[Update] Add config for wireguard + somes script for generating keys

Config_H1_Ping_H2.yml

@@ -2,7 +2,7 @@
 - name: Configuration et démarrage des interfaces réseau
   hosts: all
   become: true
-  tasks:
+  tasks:    
     - name: Rename hosts
       command: hostnamectl set-hostname {{ inventory_hostname }}
       notify: rename_finish

Config_Labo.sh

-#!/bin/bash
-
-ls -al
\ No newline at end of file

Config_Playbook.yml

@@ -3,14 +3,11 @@
   hosts: all
   become: true
   tasks:
+    - name: Load the variables
+      include_vars: variables.yml
+
     - name: Rename hosts
       command: hostnamectl set-hostname {{ inventory_hostname }}
-      notify: rename_finish
-  
-  handlers:
-    - name: rename_finish
-      debug:
-        msg: "I can handle dates"
     
 - name: Setup network for Hosts
   hosts: hotes
@@ -18,11 +15,9 @@
   tasks:
     - name: "Create file interface in interfaces.d"
       ansible.builtin.template:
-        src: ./interfaces_H.j2
+        src: ./templates/host_config_template.j2
         dest: /etc/network/interfaces.d/interfaces_playbook.conf
         mode: 0640
-    - name: Restart interfaces hosts
-      shell: "ifdown --force eth0"
 
 - name: Setup network for Routers
   hosts: routeurs
@@ -30,7 +25,7 @@
   tasks:
     - name: "Create file interface in interfaces.d"
       ansible.builtin.template:
-        src: ./interfaces_R.j2
+        src: ./templates/router_config_template.j2
         dest: /etc/network/interfaces.d/interfaces_playbook.conf
         mode: 0640
     - name: "Set ip_forwarding to 1"
@@ -39,19 +34,11 @@
         value: '1'
         sysctl_set: true
         state: present
-    - name: Restart interfaces hosts
-      shell: "ifdown --force eth0 eth1"
-
 
 - name: Configuration et démarrage des interfaces réseau
   hosts: all
   become: true
   tasks:
-    - name: Restart interfaces hosts
-      shell: "ifup -a --ignore-errors"
-      notify: start network
-
-  handlers:
     - name: start network
       service:
         name: networking

Config_Wireguard.yml

+---
+
+- name: Rename all hosts
+  hosts: all
+  become: true
+  
+  tasks:
+    - name: Load the variables
+      include_vars: variables.yml
+
+    - name: Load the keys
+      include_vars: keys.yml
+
+    - name: Rename hosts
+      command: hostnamectl set-hostname {{ inventory_hostname }}
+    
+- name: Setup network for Hosts
+  hosts: hotes
+  become: yes
+  tasks:
+    - name: "Create file interface in interfaces.d for hosts"
+      ansible.builtin.template:
+        src: ./templates/host_config_template.j2
+        dest: /etc/network/interfaces.d/interfaces_playbook.conf
+        mode: 0640
+      notify: Restart network
+  handlers:
+    - name: Restart network
+      ansible.builtin.service:
+        name: networking
+        state: restarted
+        enabled: yes
+
+- name: Setup network for Routers
+  hosts: routeurs
+  become: yes
+  tasks:
+    - name: "Create file interface in interfaces.d for routers"
+      ansible.builtin.template:
+        src: ./templates/router_config_template.j2
+        dest: /etc/network/interfaces.d/interfaces_playbook.conf
+        mode: 0640
+      notify: Restart network
+    - name: "Set ip_forwarding to 1"
+      ansible.posix.sysctl:
+        name: net.ipv4.ip_forward
+        value: '1'
+        sysctl_set: true
+        state: present
+  handlers:
+    - name: Restart network
+      ansible.builtin.service:
+        name: networking
+        state: restarted
+        enabled: yes
+
+- name: Install all needed program
+  hosts: hotes
+  become: true
+  tasks:
+    - name: Give internet to host
+      ansible.builtin.shell:
+        cmd: "ip r add default nexthop via 10.0.2.2"
+      # check_mode: yes
+      
+    - name: Install nginx and Wireguard
+      ansible.builtin.apt:
+        update_cache: yes
+      # check_mode: yes
+
+    - name: Install nginx and Wireguard
+      ansible.builtin.apt:
+        pkg: 
+          - nginx
+          - wireguard
+          - wireguard-tools
+          - iptables
+        state: present
+      # check_mode: yes
+    - name: Remove internet to host
+      ansible.builtin.shell:
+        cmd: "ip r del default"
+      # check_mode: yes
+        
+- name: Setup index.html on H2
+  hosts: H2
+  become: true
+  tasks:
+    - name: Setup page of nginx
+      ansible.builtin.template:
+        src: ./templates/index_template.j2
+        dest: /var/www/index.html
+        mode: 0640
+
+    - name: Setup config of nginx
+      ansible.builtin.template:
+        src: ./templates/nginx_config_template.j2
+        dest: /etc/nginx/sites-enabled/web_site
+        mode: 0640
+
+    - name: Setup VPN Wireguard H2
+      ansible.builtin.template:
+        src: ./templates/wireguard_config_template_H2.j2
+        dest: /etc/wireguard/wg0.conf
+        mode: 0640
+
+- name: Setup index.html on H2
+  hosts: H1
+  become: true
+  tasks:
+    - name: Setup VPN Wireguard H1
+      ansible.builtin.template:
+        src: ./templates/wireguard_config_template_H1.j2
+        dest: /etc/wireguard/wg0.conf
+        mode: 0640
+
+- name: Start wireguard for all hosts
+  hosts: hotes
+  become: true
+  tasks:
+    - name: Start wg-quick
+      ansible.builtin.shell:
+        cmd: "wg-quick up wg0"
+      
+
+...
\ No newline at end of file

