From 977eda2fe87fee1c9e0ff865fe7d6046165df43d Mon Sep 17 00:00:00 2001
From: poulpe <poulpe@localhost.localdomain>
Date: Sun, 2 Apr 2023 15:18:21 +0200
Subject: [PATCH] [Update] Add config for wireguard + somes script for
generating keys
---
Config_H1_Ping_H2.yml | 2 +-
Config_Labo.sh | 3 -
Config_Playbook.yml | 23 +---
Config_Wireguard.yml | 126 ++++++++++++++++++++++
Create_WG_Keys.sh | 23 ++++
interfaces_H.j2 | 5 -
interfaces_R.j2 | 15 ---
inventory.ini | 19 ++++
inventory.yml | 4 -
keys.yml | 34 ++++++
nft.sh | 13 +++
privkey_H1 | 8 ++
privkey_H2 | 8 ++
pubkey_H1 | 8 ++
pubkey_H2 | 8 ++
res | 8 ++
targets | 36 -------
templates/host_config_template.j2 | 5 +
templates/index_template.j2 | 12 +++
templates/interfaces_HH.j2 | 5 +
templates/interfaces_R.j2 | 15 +++
templates/nginx_config_template.j2 | 11 ++
templates/router_config_template.j2 | 15 +++
templates/wireguard_config_template_H1.j2 | 9 ++
templates/wireguard_config_template_H2.j2 | 14 +++
variables.yml | 32 ++++++
vault_file | 1 +
27 files changed, 380 insertions(+), 82 deletions(-)
delete mode 100644 Config_Labo.sh
create mode 100644 Config_Wireguard.yml
create mode 100644 Create_WG_Keys.sh
delete mode 100644 interfaces_H.j2
delete mode 100644 interfaces_R.j2
create mode 100644 inventory.ini
delete mode 100644 inventory.yml
create mode 100644 keys.yml
create mode 100644 nft.sh
create mode 100644 privkey_H1
create mode 100644 privkey_H2
create mode 100644 pubkey_H1
create mode 100644 pubkey_H2
create mode 100644 res
delete mode 100644 targets
create mode 100644 templates/host_config_template.j2
create mode 100644 templates/index_template.j2
create mode 100644 templates/interfaces_HH.j2
create mode 100644 templates/interfaces_R.j2
create mode 100644 templates/nginx_config_template.j2
create mode 100644 templates/router_config_template.j2
create mode 100644 templates/wireguard_config_template_H1.j2
create mode 100644 templates/wireguard_config_template_H2.j2
create mode 100644 variables.yml
create mode 100644 vault_file
diff --git a/Config_H1_Ping_H2.yml b/Config_H1_Ping_H2.yml
index 32f3a23..95eb76c 100644
--- a/Config_H1_Ping_H2.yml
+++ b/Config_H1_Ping_H2.yml
@@ -2,7 +2,7 @@
- name: Configuration et démarrage des interfaces réseau
hosts: all
become: true
- tasks:
+ tasks:
- name: Rename hosts
command: hostnamectl set-hostname {{ inventory_hostname }}
notify: rename_finish
diff --git a/Config_Labo.sh b/Config_Labo.sh
deleted file mode 100644
index 142f8fc..0000000
--- a/Config_Labo.sh
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/bash
-
-ls -al
\ No newline at end of file
diff --git a/Config_Playbook.yml b/Config_Playbook.yml
index 32f3a23..f7f1ee0 100644
--- a/Config_Playbook.yml
+++ b/Config_Playbook.yml
@@ -3,14 +3,11 @@
hosts: all
become: true
tasks:
+ - name: Load the variables
+ include_vars: variables.yml
+
- name: Rename hosts
command: hostnamectl set-hostname {{ inventory_hostname }}
- notify: rename_finish
-
- handlers:
- - name: rename_finish
- debug:
- msg: "I can handle dates"
- name: Setup network for Hosts
hosts: hotes
@@ -18,11 +15,9 @@
tasks:
- name: "Create file interface in interfaces.d"
ansible.builtin.template:
- src: ./interfaces_H.j2
+ src: ./templates/host_config_template.j2
dest: /etc/network/interfaces.d/interfaces_playbook.conf
mode: 0640
- - name: Restart interfaces hosts
- shell: "ifdown --force eth0"
- name: Setup network for Routers
hosts: routeurs
@@ -30,7 +25,7 @@
tasks:
- name: "Create file interface in interfaces.d"
