lablabs / ansible-collection-wireguard Goto Github PK
View Code? Open in Web Editor NEWAnsible Collection to deploy Wireguard server
Home Page: https://galaxy.ansible.com/lablabs/wireguard
License: Apache License 2.0
Ansible Collection to deploy Wireguard server
Home Page: https://galaxy.ansible.com/lablabs/wireguard
License: Apache License 2.0
Could the contributors please provide a sample hosts file? When going through the role tasks and comparing them to the default parameters it is unclear which host is designated as the server with the 10.213.213.1 IP and which is designated as the client with 10.213.213.2, .3, .4, .... .254.
Feature Idea
Variable wireguard_out_interface
is nowhere defined nor mentioned anywhere in the documentation, this causes this following error:
TASK [Setup ipv4 IP forward] ***************************************************
fatal: [bastion]: FAILED! => {"changed": false, "msg": "Failed to reload sysctl: fs.protected_hardlinks = 1\nfs.protected_symlinks = 1\nfs.suid_dumpable = 0\nkernel.core_uses_pid = 1\nkernel.kptr_restrict = 2\nkernel.kexec_load_disabled = 1\nkernel.sysrq = 0\nkernel.randomize_va_space = 2\nkernel.yama.ptrace_scope = 1\nnet.ipv4.ip_forward = 1\nnet.ipv6.conf.all.forwarding = 0\nnet.ipv4.conf.all.rp_filter = 1\nnet.ipv4.conf.default.rp_filter = 1\nnet.ipv4.icmp_echo_ignore_broadcasts = 1\nnet.ipv4.icmp_ignore_bogus_error_responses = 1\nnet.ipv4.icmp_ratelimit = 100\nnet.ipv4.icmp_ratemask = 88089\nnet.ipv4.tcp_timestamps = 0\nnet.ipv4.conf.all.arp_ignore = 1\nnet.ipv4.conf.all.arp_announce = 2\nnet.ipv4.tcp_rfc1337 = 1\nnet.ipv4.tcp_syncookies = 1\nnet.ipv4.conf.all.shared_media = 1\nnet.ipv4.conf.default.shared_media = 1\nnet.ipv4.conf.all.accept_source_route = 0\nnet.ipv4.conf.default.accept_source_route = 0\nnet.ipv6.conf.all.accept_source_route = 0\nnet.ipv6.conf.default.accept_source_route = 0\nnet.ipv4.conf.all.send_redirects = 0\nnet.ipv4.conf.default.send_redirects = 0\nnet.ipv4.conf.all.log_martians = 1\nnet.ipv4.conf.default.log_martians = 1\nnet.ipv4.conf.default.accept_redirects = 0\nnet.ipv4.conf.all.accept_redirects = 0\nnet.ipv4.conf.all.secure_redirects = 0\nnet.ipv4.conf.default.secure_redirects = 0\nnet.ipv6.conf.default.accept_redirects = 0\nnet.ipv6.conf.all.accept_redirects = 0\nnet.ipv6.conf.all.accept_ra = 0\nnet.ipv6.conf.default.accept_ra = 0\nnet.ipv6.conf.default.router_solicitations = 0\nnet.ipv6.conf.default.accept_ra_rtr_pref = 0\nnet.ipv6.conf.default.accept_ra_pinfo = 0\nnet.ipv6.conf.default.accept_ra_defrtr = 0\nnet.ipv6.conf.default.autoconf = 0\nnet.ipv6.conf.default.dad_transmits = 0\nnet.ipv6.conf.default.max_addresses = 1\nvm.mmap_min_addr = 65536\nvm.mmap_rnd_bits = 32\nvm.mmap_rnd_compat_bits = 16\nkernel.unprivileged_bpf_disabled = 1\nfs.protected_fifos = 1\nfs.protected_regular = 2\nnet.ipv6.conf.all.router_solicitations = 0\nnet.ipv6.conf.all.autoconf = 0\nsysctl: cannot stat /proc/sys/kernel/unprivileged_userns_clone: No such file or directory\n"}
