diff --git a/Config_Wireguard.yml b/Config_Wireguard.yml
index 874665642285675a3669410d644f25fe7c9bc685..9ace91007285a6e578856c2448f9ad086b28d39f 100644
--- a/Config_Wireguard.yml
+++ b/Config_Wireguard.yml
@@ -63,8 +63,10 @@
cmd: "ip r add default nexthop via 10.0.2.2"
# check_mode: yes
- - name: Install nginx and Wireguard
+ - name: Install update for install other programs
ansible.builtin.apt:
+ cache_valid_time: 86400
+ upgrade: yes
update_cache: yes
# check_mode: yes
@@ -75,6 +77,7 @@
- wireguard
- wireguard-tools
- iptables
+ - curl
state: present
# check_mode: yes
- name: Remove internet to host
@@ -86,23 +89,36 @@
hosts: H2
become: true
tasks:
+ - name: Setup VPN Wireguard H2
+ ansible.builtin.template:
+ src: ./templates/wireguard_config_template_H2.j2
+ dest: /etc/wireguard/wg0.conf
+ mode: 0640
+ notify: wg-quick
+
- name: Setup page of nginx
ansible.builtin.template:
src: ./templates/index_template.j2
- dest: /var/www/index.html
- mode: 0640
+ dest: /var/www/html/index.html
+ mode: 0777
- name: Setup config of nginx
ansible.builtin.template:
src: ./templates/nginx_config_template.j2
- dest: /etc/nginx/sites-enabled/web_site
+ dest: /etc/nginx/sites-available/default
mode: 0640
+ notify: Restart nginx
- - name: Setup VPN Wireguard H2
- ansible.builtin.template:
- src: ./templates/wireguard_config_template_H2.j2
- dest: /etc/wireguard/wg0.conf
- mode: 0640
+ handlers:
+ - name: wg-quick
+ ansible.builtin.shell:
+ cmd: "wg-quick up wg0 2>/dev/null"
+
+ - name: Restart nginx
+ ansible.builtin.service:
+ name: nginx
+ state: restarted
+ enabled: yes
- name: Setup index.html on H2
hosts: H1
@@ -113,14 +129,38 @@
src: ./templates/wireguard_config_template_H1.j2
dest: /etc/wireguard/wg0.conf
mode: 0640
+ notify: wg-quick
+
+ handlers:
+ - name: wg-quick
+ ansible.builtin.shell:
+ cmd: "wg-quick up wg0 2>/dev/null"
- name: Start wireguard for all hosts
hosts: hotes
become: true
tasks:
- - name: Start wg-quick
+ # - name: Start wg-quick
+ # ansible.builtin.shell:
+ # cmd: "wg-quick up wg0 2>/dev/null"
+ - name: Make curl to web server
ansible.builtin.shell:
- cmd: "wg-quick up wg0"
+ cmd: "curl http://10.0.0.1:80/index.html > index.html"
+
+- name: Test connectivity from H1 to H2
+ hosts: H1
+ tasks:
+ - name: Ping form H1 to H2
+ ansible.builtin.shell: "ping 10.0.0.1 -c 1"
+
+ - name: Check connectivity using curl
+ shell: "curl 10.0.0.1"
+ register: result
+ ignore_errors: true
+
+ - name: Print result
+ debug:
+ msg: "Connectivity test {{ 'succeeded' if result.rc == 0 else 'failed' }}."
...
\ No newline at end of file
diff --git a/templates/nginx_config_template.j2 b/templates/nginx_config_template.j2
index e1faa538ff7b8abecc23853b676fa4c8c08df2ee..f9ebd9c629243f741327bab7b54bb54ca65b5793 100644
--- a/templates/nginx_config_template.j2
+++ b/templates/nginx_config_template.j2
@@ -1,11 +1,11 @@
server {
- listen 10.0.0.0:80;
- listen 127.0.0.1:80;
+ listen 10.0.0.1:80;
+ server_name H2;
- server_name internal_web_site;
+ root /var/www/html;
+ index index.html;
- location / {
- root /var/www/;
- index index.html;
- }
+ location / {
+ try_files $uri $uri/ =404;
+ }
}
\ No newline at end of file
diff --git a/templates/wireguard_config_template_H2.j2 b/templates/wireguard_config_template_H2.j2
index 15de7a8bfb8e4d689eb2d3585925cc03243b4eda..7d292b61169c8579f8b46ae9d0529ee785d62e8d 100644
--- a/templates/wireguard_config_template_H2.j2
+++ b/templates/wireguard_config_template_H2.j2
@@ -2,12 +2,6 @@
Address = 10.0.0.1/24
PrivateKey = {{ keys["H2PRIV"] }}
ListenPort = 51820
-{# PostUp = nft -f nft.sh %i #}
-{# PostUp = nft add rule ip nat POSTROUTING oifname "eth0" counter masquerade;nft add rule ip filter FORWARD iifname "eth0" counter accept
-PostDown = nft del rule ip nat POSTROUTING oifname "eth0" counter masquerade;nft del rule ip filter FORWARD iifname "eth0" counter accept #}
-PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
-PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
-
[Peer]
PublicKey = {{ keys["H1PUB"] }}