Config_H1_Ping_H2.yml

@@ -3,11 +3,12 @@
   hosts: all
   become: true
   tasks:    
+# Load all variables in the playbook
     - name: Load the variables
       include_vars: variables.yml
     - name: Rename hosts
       command: hostnamectl set-hostname {{ inventory_hostname }}
-
+# For all host we config network interfaces
 - name: Setup network for Hosts
   hosts: hotes
   become: yes
@@ -25,26 +26,41 @@
       state: restarted
       enabled: yes
 
+# For all routers we config network interfaces
 - name: Setup network for Routers
   hosts: routeurs
   become: yes
   tasks:
-    - name: "Create file interface in interfaces.d"
-      ansible.builtin.template:
-        src: ./templates/router_config_template.j2
-        dest: /etc/network/interfaces.d/interfaces_playbook.conf
-        mode: 0640
-      notify: Restart network
     - name: "Set ip_forwarding to 1"
       ansible.posix.sysctl:
         name: net.ipv4.ip_forward
         value: '1'
         sysctl_set: true
         state: present
+    - name: "Create file interface in interfaces.d"
+      ansible.builtin.template:
+        src: ./templates/router_config_template.j2
+        dest: /etc/network/interfaces.d/interfaces_playbook.conf
+        mode: 0640
+      notify: Restart network
+
   handlers:
     - name: Restart network
       ansible.builtin.service:
         name: networking
         state: restarted
         enabled: yes
+
+# make the test
+- name: Display ping value
+  hosts: H1
+  become: yes
+  tasks:
+    - name: Ping form H1 to H2
+      ansible.builtin.shell: "ping 3.0.0.2 -c 1"
+      register: result
+    
+    - name: Print result
+      debug:
+        msg: "{{ result.stdout_lines }}"
 ...
\ No newline at end of file

Config_Playbook.yml

----
-- name: Configuration et démarrage des interfaces réseau
-  hosts: all
-  become: true
-  tasks:
-    - name: Load the variables
-      include_vars: variables.yml
-
-    - name: Rename hosts
-      command: hostnamectl set-hostname {{ inventory_hostname }}
-    
-- name: Setup network for Hosts
-  hosts: hotes
-  become: yes
-  tasks:
-    - name: "Create file interface in interfaces.d"
-      ansible.builtin.template:
-        src: ./templates/host_config_template.j2
-        dest: /etc/network/interfaces.d/interfaces_playbook.conf
-        mode: 0640
-
-- name: Setup network for Routers
-  hosts: routeurs
-  become: yes
-  tasks:
-    - name: "Create file interface in interfaces.d"
-      ansible.builtin.template:
-        src: ./templates/router_config_template.j2
-        dest: /etc/network/interfaces.d/interfaces_playbook.conf
-        mode: 0640
-    - name: "Set ip_forwarding to 1"
-      ansible.posix.sysctl:
-        name: net.ipv4.ip_forward
-        value: '1'
-        sysctl_set: true
-        state: present
-
-- name: Configuration et démarrage des interfaces réseau
-  hosts: all
-  become: true
-  tasks:
-    - name: start network
-      service:
-        name: networking
-        state: restarted
-        enabled: yes
-...
\ No newline at end of file

Config_Wireguard.yml

@@ -4,6 +4,7 @@
   hosts: all
   become: true
   
+  # Load all variables in the playbook
   tasks:
     - name: Load the variables
       include_vars: variables.yml
@@ -14,6 +15,7 @@
     - name: Rename hosts
       command: hostnamectl set-hostname {{ inventory_hostname }}
     
+# For all host we config network interfaces
 - name: Setup network for Hosts
   hosts: hotes
   become: yes
@@ -31,6 +33,7 @@
         state: restarted
         enabled: yes
 
+# For all routers we config network interfaces
 - name: Setup network for Routers
   hosts: routeurs
   become: yes
@@ -54,6 +57,7 @@
         state: restarted
         enabled: yes
 