ansible.builtin.template:
- src: ./interfaces_R.j2
+ src: ./templates/router_config_template.j2
dest: /etc/network/interfaces.d/interfaces_playbook.conf
mode: 0640
- name: "Set ip_forwarding to 1"
@@ -39,19 +34,11 @@
value: '1'
sysctl_set: true
state: present
- - name: Restart interfaces hosts
- shell: "ifdown --force eth0 eth1"
-
- name: Configuration et démarrage des interfaces réseau
hosts: all
become: true
tasks:
- - name: Restart interfaces hosts
- shell: "ifup -a --ignore-errors"
- notify: start network
-
- handlers:
- name: start network
service:
name: networking
diff --git a/Config_Wireguard.yml b/Config_Wireguard.yml
new file mode 100644
index 0000000..8746656
--- /dev/null
+++ b/Config_Wireguard.yml
@@ -0,0 +1,126 @@
+---
+
+- name: Rename all hosts
+ hosts: all
+ become: true
+
+ tasks:
+ - name: Load the variables
+ include_vars: variables.yml
+
+ - name: Load the keys
+ include_vars: keys.yml
+
+ - name: Rename hosts
+ command: hostnamectl set-hostname {{ inventory_hostname }}
+
+- name: Setup network for Hosts
+ hosts: hotes
+ become: yes
+ tasks:
+ - name: "Create file interface in interfaces.d for hosts"
+ ansible.builtin.template:
+ src: ./templates/host_config_template.j2
+ dest: /etc/network/interfaces.d/interfaces_playbook.conf
+ mode: 0640
+ notify: Restart network
+ handlers:
+ - name: Restart network
+ ansible.builtin.service:
+ name: networking
+ state: restarted
+ enabled: yes
+
+- name: Setup network for Routers
+ hosts: routeurs
+ become: yes
+ tasks:
+ - name: "Create file interface in interfaces.d for routers"
+ ansible.builtin.template:
+ src: ./templates/router_config_template.j2
+ dest: /etc/network/interfaces.d/interfaces_playbook.conf
+ mode: 0640
+ notify: Restart network
+ - name: "Set ip_forwarding to 1"
+ ansible.posix.sysctl:
+ name: net.ipv4.ip_forward
+ value: '1'
+ sysctl_set: true
+ state: present
+ handlers:
+ - name: Restart network
+ ansible.builtin.service:
+ name: networking
+ state: restarted
+ enabled: yes
+
+- name: Install all needed program
+ hosts: hotes
+ become: true
+ tasks:
+ - name: Give internet to host
+ ansible.builtin.shell:
+ cmd: "ip r add default nexthop via 10.0.2.2"
+ # check_mode: yes
+
+ - name: Install nginx and Wireguard
+ ansible.builtin.apt:
+ update_cache: yes
+ # check_mode: yes
+
+ - name: Install nginx and Wireguard
+ ansible.builtin.apt:
+ pkg:
+ - nginx
+ - wireguard
+ - wireguard-tools
+ - iptables
+ state: present
+ # check_mode: yes
+ - name: Remove internet to host
+ ansible.builtin.shell:
+ cmd: "ip r del default"
+ # check_mode: yes
+
+- name: Setup index.html on H2
+ hosts: H2
+ become: true
+ tasks:
+ - name: Setup page of nginx
+ ansible.builtin.template:
+ src: ./templates/index_template.j2
+ dest: /var/www/index.html
+ mode: 0640
+
+ - name: Setup config of nginx
+ ansible.builtin.template:
+ src: ./templates/nginx_config_template.j2
+ dest: /etc/nginx/sites-enabled/web_site
+ mode: 0640
+
+ - name: Setup VPN Wireguard H2
+ ansible.builtin.template:
+ src: ./templates/wireguard_config_template_H2.j2
+ dest: /etc/wireguard/wg0.conf
+ mode: 0640
+
+- name: Setup index.html on H2
+ hosts: H1
+ become: true
+ tasks:
+ - name: Setup VPN Wireguard H1
+ ansible.builtin.template:
+ src: ./templates/wireguard_config_template_H1.j2
+ dest: /etc/wireguard/wg0.conf
+ mode: 0640
+
+- name: Start wireguard for all hosts
+ hosts: hotes
+ become: true
+ tasks:
+ - name: Start wg-quick
+ ansible.builtin.shell:
+ cmd: "wg-quick up wg0"
+
+
+...
