0
0
Ansible role for creating a Wireguard-based mesh network
Go to file
2023-11-13 20:39:43 +08:00
tasks Updated README.md + use .yaml 2023-11-13 20:39:43 +08:00
templates Inital commit 2023-11-08 01:13:53 +08:00
LICENSE Inital commit 2023-11-08 01:13:53 +08:00
README.md Updated README.md + use .yaml 2023-11-13 20:39:43 +08:00

Ansible role for creating a Wireguard-based mesh network

An Ansible role to automate the creation of a Wireguard-based mesh network, allowing servers to communicate between each other using a private, secure VPN without the need for a central node.

The role uses the wg-quick control which is also exposed via a Systemd service, such that the interface can be brought up automatically on boot. After the mesh network is created, connectivity is verified with a ping task. If you are behind NAT or a stateful firewall, you might need to set PersistentKeepalive.

Example Playbook

---
- name: Wireguard
  hosts: all	
  any_errors_fatal: true
  gather_facts: yes
  become: true
  roles:
    - create-wireguard-mesh-network

Example inventory

all:
  hosts:
    host1:
      ansible_host: 172.0.0.1
      wireguard_ip: 10.1.0.1

    host2:
      ansible_host: 172.0.0.2
      wireguard_ip: 10.2.0.1

    host3:
      ansible_host: 172.0.0.3
      wireguard_ip: 10.3.0.1

  vars:
    ansible_ssh_port: 22
    ansible_ssh_common_args: "-o StrictHostKeyChecking=no"
    ansible_ssh_user: root
    ansible_become_method: su
    wireguard_mask_bits: 24
    wireguard_port: 51871

Credits

This role is based on Tyler-OBrien/wireguard-mesh-network-ansible, which is based on jawher/automation-wireguard.