diff --git a/ansible/buildHomelab.yaml b/ansible/buildHomelab.yaml index 98fc3b0..fd4475c 100644 --- a/ansible/buildHomelab.yaml +++ b/ansible/buildHomelab.yaml @@ -49,32 +49,13 @@ backup: true tags: docker - - name: Setup bastion hosts: bastion vars: tags: - bastion - tasks: - - name: Enable IP forwarding - ansible.builtin.lineinfile: - path: /etc/sysctl.conf - regexp: '^#?.*net\.ipv4\.ip_forward=' - line: 'net.ipv4.ip_forward=1' - - name: Install Wireguard - ansible.builtin.package: - name: wireguard - state: present - - name: Shutdown Wireguard (remove iptables rules) - ansible.builtin.shell: wg-quick down wg0 - ignore_errors: true - - name: Copy Wireguard config - ansible.builtin.template: - src: assets/{{ inventory_hostname }}/wg0.conf.j2 - dest: /etc/wireguard/wg0.conf - backup: true - - name: Enable Wireguard int - ansible.builtin.shell: wg-quick up wg0 + roles: + - bastion #- name: Setup Docker hosts # hosts: @@ -140,8 +121,10 @@ - name: Local server Wireguard hosts: - docker-ext + tags: + - bastion tasks: - - name: "docker-ext Wireguard" + - name: "Local server Wireguard" ansible.builtin.template: src: assets/{{ inventory_hostname }}/wg0.conf.j2 dest: /etc/wireguard/wg0.conf diff --git a/ansible/roles/bastion/tasks/main.yml b/ansible/roles/bastion/tasks/main.yml new file mode 100644 index 0000000..1b0254d --- /dev/null +++ b/ansible/roles/bastion/tasks/main.yml @@ -0,0 +1,19 @@ +- name: Enable IP forwarding + ansible.builtin.lineinfile: + path: /etc/sysctl.conf + regexp: '^#?.*net\.ipv4\.ip_forward=' + line: 'net.ipv4.ip_forward=1' +- name: Install Wireguard + ansible.builtin.package: + name: wireguard + state: present +- name: Shutdown Wireguard (remove iptables rules) + ansible.builtin.shell: wg-quick down wg0 + ignore_errors: true +- name: Copy Wireguard config + ansible.builtin.template: + src: assets/{{ inventory_hostname }}/wg0.conf.j2 + dest: /etc/wireguard/wg0.conf + backup: true +- name: Enable Wireguard int + ansible.builtin.shell: wg-quick up wg0