f1cb7486a5
- Separate `lmn_vpn` from `lmn_teacherlaptop`. - Implement a check for the availability of the wireguard-server during the wg-config rollout. - Enhance variable support with a standardized naming schema: - VPN selection via `vpn` variable (`none`, `wg`). - Wireguard configuration (endpoint, allowed IPs, ip_cdr, dns, searchpath). - Run wg-config role in separate play with serial 1 to avoid conflicts, when the role attempts to determine the next free Wireguard IP on the server when role try to Add a check to verify if the radius certificate is revoked. - Ensure required packages and services are only installed and configured if the `vpn` variable is set. - Provide documentation for `lmn_vpn` module.
46 lines
1 KiB
Markdown
46 lines
1 KiB
Markdown
# VPN
|
|
|
|
Provides VPN access to school network via
|
|
|
|
- Wireguard
|
|
|
|
Which vpn method is used is determined by the variable `vpn`
|
|
|
|
Choices:
|
|
* `"none"` <- (default)
|
|
* `"wg"`
|
|
|
|
## Description / use cases
|
|
|
|
* This module provides a NetworkManager Config with valid wireguard credentials.
|
|
* Private/public keys will be created and configured on wireguard-server.
|
|
* After VPN-connection is established, network shares will be connected and printers will be installed too.
|
|
|
|
## Requirements
|
|
|
|
* You need to run a wireguard server. For installation see https://codeberg....
|
|
* The user, running this playbook, must have access to the wireguard-Server via ssh.
|
|
|
|
## Example
|
|
|
|
VPN profile will be created on teacher devices
|
|
|
|
inventory.yml
|
|
```yaml
|
|
infrastructure:
|
|
hosts:
|
|
wg_server:
|
|
ansible_host: 10.0.0.16
|
|
ansible_user: ansible
|
|
|
|
teacherdevices:
|
|
hosts:
|
|
10.0.14.[1..75]
|
|
vars:
|
|
vpn: wg
|
|
wg_endpoint: "203.0.113.1:51820"
|
|
wg_allowed_ips: "10.0.0.0/16;"
|
|
wg_ip_cdr: 24
|
|
wg_dns: "9.9.9.9"
|
|
wg_dns_search: "example.com"
|
|
```
|