Create_WG_Keys.sh

+#!/bin/bash
+
+# Create Key for H2
+wg genkey > privkey_H2
+wg pubkey < privkey_H2 > pubkey_H2
+cat pubkey_H2 | xargs -i ansible-vault encrypt_string --vault-password-file vault_file {} --output pubkey_H2
+cat privkey_H2 | xargs -i ansible-vault encrypt_string --vault-password-file vault_file {} --output privkey_H2
+
+# Create Key for H1
+wg genkey > privkey_H1
+wg pubkey < privkey_H1 > pubkey_H1
+cat pubkey_H1 | xargs -i ansible-vault encrypt_string --vault-password-file vault_file {} --output pubkey_H1
+cat privkey_H1 | xargs -i ansible-vault encrypt_string --vault-password-file vault_file {} --output privkey_H1
+
+
+# echo "H2:" > keys.yml
+echo "---" > keys.yml
+echo "keys:" >> keys.yml
+echo "  H2PRIV: $(cat privkey_H2 )" >> keys.yml
+echo "  H2PUB: $(cat pubkey_H2 )" >> keys.yml
+# echo "H1:" >> keys.yml
+echo "  H1PRIV: $(cat privkey_H1 )" >> keys.yml
+echo "  H1PUB: $(cat pubkey_H1 )" >> keys.yml
\ No newline at end of file

interfaces_H.j2

-auto {{ ifname }}
-iface {{ ifname }} inet static
- address {{ ifip }}
- netmask {{ ifcidr }}
- post-up ip route add default via {{ ifgw }}

interfaces_R.j2

-auto {{ ifname }}
-iface {{ ifname }} inet static
- address {{ ifip }}
- netmask {{ ifcidr }}
-
-auto {{ ifname2 }}
-iface {{ ifname2 }} inet static
- address {{ ifip2 }}
- netmask {{ ifcidr2 }}
- {% if Rname != "R2" %}
-post-up ip route add 3.0.0.0/24 nexthop via {{ ifgw }}
- {% endif %}
- {% if Rname != "R1" %}
-post-up ip route add 1.0.0.0/24 nexthop via {{ ifgw2 }}
- {% endif %}

inventory.ini

+[hotes]
+H1
+H2
+
+[routeurs]
+R1
+R2 
+
+[H1]
+H1
+
+[H2]
+H2
+
+[R1]
+R1
+
+[R2]
+R2

inventory.yml

-H1
-H2
-R1
-R1
\ No newline at end of file

keys.yml

+---
+keys:
+  H2PRIV: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          31386336306239306362656331663334636536343265313963303264316530353338393561373933
+          3031336435363763353239393466306330613337623362610a393434623433653333316637636662
+          38313466353530323736306631316362323636316439363338613734386461613131373732323061
+          6638313732326334640a313265363237396230356633313732376363383466626363653439363534
+          63376361666163616163373963343062373532336138356462323432633539663532666531663732
+          3834646332653535373934326332656531396331356363373837
+  H2PUB: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          64393936666138393862333665626537353062646464656630313061636365333465623039303230
+          6435373035646636663834326131346562383238343563650a383332656362373234393530663564
+          33323363613335343564393434383035666464343165353932316330373230616137353161623265
+          3064313761633235640a376534383032626363633962333361346531623662383232303636356365
+          63393737653163323837643137333566313238373030616333326436666562323435666466353034
+          3863663730386133643064623139643632303135333537386632
+  H1PRIV: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          34373063623932653339323164663466373437363834313736353265323761653731396563643934
+          3630303136393130343034366666306139653364343933320a646466343766333661636666653161
+          30336331623561646336633837386366306262393237313339653938303138643962393132303066
+          6437623462613538620a396465626465356432666431663530353330613065396539633264626335
+          31316634363565326536336666343966623962323162336432303732373262313630653235373466
+          3864333137393839393362656161323833396465373232326530
+  H1PUB: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          63353464353631346139663931356165363164346531326463303034363738643834323465636534
+          3663356261303839616532653633613039383033613234350a353533376266333165663830386339
+          34333832393461346634613636353233613936303062376439393438663034653234646263376264
+          3939636333343536350a393963353561343930306535646165613333386131373364373231346238
+          61626532346462346134333237383436333265636662316662616262343833633766313264396365
+          6233313335626632363166366536393739366365386264383533

