Ansible role for creating a Wireguard-based mesh network
tasks | ||
templates | ||
LICENSE | ||
README.md |
Ansible role for creating a Wireguard-based mesh network
An Ansible role to automate the creation of a Wireguard-based mesh network, allowing servers to communicate between each other using a private, secure VPN without the need for a central node.
The role uses the wg-quick
control which is also exposed via a Systemd service, such that the interface can be brought up automatically on boot. After the mesh network is created, connectivity is verified with a ping task. If you are behind NAT or a stateful firewall, you might need to set PersistentKeepalive
.
Example Playbook
---
- name: Wireguard
hosts: all
any_errors_fatal: true
gather_facts: yes
become: true
roles:
- create-wireguard-mesh-network
Example inventory
all:
hosts:
host1:
ansible_host: 172.0.0.1
wireguard_ip: 10.1.0.1
host2:
ansible_host: 172.0.0.2
wireguard_ip: 10.2.0.1
host3:
ansible_host: 172.0.0.3
wireguard_ip: 10.3.0.1
vars:
ansible_ssh_port: 22
ansible_ssh_common_args: "-o StrictHostKeyChecking=no"
ansible_ssh_user: root
ansible_become_method: su
wireguard_mask_bits: 24
wireguard_port: 51871
Credits
This role is based on Tyler-OBrien/wireguard-mesh-network-ansible, which is based on jawher/automation-wireguard.