kjuulh/wireguard-setup
1
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

Refactor

Browse Source
This commit is contained in:
Héctor Molinero Fernández 2020-01-30 21:33:16 +01:00
parent 1abc1d8631
commit 26b9228cf7
21 changed files with 123 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
packer/.gitignore vendored Normal file
View File

@ -0,0 +1,6 @@
packer_cache/
dist/
*.box
crash.log

0
wireguard.build.pkr.hcl → packer/build.pkr.hcl
View File

0
qemu/http/seed/meta-data → packer/qemu/http/seed/meta-data
View File

0
qemu/http/seed/user-data → packer/qemu/http/seed/user-data
View File

0
qemu/start-vm.sh → packer/qemu/start-vm.sh
View File

0
rootfs/etc/apt/apt.conf.d/20auto-upgrades → packer/rootfs/etc/apt/apt.conf.d/20auto-upgrades
View File

0
rootfs/etc/apt/apt.conf.d/50unattended-upgrades → packer/rootfs/etc/apt/apt.conf.d/50unattended-upgrades
View File

0
rootfs/etc/fail2ban/jail.d/sshd.conf → packer/rootfs/etc/fail2ban/jail.d/sshd.conf
View File

0
rootfs/etc/ssh/sshd_config → packer/rootfs/etc/ssh/sshd_config
View File

0
rootfs/etc/unbound/unbound.conf → packer/rootfs/etc/unbound/unbound.conf
View File

0
rootfs/etc/wireguard/client-sample.conf → packer/rootfs/etc/wireguard/client-sample.conf
View File

0
rootfs/etc/wireguard/wg0-peers.conf → packer/rootfs/etc/wireguard/wg0-peers.conf
View File

0
rootfs/etc/wireguard/wg0.conf → packer/rootfs/etc/wireguard/wg0.conf
View File

4
wireguard.sources.pkr.hcl → packer/sources.pkr.hcl
View File

@ -21,8 +21,8 @@ source "qemu" "main" {
disk_image = true disk_image = true
vm_name = "wireguard.qcow2" vm_name = "wireguard.qcow2"
http_directory = "./qemu/http/" http_directory = "{{template_dir}}/qemu/http/"
output_directory = "./qemu/dist/" output_directory = "{{template_dir}}/qemu/dist/"
accelerator = "kvm" accelerator = "kvm"
cpus = 1 cpus = 1

9
.gitignore → terraform/.gitignore vendored
View File

@ -1,10 +1,13 @@
**/dist/* .terraform/
**/packer_cache/*
**/.terraform/*
*.tfstate *.tfstate
*.tfstate.* *.tfstate.*
terraform.tfvars
override.tf override.tf
override.tf.json override.tf.json
*_override.tf *_override.tf
*_override.tf.json *_override.tf.json
crash.log crash.log

30
terraform/main.tf Normal file
View File

@ -0,0 +1,30 @@
provider "hcloud" {
token = var.hcloud_api_token
}
data "hcloud_image" "wg_image" {
with_selector = "service=wireguard"
most_recent = true
}
resource "hcloud_ssh_key" "wg_server_ssh_key" {
public_key = var.wg_server_ssh_publickey
name = var.wg_server_ssh_publickey_name
}
resource "hcloud_server" "wg_server" {
image = data.hcloud_image.wg_image.id
name = var.wg_server_name
server_type = var.wg_server_type
location = var.wg_server_location
labels = {
service = "wireguard"
}
ssh_keys = [
hcloud_ssh_key.wg_server_ssh_key.id
]
user_data = templatefile("${path.module}/templates/user-data.tpl", {
wg_server_own_privatekey = var.wg_server_own_privatekey
wg_server_peer_publickeys = var.wg_server_peer_publickeys
})
}

9
terraform/outputs.tf Normal file
View File

@ -0,0 +1,9 @@
output "wg_server_ipv4_address" {
value = hcloud_server.wg_server.ipv4_address
description = "IPv4 address"
}
output "wg_server_ipv6_address" {
value = hcloud_server.wg_server.ipv6_address
description = "IPv6 address"
}

17
terraform/templates/user-data.tpl Normal file
View File

@ -0,0 +1,17 @@
#cloud-config
write_files:
- path: "/etc/wireguard/wg0-privatekey"
owner: "root:root"
permissions: "0600"
content: |
${wg_server_own_privatekey}
- path: "/etc/wireguard/wg0-peers.conf"
owner: "root:root"
permissions: "0644"
content: |
%{~ for index, pubkey in wg_server_peer_publickeys ~}
[Peer]
PublicKey = ${pubkey}
AllowedIPs = 10.10.10.${index+2}/32, fd10:10:10::${index+2}/128
%{~ endfor ~}

11
terraform/terraform.tfvars.sample Normal file
View File

@ -0,0 +1,11 @@
hcloud_api_token = ""
wg_server_name = ""
wg_server_type = ""
wg_server_location = ""
wg_server_ssh_publickey = ""
wg_server_ssh_publickey_name = ""
wg_server_own_privatekey = ""
wg_server_peer_publickeys = []

42
terraform/variables.tf Normal file
View File

@ -0,0 +1,42 @@
variable "hcloud_api_token" {
type = string
description = "Hetzner Cloud API token"
}
variable "wg_server_name" {
type = string
description = "Server name"
default = "wireguard"
}
variable "wg_server_type" {
type = string
description = "Server type"
default = "cx11"
}
variable "wg_server_location" {
type = string
description = "Server location"
default = "fsn1"
}
variable "wg_server_ssh_publickey" {
type = string
description = "SSH public key"
}
variable "wg_server_ssh_publickey_name" {
type = string
description = "SSH public key name"
}
variable "wg_server_own_privatekey" {
type = string
description = "WireGuard private key"
}
variable "wg_server_peer_publickeys" {
type = list(string)
description = "WireGuard peer public keys"
}

35
wireguard.tf
View File

@ -1,35 +0,0 @@
variable "hcloud_token" {
type = string
}
provider "hcloud" {
token = var.hcloud_token
}
data "hcloud_image" "wireguard" {
with_selector = "service=wireguard"
most_recent = true
}
data "hcloud_ssh_key" "hectorm" {
fingerprint = "a1:92:f2:2b:57:5e:cc:9c:5a:0c:f4:33:79:db:b6:56"
}
resource "hcloud_server" "wireguard" {
name = "wireguard"
image = data.hcloud_image.wireguard.id
server_type = "cx11"
location = "fsn1"
keep_disk = true
backups = false
labels = {
service = "wireguard"
}
ssh_keys = [
data.hcloud_ssh_key.hectorm.id
]
}
output "wireguard_server_ipv4_address" {
value = hcloud_server.wireguard.ipv4_address
}