nft.sh

+#!/usr/sbin/nft -f
+
+table ip filter {
+	chain FORWARD {
+		type filter hook forward priority 0; policy accept;
+		iifname "wg0" counter accept
+	}
+
+	chain POSTROUTING {
+		type filter hook postrouting priority 0; policy accept;
+        oifname "eth0" counter masquerade
+	}
+}

privkey_H1

+!vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          34373063623932653339323164663466373437363834313736353265323761653731396563643934
+          3630303136393130343034366666306139653364343933320a646466343766333661636666653161
+          30336331623561646336633837386366306262393237313339653938303138643962393132303066
+          6437623462613538620a396465626465356432666431663530353330613065396539633264626335
+          31316634363565326536336666343966623962323162336432303732373262313630653235373466
+          3864333137393839393362656161323833396465373232326530
\ No newline at end of file

privkey_H2

+!vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          31386336306239306362656331663334636536343265313963303264316530353338393561373933
+          3031336435363763353239393466306330613337623362610a393434623433653333316637636662
+          38313466353530323736306631316362323636316439363338613734386461613131373732323061
+          6638313732326334640a313265363237396230356633313732376363383466626363653439363534
+          63376361666163616163373963343062373532336138356462323432633539663532666531663732
+          3834646332653535373934326332656531396331356363373837
\ No newline at end of file

pubkey_H1

+!vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          63353464353631346139663931356165363164346531326463303034363738643834323465636534
+          3663356261303839616532653633613039383033613234350a353533376266333165663830386339
+          34333832393461346634613636353233613936303062376439393438663034653234646263376264
+          3939636333343536350a393963353561343930306535646165613333386131373364373231346238
+          61626532346462346134333237383436333265636662316662616262343833633766313264396365
+          6233313335626632363166366536393739366365386264383533
\ No newline at end of file

pubkey_H2

+!vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          64393936666138393862333665626537353062646464656630313061636365333465623039303230
+          6435373035646636663834326131346562383238343563650a383332656362373234393530663564
+          33323363613335343564393434383035666464343165353932316330373230616137353161623265
+          3064313761633235640a376534383032626363633962333361346531623662383232303636356365
+          63393737653163323837643137333566313238373030616333326436666562323435666466353034
+          3863663730386133643064623139643632303135333537386632
\ No newline at end of file

res

+!vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          34323537383365663838666331323431393337303565396339353930333239666636363036383362
+          6664653063393737353638303964616639336264373931350a626635376437636136666231303930
+          61313438346230373835616563323433633534343934393131613161353337656163643930626366
+          6261303163613732370a366636353564393036643264376135616166646166663438636436663462
+          36653865326135646362323166616332343363323461303831386331616662313363653831666664
+          3764666134353061313162336364396633353739333234373630
\ No newline at end of file

targets

-[hotes]
-H1
-H2 ifip="3.0.0.2" ifgw="3.0.0.1"
-
-[hotes:vars]
-ifname="eth0"
-ifip="1.0.0.2"
-ifcidr="255.255.255.0"
-ifgw="1.0.0.1"
-
-[routeurs]
-R1 ifip="1.0.0.1" ifgw="2.0.0.2" Rname="R1"
-R2 ifip2="2.0.0.2" ifgw2="2.0.0.1" Rname="R2"
-
-[routeurs:vars]
-ifname="eth1"
-ifip="3.0.0.1"
-ifcidr="255.255.255.0"
-ifgw="2.0.0.1"
-ifname2="eth0"
-ifip2="2.0.0.1"
-ifcidr2="255.255.255.0"
-ifgw2="1.0.0.2"
-Rname=""
-
-[H1]
-H1
-
-[H2]
-H2
-
-[R1]
-R1
-
-[R2]
-R2

templates/host_config_template.j2

+auto {{ all[inventory_hostname].ifname }}
+iface {{ all[inventory_hostname].ifname }} inet static
+ address {{ all[inventory_hostname].ifip }}
+ netmask {{ all[inventory_hostname].ifcidr }}
+ post-up ip route add {{ all[inventory_hostname].iftarget }} via {{ all[inventory_hostname].ifgw }}

templates/index_template.j2

+<!doctype html>
+<html>
+<head>
+    <meta charset="utf-8">
+    <title>{{ all[inventory_hostname].title }}</title>
+</head>
+<body>
+    <h1>{{ all[inventory_hostname].title }}</h1>
+    <p>This is the sample page</p>
+    <p>IP of server {{ all[inventory_hostname].ifip }}</p>
+</body>
+</html>
\ No newline at end of file

templates/interfaces_HH.j2

+auto {{ all[inventory_hostname].ifname }}
+iface {{ all[inventory_hostname].ifname }} inet static
+ address {{ all[inventory_hostname].ifip }}
+ netmask {{ all[inventory_hostname].ifcidr }}
+ post-up ip route add default via {{ all[inventory_hostname].ifgw }}