: "{{ wireguard_privatekey.stdout_lines[0] }}"
allowed_ips: "10.0.9.0/24"
peer_public_key: "{{ main_wireguard_public_key }}"
endpoint: "{{ main_wireguard_ip }}:{{ main_wireguard_port }}"
persistent_keepalive: 25
- name: enable and start wireguard service
systemd:
name: "wg-quick@wg0"
state: started
enabled: yes

0
roles/bespoke/templates/wireguard.conf.j2 → roles/wireguard/templates/wireguard.conf.j2
View File