\ No newline at end of file
diff --git a/Create_WG_Keys.sh b/Create_WG_Keys.sh
new file mode 100644
index 0000000..68eb3a7
--- /dev/null
+++ b/Create_WG_Keys.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+# Create Key for H2
+wg genkey > privkey_H2
+wg pubkey < privkey_H2 > pubkey_H2
+cat pubkey_H2 | xargs -i ansible-vault encrypt_string --vault-password-file vault_file {} --output pubkey_H2
+cat privkey_H2 | xargs -i ansible-vault encrypt_string --vault-password-file vault_file {} --output privkey_H2
+
+# Create Key for H1
+wg genkey > privkey_H1
+wg pubkey < privkey_H1 > pubkey_H1
+cat pubkey_H1 | xargs -i ansible-vault encrypt_string --vault-password-file vault_file {} --output pubkey_H1
+cat privkey_H1 | xargs -i ansible-vault encrypt_string --vault-password-file vault_file {} --output privkey_H1
+
+
+# echo "H2:" > keys.yml
+echo "---" > keys.yml
+echo "keys:" >> keys.yml
+echo " H2PRIV: $(cat privkey_H2 )" >> keys.yml
+echo " H2PUB: $(cat pubkey_H2 )" >> keys.yml
+# echo "H1:" >> keys.yml
+echo " H1PRIV: $(cat privkey_H1 )" >> keys.yml
+echo " H1PUB: $(cat pubkey_H1 )" >> keys.yml
\ No newline at end of file
diff --git a/interfaces_H.j2 b/interfaces_H.j2
deleted file mode 100644
index bd875a2..0000000
--- a/interfaces_H.j2
+++ /dev/null
@@ -1,5 +0,0 @@
-auto {{ ifname }}
-iface {{ ifname }} inet static
- address {{ ifip }}
- netmask {{ ifcidr }}
- post-up ip route add default via {{ ifgw }}
diff --git a/interfaces_R.j2 b/interfaces_R.j2
deleted file mode 100644
index 0bf0c01..0000000
--- a/interfaces_R.j2
+++ /dev/null
@@ -1,15 +0,0 @@
-auto {{ ifname }}
-iface {{ ifname }} inet static
- address {{ ifip }}
- netmask {{ ifcidr }}
-
-auto {{ ifname2 }}
-iface {{ ifname2 }} inet static
- address {{ ifip2 }}
- netmask {{ ifcidr2 }}
- {% if Rname != "R2" %}
-post-up ip route add 3.0.0.0/24 nexthop via {{ ifgw }}
- {% endif %}
- {% if Rname != "R1" %}
-post-up ip route add 1.0.0.0/24 nexthop via {{ ifgw2 }}
- {% endif %}
diff --git a/inventory.ini b/inventory.ini
new file mode 100644
index 0000000..6ceb4c2
--- /dev/null
+++ b/inventory.ini
@@ -0,0 +1,19 @@
+[hotes]
+H1
+H2
+
+[routeurs]
+R1
+R2
+
+[H1]
+H1
+
+[H2]
+H2
+
+[R1]
+R1
+
+[R2]
+R2
diff --git a/inventory.yml b/inventory.yml
deleted file mode 100644
index 0262001..0000000
--- a/inventory.yml
+++ /dev/null
@@ -1,4 +0,0 @@
-H1
-H2
-R1
-R1
\ No newline at end of file
diff --git a/keys.yml b/keys.yml
new file mode 100644
index 0000000..e2d1af6
--- /dev/null
+++ b/keys.yml
@@ -0,0 +1,34 @@
+---
+keys:
+ H2PRIV: !vault |
+ $ANSIBLE_VAULT;1.1;AES256
+ 31386336306239306362656331663334636536343265313963303264316530353338393561373933
+ 3031336435363763353239393466306330613337623362610a393434623433653333316637636662
+ 38313466353530323736306631316362323636316439363338613734386461613131373732323061
+ 6638313732326334640a313265363237396230356633313732376363383466626363653439363534
