58 lines
1.6 KiB
Markdown
58 lines
1.6 KiB
Markdown
# Ansible role for creating a Wireguard-based mesh network
|
|
|
|
An Ansible role to automate the creation of a Wireguard-based mesh network, allowing servers to communicate between each other using a private, secure VPN without the need for a central node.
|
|
|
|
The role uses the `wg-quick` control which is also exposed via a Systemd service, such that the interface can be brought up automatically on boot. After the mesh network is created, connectivity is verified with a ping task. If you are behind NAT or a stateful firewall, you might need to set `PersistentKeepalive`.
|
|
|
|
## Example Playbook
|
|
|
|
```
|
|
---
|
|
- name: Wireguard
|
|
hosts: all
|
|
any_errors_fatal: true
|
|
gather_facts: yes
|
|
become: true
|
|
roles:
|
|
- create-wireguard-mesh-network
|
|
```
|
|
|
|
## Example inventory
|
|
|
|
```
|
|
all:
|
|
hosts:
|
|
your-host-1:
|
|
pipelining: true
|
|
ansible_ssh_user: root
|
|
ansible_host: 172.0.0.1
|
|
ansible_ssh_port: 22
|
|
|
|
wireguard_ip: 10.1.0.1
|
|
|
|
your-host-2:
|
|
pipelining: true
|
|
ansible_ssh_user: root
|
|
ansible_host: 172.0.0.2
|
|
ansible_ssh_port: 22
|
|
|
|
wireguard_ip: 10.2.0.1
|
|
|
|
your-host-3:
|
|
pipelining: true
|
|
ansible_ssh_user: root
|
|
ansible_host: 172.0.0.3
|
|
ansible_ssh_port: 22
|
|
|
|
wireguard_ip: 10.3.0.1
|
|
|
|
vars:
|
|
ansible_become_method: su
|
|
wireguard_mask_bits: 24
|
|
wireguard_port: 51871
|
|
```
|
|
|
|
## Credits
|
|
|
|
This role is based on [Tyler-OBrien/wireguard-mesh-network-ansible](https://github.com/Tyler-OBrien/wireguard-mesh-network-ansible), which is based on [jawher/automation-wireguard](https://github.com/jawher/automation-wireguard).
|