From 88fdadaf2901193f8bbec9e9c415d49d5e915a5a Mon Sep 17 00:00:00 2001 From: ines <yoda@hepia-nb-1393.ines.maya.net> Date: Tue, 11 Apr 2023 16:00:19 +0200 Subject: [PATCH] add all, ok but not finished --- README.md | 3 ++ templates/index.html.j2 | 10 ++++++ templates/nginx.conf.j2 | 13 ++++++++ templates/wg0.conf.j2 | 9 ++++++ wireguard.yml | 69 ++++++++++++++++++++++++++++++++++++++--- 5 files changed, 99 insertions(+), 5 deletions(-) create mode 100644 templates/index.html.j2 create mode 100644 templates/nginx.conf.j2 create mode 100644 templates/wg0.conf.j2 diff --git a/README.md b/README.md index ad939da..2a0b500 100644 --- a/README.md +++ b/README.md @@ -13,6 +13,9 @@ Le fichier *ansible.yml* est le playbook principal permettant d'exécuter la par Le dossier *captures* contient les captures d'écran prouvant la bonne réalisation de ce travail pratique +## Prérequis + + ## Fonctionnement / Commandes Afin de créer le fichier de configuration du projet gns3, il faut exéctuer la commande suivante diff --git a/templates/index.html.j2 b/templates/index.html.j2 new file mode 100644 index 0000000..f322dc9 --- /dev/null +++ b/templates/index.html.j2 @@ -0,0 +1,10 @@ +<!DOCTYPE html> +<html> +<head> + <title>Tp 3 - Ansible</title> +</head> +<body> + <h1>wellcome</h1> + <p>My IP address is {{ interfaces[inventory_hostname].wg_address }}</p> +</body> +</html> diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2 new file mode 100644 index 0000000..46e0a8c --- /dev/null +++ b/templates/nginx.conf.j2 @@ -0,0 +1,13 @@ +server { + + listen 10.0.0.1:80; + server_name H2; + + allow 10.0.0.1/24; + deny all; + + location / { + root /var/www/html; + index index.html; + } +} \ No newline at end of file diff --git a/templates/wg0.conf.j2 b/templates/wg0.conf.j2 new file mode 100644 index 0000000..2f97313 --- /dev/null +++ b/templates/wg0.conf.j2 @@ -0,0 +1,9 @@ +[Interfaces] +PrivateKey = {{ interfaces[inventory_hostname].wg_private_key }} +Address = {{ interfaces[inventory_hostname].wg_address }} +ListenPort = {{ interfaces[inventory_hostname].listen_port }} + +[Peer] +PublicKey = {{ interfaces[inventory_hostname].wg_public_key }} +AllowedIPs = {{ interfaces[inventory_hostname].wg_allowed_ips }} +Endpoint = {{ interfaces[inventory_hostname].wg_endpoint }} \ No newline at end of file diff --git a/wireguard.yml b/wireguard.yml index 76c16dc..6c21bf7 100644 --- a/wireguard.yml +++ b/wireguard.yml @@ -8,12 +8,26 @@ netmask: 255.255.255.0 subnet: 3.0.0.0/24 nexthop: 1.0.0.1 + wg_endpoint: 10.0.0.3:51820 + server_name: 10.0.0.3 + listen_port: 51820 + wg_address: 10.0.0.2/24 + wg_allowed_ips: 10.0.0.0/24 + wg_public_key: "derjgunZ8CXXghx7zzAcMfHULduvxrz3J2jbzlQ/eQg=" + wg_private_key: "kE//aH71O9u/DFubv+KORitDAG5WzkJhjqkLfGAyUm0=" H2: eth0: address: 3.0.0.3 netmask: 255.255.255.0 subnet: 1.0.0.0/24 nexthop: 3.0.0.2 + wg_endpoint: 10.0.0.3:51820 + server_name: 10.0.0.3 + listen_port: 51820 + wg_address: 10.0.0.1/24 + wg_allowed_ips: 10.0.0.0/24 + wg_public_key: "b+/pkH6Jrjxvb/7VHOviIPo+UkMmg5KCCr/PXMwjURc=" + wg_private_key: "MGU1UFaHd+jGpHLUcksVGdM915boQmsqNhAR43C282E=" R1: eth0: address: 2.0.0.1 @@ -34,9 +48,10 @@ nexthop: 2.0.0.1 tasks: - - name: Print result - debug: - msg: "{{ interfaces[inventory_hostname] }}" + # - name: Print result + # debug: + # msg: "{{ interfaces[inventory_hostname].server_name }}" + # when: inventory_hostname in groups['hotes'] - name: Restart interfaces routeurs template: @@ -52,6 +67,7 @@ when: inventory_hostname in groups['hotes'] notify: restart networking + # Tâche permettant d'avoir internet sur les hôtes - name: Give internet to host ansible.builtin.shell: cmd: "dhclient -v mgmt0" @@ -63,7 +79,8 @@ upgrade: yes update_cache: yes when: inventory_hostname in groups['hotes'] - + + # Installation de nginx - name: Install nginx ansible.builtin.apt: pkg: @@ -73,9 +90,51 @@ - curl state: present when: inventory_hostname in groups['hotes'] + + - name: Configure the wireguard tunnel + template: + src: templates/wg0.conf.j2 + dest: /etc/wireguard/wg0.conf + notify: Restart the wireguard tunnel + when: inventory_hostname in groups['hotes'] + + - name: Configure the web server with nginx + template: + src: templates/nginx.conf.j2 + dest: /etc/nginx/nginx.conf + notify: Restart the web server + when: inventory_hostname == 'H2' + + - name: Configurer la page web avec Nginx + template: + src: templates/index.html.j2 + dest: /var/www/html/index.html + notify: Restart the web server + when: inventory_hostname == 'H2' + + # - name: Check connectivity using curl + # shell: "curl 10.0.0.1" + # register: result + # ignore_errors: true + # when: inventory_hostname in groups['hotes'] + + # - name: Print result connectivity + # debug: + # msg: "{{ result.stdout_lines }}" + # when: inventory_hostname in groups['hotes'] handlers: - - name: restart networking + - name: Restart networking service: name: networking state: restarted + + - name: Restart the wireguard tunnel + systemd: + name: wg-quick@wg0.service + state: restarted + + - name: Restart the web server + systemd: + name: nginx + state: restarted \ No newline at end of file -- GitLab