+ 63376361666163616163373963343062373532336138356462323432633539663532666531663732
+ 3834646332653535373934326332656531396331356363373837
+ H2PUB: !vault |
+ $ANSIBLE_VAULT;1.1;AES256
+ 64393936666138393862333665626537353062646464656630313061636365333465623039303230
+ 6435373035646636663834326131346562383238343563650a383332656362373234393530663564
+ 33323363613335343564393434383035666464343165353932316330373230616137353161623265
+ 3064313761633235640a376534383032626363633962333361346531623662383232303636356365
+ 63393737653163323837643137333566313238373030616333326436666562323435666466353034
+ 3863663730386133643064623139643632303135333537386632
+ H1PRIV: !vault |
+ $ANSIBLE_VAULT;1.1;AES256
+ 34373063623932653339323164663466373437363834313736353265323761653731396563643934
+ 3630303136393130343034366666306139653364343933320a646466343766333661636666653161
+ 30336331623561646336633837386366306262393237313339653938303138643962393132303066
+ 6437623462613538620a396465626465356432666431663530353330613065396539633264626335
+ 31316634363565326536336666343966623962323162336432303732373262313630653235373466
+ 3864333137393839393362656161323833396465373232326530
+ H1PUB: !vault |
+ $ANSIBLE_VAULT;1.1;AES256
+ 63353464353631346139663931356165363164346531326463303034363738643834323465636534
+ 3663356261303839616532653633613039383033613234350a353533376266333165663830386339
+ 34333832393461346634613636353233613936303062376439393438663034653234646263376264
+ 3939636333343536350a393963353561343930306535646165613333386131373364373231346238
+ 61626532346462346134333237383436333265636662316662616262343833633766313264396365
+ 6233313335626632363166366536393739366365386264383533
diff --git a/nft.sh b/nft.sh
new file mode 100644
index 0000000..bf2ddc5
--- /dev/null
+++ b/nft.sh
@@ -0,0 +1,13 @@
+#!/usr/sbin/nft -f
+
+table ip filter {
+ chain FORWARD {
+ type filter hook forward priority 0; policy accept;
+ iifname "wg0" counter accept
+ }
+
+ chain POSTROUTING {
+ type filter hook postrouting priority 0; policy accept;
+ oifname "eth0" counter masquerade
+ }
+}
diff --git a/privkey_H1 b/privkey_H1
new file mode 100644
index 0000000..8aebd08
--- /dev/null
+++ b/privkey_H1
@@ -0,0 +1,8 @@
+!vault |
+ $ANSIBLE_VAULT;1.1;AES256
+ 34373063623932653339323164663466373437363834313736353265323761653731396563643934
+ 3630303136393130343034366666306139653364343933320a646466343766333661636666653161
+ 30336331623561646336633837386366306262393237313339653938303138643962393132303066
+ 6437623462613538620a396465626465356432666431663530353330613065396539633264626335
+ 31316634363565326536336666343966623962323162336432303732373262313630653235373466
+ 3864333137393839393362656161323833396465373232326530
\ No newline at end of file
diff --git a/privkey_H2 b/privkey_H2
new file mode 100644
index 0000000..cb68ffd
--- /dev/null
+++ b/privkey_H2
@@ -0,0 +1,8 @@