Bug Report
โ> ansible --version
ansible [core 2.15.0]
config file = None
configured module search path = ['/Users/thunderysteak/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.11/site-packages/ansible
ansible collection location = /Users/thunderysteak/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/local/bin/ansible
python version = 3.11.3 (main, Apr 7 2023, 19:25:52) [Clang 14.0.0 (clang-1400.0.29.202)] (/usr/local/opt/[email protected]/bin/python3.11)
jinja version = 3.1.2
libyaml = True
Using the default example playbook vars and running the playbook on Rocky Linux 8 system produces the result
# - name: Run Security hardening
# import_playbook: lablabs.wireguard.security
# tags: security
- name: Install and configure Wireguard
import_playbook: lablabs.wireguard.wireguard
tags: wireguard
When the missing variable is added, playbook finishes successfully
TASK [Setup MASQUERADE for server access through vpn server] *******************
changed: [bastion] => {"chain": "POSTROUTING", "chain_management": false, "changed": true, "flush": false, "ip_version": "ipv4", "rule": "-s 10.213.213.0/24 -j MASQUERADE -o enp0s8", "state": "present", "table": "nat"}
TASK [Save current state of the firewall in system file] ***********************
changed: [bastion] => {"changed": true, "cmd": "/sbin/iptables-save", "initial_state": ["# Generated by iptables-save v1.8.4", "*nat", ":PREROUTING ACCEPT [0:0]", ":INPUT ACCEPT [0:0]", ":POSTROUTING ACCEPT [0:0]", ":OUTPUT ACCEPT [0:0]", "-A POSTROUTING -s 10.213.213.0/24 -o eth0 -j MASQUERADE", "-A POSTROUTING -s 10.213.213.0/24 -o enp0s8 -j MASQUERADE", "COMMIT", "# Completed"], "saved": ["# Generated by iptables-save v1.8.4", "*nat", ":PREROUTING ACCEPT [0:0]", ":INPUT ACCEPT [0:0]", ":POSTROUTING ACCEPT [0:0]", ":OUTPUT ACCEPT [0:0]", "-A POSTROUTING -s 10.213.213.0/24 -o eth0 -j MASQUERADE", "-A POSTROUTING -s 10.213.213.0/24 -o enp0s8 -j MASQUERADE", "COMMIT", "# Completed"], "tables": {"nat": [":PREROUTING ACCEPT", ":INPUT ACCEPT", ":POSTROUTING ACCEPT", ":OUTPUT ACCEPT", "-A POSTROUTING -s 10.213.213.0/24 -o eth0 -j MASQUERADE", "-A POSTROUTING -s 10.213.213.0/24 -o enp0s8 -j MASQUERADE"]}}
TASK [Setup ipv4 IP forward] ***************************************************
ok: [bastion] => {"changed": false}
PLAY RECAP *********************************************************************
bastion : ok=31 changed=2 unreachable=0 failed=0 skipped=7 rescued=0 ignored=0
TASK [Save current state of the firewall in system file] ***********************