+# Install somes program on host so install route for internet and install program and finally remove route
 - name: Install all needed program
   hosts: hotes
   become: true
@@ -61,14 +65,12 @@
     - name: Give internet to host
       ansible.builtin.shell:
         cmd: "ip r add default nexthop via 10.0.2.2"
-      # check_mode: yes
       
     - name: Install update for install other programs
       ansible.builtin.apt:
         cache_valid_time: 86400
         upgrade: yes
         update_cache: yes
-      # check_mode: yes
 
     - name: Install nginx
       ansible.builtin.apt:
@@ -83,6 +85,7 @@
       ansible.builtin.shell:
         cmd: "ip r del default"
         
+# Push in the web server the config for wireguard, nginx and the HTML for web index
 - name: Setup index.html on H2
   hosts: H2
   become: true
@@ -118,6 +121,7 @@
         state: restarted
         enabled: yes
 
+# Setup the wireguard tunnel for H1 and make all the tests
 - name: Setup wireguard on H1
   hosts: H1
   become: true
@@ -127,17 +131,11 @@
         src: ./templates/wireguard_config_template_H1.j2
         dest: /etc/wireguard/wg0.conf
         mode: 0640
-      notify: wg-quick
 
-  handlers:
     - name: wg-quick
       ansible.builtin.shell:
         cmd: "wg-quick up wg0 2>/dev/null"
 
-- name: Test connectivity from H1 to H2
-  hosts: H1
-  tasks:
-
     - name: Ping form H1 to H2
       ansible.builtin.shell: "ping 3.0.0.2 -c 1"
       register: result

Create_WG_Keys.sh

 #!/bin/bash
 
-# Create Key for H2
+# Create Key for H2 ans save to pubkey_H1, privkey_H1
 wg genkey > privkey_H2
 wg pubkey < privkey_H2 > pubkey_H2
 cat pubkey_H2 | xargs -i ansible-vault encrypt_string --vault-password-file vault_file {} --output pubkey_H2
 cat privkey_H2 | xargs -i ansible-vault encrypt_string --vault-password-file vault_file {} --output privkey_H2
 
-# Create Key for H1
+# Create Key for H1 ans save to pubkey_H1, privkey_H1
 wg genkey > privkey_H1
 wg pubkey < privkey_H1 > pubkey_H1
 cat pubkey_H1 | xargs -i ansible-vault encrypt_string --vault-password-file vault_file {} --output pubkey_H1
 cat privkey_H1 | xargs -i ansible-vault encrypt_string --vault-password-file vault_file {} --output privkey_H1
 
 
-# echo "H2:" > keys.yml
+# Create H2 keys in keys.yml
 echo "---" > keys.yml
 echo "keys:" >> keys.yml
 echo "  H2PRIV: $(cat privkey_H2 )" >> keys.yml
 echo "  H2PUB: $(cat pubkey_H2 )" >> keys.yml
-# echo "H1:" >> keys.yml
+# Create H1 keys in keys.yml
 echo "  H1PRIV: $(cat privkey_H1 )" >> keys.yml
 echo "  H1PUB: $(cat pubkey_H1 )" >> keys.yml
\ No newline at end of file

nft.sh

-#!/usr/sbin/nft -f
-
-table ip filter {
-	chain FORWARD {
-		type filter hook forward priority 0; policy accept;
-		iifname "wg0" counter accept
-	}
-
-	chain POSTROUTING {
-		type filter hook postrouting priority 0; policy accept;
-        oifname "eth0" counter masquerade
-	}
-}

res

-!vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          34323537383365663838666331323431393337303565396339353930333239666636363036383362
-          6664653063393737353638303964616639336264373931350a626635376437636136666231303930
-          61313438346230373835616563323433633534343934393131613161353337656163643930626366
-          6261303163613732370a366636353564393036643264376135616166646166663438636436663462
-          36653865326135646362323166616332343363323461303831386331616662313363653831666664
-          3764666134353061313162336364396633353739333234373630
\ No newline at end of file