+!vault |
+ $ANSIBLE_VAULT;1.1;AES256
+ 31386336306239306362656331663334636536343265313963303264316530353338393561373933
+ 3031336435363763353239393466306330613337623362610a393434623433653333316637636662
+ 38313466353530323736306631316362323636316439363338613734386461613131373732323061
+ 6638313732326334640a313265363237396230356633313732376363383466626363653439363534
+ 63376361666163616163373963343062373532336138356462323432633539663532666531663732
+ 3834646332653535373934326332656531396331356363373837
\ No newline at end of file
diff --git a/pubkey_H1 b/pubkey_H1
new file mode 100644
index 0000000..0dcffcc
--- /dev/null
+++ b/pubkey_H1
@@ -0,0 +1,8 @@
+!vault |
+ $ANSIBLE_VAULT;1.1;AES256
+ 63353464353631346139663931356165363164346531326463303034363738643834323465636534
+ 3663356261303839616532653633613039383033613234350a353533376266333165663830386339
+ 34333832393461346634613636353233613936303062376439393438663034653234646263376264
+ 3939636333343536350a393963353561343930306535646165613333386131373364373231346238
+ 61626532346462346134333237383436333265636662316662616262343833633766313264396365
+ 6233313335626632363166366536393739366365386264383533
\ No newline at end of file
diff --git a/pubkey_H2 b/pubkey_H2
new file mode 100644
index 0000000..529c996
--- /dev/null
+++ b/pubkey_H2
@@ -0,0 +1,8 @@
+!vault |
+ $ANSIBLE_VAULT;1.1;AES256
+ 64393936666138393862333665626537353062646464656630313061636365333465623039303230
+ 6435373035646636663834326131346562383238343563650a383332656362373234393530663564
+ 33323363613335343564393434383035666464343165353932316330373230616137353161623265
+ 3064313761633235640a376534383032626363633962333361346531623662383232303636356365
+ 63393737653163323837643137333566313238373030616333326436666562323435666466353034
+ 3863663730386133643064623139643632303135333537386632
\ No newline at end of file
diff --git a/res b/res
new file mode 100644
index 0000000..007d40b
--- /dev/null
+++ b/res
@@ -0,0 +1,8 @@
+!vault |
+ $ANSIBLE_VAULT;1.1;AES256
+ 34323537383365663838666331323431393337303565396339353930333239666636363036383362
+ 6664653063393737353638303964616639336264373931350a626635376437636136666231303930
+ 61313438346230373835616563323433633534343934393131613161353337656163643930626366
+ 6261303163613732370a366636353564393036643264376135616166646166663438636436663462
+ 36653865326135646362323166616332343363323461303831386331616662313363653831666664
+ 3764666134353061313162336364396633353739333234373630
\ No newline at end of file
diff --git a/targets b/targets
deleted file mode 100644
index 24d217a..0000000
--- a/targets
+++ /dev/null
@@ -1,36 +0,0 @@
-[hotes]
-H1
-H2 ifip="3.0.0.2" ifgw="3.0.0.1"
-
-[hotes:vars]
-ifname="eth0"
-ifip="1.0.0.2"
-ifcidr="255.255.255.0"
-ifgw="1.0.0.1"
-
-[routeurs]
-R1 ifip="1.0.0.1" ifgw="2.0.0.2" Rname="R1"
-R2 ifip2="2.0.0.2" ifgw2="2.0.0.1" Rname="R2"
-
-[routeurs:vars]
