f1cb7486a5
- Separate `lmn_vpn` from `lmn_teacherlaptop`. - Implement a check for the availability of the wireguard-server during the wg-config rollout. - Enhance variable support with a standardized naming schema: - VPN selection via `vpn` variable (`none`, `wg`). - Wireguard configuration (endpoint, allowed IPs, ip_cdr, dns, searchpath). - Run wg-config role in separate play with serial 1 to avoid conflicts, when the role attempts to determine the next free Wireguard IP on the server when role try to Add a check to verify if the radius certificate is revoked. - Ensure required packages and services are only installed and configured if the `vpn` variable is set. - Provide documentation for `lmn_vpn` module.
1 KiB
1 KiB
VPN
Provides VPN access to school network via
- Wireguard
Which vpn method is used is determined by the variable vpn
Choices:
"none"<- (default)"wg"
Description / use cases
- This module provides a NetworkManager Config with valid wireguard credentials.
- Private/public keys will be created and configured on wireguard-server.
- After VPN-connection is established, network shares will be connected and printers will be installed too.
Requirements
- You need to run a wireguard server. For installation see https://codeberg....
- The user, running this playbook, must have access to the wireguard-Server via ssh.
Example
VPN profile will be created on teacher devices
inventory.yml
infrastructure:
hosts:
wg_server:
ansible_host: 10.0.0.16
ansible_user: ansible
teacherdevices:
hosts:
10.0.14.[1..75]
vars:
vpn: wg
wg_endpoint: "203.0.113.1:51820"
wg_allowed_ips: "10.0.0.0/16;"
wg_ip_cdr: 24
wg_dns: "9.9.9.9"
wg_dns_search: "example.com"