changed: [bastion] => {"changed": true, "cmd": "/sbin/iptables-save", "initial_state": ["# Generated by iptables-save v1.8.4", "*nat", ":PREROUTING ACCEPT [0:0]", ":INPUT ACCEPT [0:0]", ":POSTROUTING ACCEPT [0:0]", ":OUTPUT ACCEPT [0:0]", "-A POSTROUTING -s 10.213.213.0/24 -o eth0 -j MASQUERADE", "COMMIT", "# Completed"], "saved": ["# Generated by iptables-save v1.8.4", "*nat", ":PREROUTING ACCEPT [0:0]", ":INPUT ACCEPT [0:0]", ":POSTROUTING ACCEPT [0:0]", ":OUTPUT ACCEPT [0:0]", "-A POSTROUTING -s 10.213.213.0/24 -o eth0 -j MASQUERADE", "COMMIT", "# Completed"], "tables": {"nat": [":PREROUTING ACCEPT", ":INPUT ACCEPT", ":POSTROUTING ACCEPT", ":OUTPUT ACCEPT", "-A POSTROUTING -s 10.213.213.0/24 -o eth0 -j MASQUERADE"]}}
TASK [Setup ipv4 IP forward] ***************************************************
fatal: [bastion]: FAILED! => {"changed": false, "msg": "Failed to reload sysctl: fs.protected_hardlinks = 1\nfs.protected_symlinks = 1\nfs.suid_dumpable = 0\nkernel.core_uses_pid = 1\nkernel.kptr_restrict = 2\nkernel.kexec_load_disabled = 1\nkernel.sysrq = 0\nkernel.randomize_va_space = 2\nkernel.yama.ptrace_scope = 1\nnet.ipv4.ip_forward = 1\nnet.ipv6.conf.all.forwarding = 0\nnet.ipv4.conf.all.rp_filter = 1\nnet.ipv4.conf.default.rp_filter = 1\nnet.ipv4.icmp_echo_ignore_broadcasts = 1\nnet.ipv4.icmp_ignore_bogus_error_responses = 1\nnet.ipv4.icmp_ratelimit = 100\nnet.ipv4.icmp_ratemask = 88089\nnet.ipv4.tcp_timestamps = 0\nnet.ipv4.conf.all.arp_ignore = 1\nnet.ipv4.conf.all.arp_announce = 2\nnet.ipv4.tcp_rfc1337 = 1\nnet.ipv4.tcp_syncookies = 1\nnet.ipv4.conf.all.shared_media = 1\nnet.ipv4.conf.default.shared_media = 1\nnet.ipv4.conf.all.accept_source_route = 0\nnet.ipv4.conf.default.accept_source_route = 0\nnet.ipv6.conf.all.accept_source_route = 0\nnet.ipv6.conf.default.accept_source_route = 0\nnet.ipv4.conf.all.send_redirects = 0\nnet.ipv4.conf.default.send_redirects = 0\nnet.ipv4.conf.all.log_martians = 1\nnet.ipv4.conf.default.log_martians = 1\nnet.ipv4.conf.default.accept_redirects = 0\nnet.ipv4.conf.all.accept_redirects = 0\nnet.ipv4.conf.all.secure_redirects = 0\nnet.ipv4.conf.default.secure_redirects = 0\nnet.ipv6.conf.default.accept_redirects = 0\nnet.ipv6.conf.all.accept_redirects = 0\nnet.ipv6.conf.all.accept_ra = 0\nnet.ipv6.conf.default.accept_ra = 0\nnet.ipv6.conf.default.router_solicitations = 0\nnet.ipv6.conf.default.accept_ra_rtr_pref = 0\nnet.ipv6.conf.default.accept_ra_pinfo = 0\nnet.ipv6.conf.default.accept_ra_defrtr = 0\nnet.ipv6.conf.default.autoconf = 0\nnet.ipv6.conf.default.dad_transmits = 0\nnet.ipv6.conf.default.max_addresses = 1\nvm.mmap_min_addr = 65536\nvm.mmap_rnd_bits = 32\nvm.mmap_rnd_compat_bits = 16\nkernel.unprivileged_bpf_disabled = 1\nfs.protected_fifos = 1\nfs.protected_regular = 2\nnet.ipv6.conf.all.router_solicitations = 0\nnet.ipv6.conf.all.autoconf = 0\nsysctl: cannot stat /proc/sys/kernel/unprivileged_userns_clone: No such file or directory\n"}
PLAY RECAP *********************************************************************
bastion : ok=30 changed=2 unreachable=0 failed=1 skipped=7 rescued=0 ignored=0
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.