-ifname="eth1"
-ifip="3.0.0.1"
-ifcidr="255.255.255.0"
-ifgw="2.0.0.1"
-ifname2="eth0"
-ifip2="2.0.0.1"
-ifcidr2="255.255.255.0"
-ifgw2="1.0.0.2"
-Rname=""
-
-[H1]
-H1
-
-[H2]
-H2
-
-[R1]
-R1
-
-[R2]
-R2
diff --git a/templates/host_config_template.j2 b/templates/host_config_template.j2
new file mode 100644
index 0000000..e221075
--- /dev/null
+++ b/templates/host_config_template.j2
@@ -0,0 +1,5 @@
+auto {{ all[inventory_hostname].ifname }}
+iface {{ all[inventory_hostname].ifname }} inet static
+ address {{ all[inventory_hostname].ifip }}
+ netmask {{ all[inventory_hostname].ifcidr }}
+ post-up ip route add {{ all[inventory_hostname].iftarget }} via {{ all[inventory_hostname].ifgw }}
diff --git a/templates/index_template.j2 b/templates/index_template.j2
new file mode 100644
index 0000000..80ab37c
--- /dev/null
+++ b/templates/index_template.j2
@@ -0,0 +1,12 @@
+<!doctype html>
+<html>
+<head>
+ <meta charset="utf-8">
+ <title>{{ all[inventory_hostname].title }}</title>
+</head>
+<body>
+ <h1>{{ all[inventory_hostname].title }}</h1>
+ <p>This is the sample page</p>
+ <p>IP of server {{ all[inventory_hostname].ifip }}</p>
+</body>
+</html>
\ No newline at end of file
diff --git a/templates/interfaces_HH.j2 b/templates/interfaces_HH.j2
new file mode 100644
index 0000000..cee7de1
--- /dev/null
+++ b/templates/interfaces_HH.j2
@@ -0,0 +1,5 @@
+auto {{ all[inventory_hostname].ifname }}
+iface {{ all[inventory_hostname].ifname }} inet static
+ address {{ all[inventory_hostname].ifip }}
+ netmask {{ all[inventory_hostname].ifcidr }}
+ post-up ip route add default via {{ all[inventory_hostname].ifgw }}
diff --git a/templates/interfaces_R.j2 b/templates/interfaces_R.j2
new file mode 100644
index 0000000..8c17900
--- /dev/null
+++ b/templates/interfaces_R.j2
@@ -0,0 +1,15 @@
+auto {{ all[inventory_hostname].ifname }}
+iface {{ all[inventory_hostname].ifname }} inet static
+ address {{ all[inventory_hostname].ifip }}
+ netmask {{ all[inventory_hostname].ifcidr }}
+
+auto {{ all[inventory_hostname].ifname2 }}
+iface {{ all[inventory_hostname].ifname2 }} inet static
+ address {{ all[inventory_hostname].ifip2 }}
+ netmask {{ all[inventory_hostname].ifcidr2 }}
+ {% if inventory_hostname != "R2" %}
+post-up ip route add 3.0.0.0/24 nexthop via {{ all[inventory_hostname].ifgw }}
+ {% endif %}
+ {% if inventory_hostname != "R1" %}
+post-up ip route add 1.0.0.0/24 nexthop via {{ all[inventory_hostname].ifgw }}
+ {% endif %}
diff --git a/templates/nginx_config_template.j2 b/templates/nginx_config_template.j2
new file mode 100644
index 0000000..e1faa53
--- /dev/null
+++ b/templates/nginx_config_template.j2
@@ -0,0 +1,11 @@
+server {
+ listen 10.0.0.0:80;
+ listen 127.0.0.1:80;
+
+ server_name internal_web_site;
+
+ location / {
+ root /var/www/;
+ index index.html;
+ }
+}
\ No newline at end of file
diff --git a/templates/router_config_template.j2 b/templates/router_config_template.j2
