add hatecomputers role!

author: Elizabeth Hunt <elizabeth.hunt@simponic.xyz> 2024-03-18 17:04:18 -0400
committer: Elizabeth Hunt <elizabeth.hunt@simponic.xyz> 2024-03-18 17:04:18 -0400
commit: b81bfc5a294b5bd437a09bced94a670928a822b9 (patch)
tree: d6a3b71312f315fc377d3985fe7dab1054569dfe /roles
parent: 4e93a081f87298948ef706ed2dc9d32d989bc8b8 (diff)
download: oldinfra-b81bfc5a294b5bd437a09bced94a670928a822b9.tar.gz
oldinfra-b81bfc5a294b5bd437a09bced94a670928a822b9.zip
2 files changed, 34 insertions, 0 deletions
diff --git a/roles/hatecomputers/files/.gitignore b/roles/hatecomputers/files/.gitignore
new file mode 100644
index 0000000..5571ff7
--- /dev/null
+++ b/roles/hatecomputers/files/.gitignore
@@ -0,0 +1 @@
+wireguard.cfg
diff --git a/roles/hatecomputers/tasks/main.yml b/roles/hatecomputers/tasks/main.yml
new file mode 100644
index 0000000..7eac0f4
--- /dev/null
+++ b/roles/hatecomputers/tasks/main.yml
@@ -0,0 +1,33 @@
+- name: install wireguard
+  apt:
+    name:
+      - wireguard
+    state: latest
+
+- name: copy config
+  ansible.builtin.copy:
+    src: ../files/wireguard.cfg
+    dest: /etc/wireguard/hatecomputers.conf
+    owner: root
+    group: root
+    mode: 0600
+
+- name: enable and persist ip forwarding
+  sysctl:
+    name: net.ipv4.ip_forward
+    value: "1"
+    state: present
+    sysctl_set: yes
+    reload: yes
+
+- name: start wireguard and enable on boot
+  systemd:
+    name: wg-quick@hatecomputers
+    enabled: yes
+    state: started
+
+- name: allow wireguard endpoint ufw
+  ufw:
+    rule: allow
+    port: '51820'
+    proto: 'udp'
author	Elizabeth Hunt <elizabeth.hunt@simponic.xyz>	2024-03-18 17:04:18 -0400
committer	Elizabeth Hunt <elizabeth.hunt@simponic.xyz>	2024-03-18 17:04:18 -0400
commit	b81bfc5a294b5bd437a09bced94a670928a822b9 (patch)
tree	d6a3b71312f315fc377d3985fe7dab1054569dfe /roles
parent	4e93a081f87298948ef706ed2dc9d32d989bc8b8 (diff)
download	oldinfra-b81bfc5a294b5bd437a09bced94a670928a822b9.tar.gz oldinfra-b81bfc5a294b5bd437a09bced94a670928a822b9.zip