new file mode 100644
index 0000000..8c17900
--- /dev/null
+++ b/templates/router_config_template.j2
@@ -0,0 +1,15 @@
+auto {{ all[inventory_hostname].ifname }}
+iface {{ all[inventory_hostname].ifname }} inet static
+ address {{ all[inventory_hostname].ifip }}
+ netmask {{ all[inventory_hostname].ifcidr }}
+
+auto {{ all[inventory_hostname].ifname2 }}
+iface {{ all[inventory_hostname].ifname2 }} inet static
+ address {{ all[inventory_hostname].ifip2 }}
+ netmask {{ all[inventory_hostname].ifcidr2 }}
+ {% if inventory_hostname != "R2" %}
+post-up ip route add 3.0.0.0/24 nexthop via {{ all[inventory_hostname].ifgw }}
+ {% endif %}
+ {% if inventory_hostname != "R1" %}
+post-up ip route add 1.0.0.0/24 nexthop via {{ all[inventory_hostname].ifgw }}
+ {% endif %}
diff --git a/templates/wireguard_config_template_H1.j2 b/templates/wireguard_config_template_H1.j2
new file mode 100644
index 0000000..b17be71
--- /dev/null
+++ b/templates/wireguard_config_template_H1.j2
@@ -0,0 +1,9 @@
+[Interface]
+Address = 10.0.0.2/24
+ListenPort = 51820
+PrivateKey = {{ keys["H1PRIV"] }}
+
+[Peer]
+PublicKey = {{ keys["H2PUB"] }}
+Endpoint = 3.0.0.2:51820
+AllowedIPs = 0.0.0.0/0, ::/0
diff --git a/templates/wireguard_config_template_H2.j2 b/templates/wireguard_config_template_H2.j2
new file mode 100644
index 0000000..15de7a8
--- /dev/null
+++ b/templates/wireguard_config_template_H2.j2
@@ -0,0 +1,14 @@
+[Interface]
+Address = 10.0.0.1/24
+PrivateKey = {{ keys["H2PRIV"] }}
+ListenPort = 51820
+{# PostUp = nft -f nft.sh %i #}
+{# PostUp = nft add rule ip nat POSTROUTING oifname "eth0" counter masquerade;nft add rule ip filter FORWARD iifname "eth0" counter accept
+PostDown = nft del rule ip nat POSTROUTING oifname "eth0" counter masquerade;nft del rule ip filter FORWARD iifname "eth0" counter accept #}
+PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
+
+
+[Peer]
+PublicKey = {{ keys["H1PUB"] }}
+AllowedIPs = 10.0.0.0/24
\ No newline at end of file
diff --git a/variables.yml b/variables.yml
new file mode 100644
index 0000000..0a749fd
--- /dev/null
+++ b/variables.yml
@@ -0,0 +1,32 @@
+---
+all:
+ H1:
+ ifname: "eth0"
+ ifip: "1.0.0.2"
+ ifcidr: "255.255.255.0"
+ ifgw: "1.0.0.1"
+ iftarget: "3.0.0.0/24"
+ H2:
+ ifname: "eth0"
+ ifip: "3.0.0.2"
+ ifcidr: "255.255.255.0"
+ ifgw: "3.0.0.1"
+ iftarget: "1.0.0.0/24"
+ title: "WebPoulpy"
+ wgport: 51820
+ R1:
+ ifname: "eth1"
+ ifip: "1.0.0.1"
+ ifcidr: "255.255.255.0"
+ ifname2: "eth0"
+ ifip2: "2.0.0.1"
+ ifcidr2: "255.255.255.0"
+ ifgw: "2.0.0.2"
+ R2:
+ ifname: "eth0"
+ ifip: "2.0.0.2"
+ ifcidr: "255.255.255.0"
+ ifname2: "eth1"
+ ifip2: "3.0.0.1"
+ ifcidr2: "255.255.255.0"
+ ifgw: "2.0.0.1"
diff --git a/vault_file b/vault_file
new file mode 100644
index 0000000..17fbe68
--- /dev/null
+++ b/vault_file
@@ -0,0 +1 @@
+PASSWORD_HERE
\ No newline at end of file
--
GitLab