CIS + inital
This commit is contained in:
@@ -0,0 +1,41 @@
|
||||
---
|
||||
# WireGuard Server Role - Default Variables
|
||||
|
||||
# WireGuard interface configuration
|
||||
wg_interface: wg0
|
||||
wg_port: 51820
|
||||
wg_network: "10.100.0.0/24"
|
||||
wg_server_ip: "10.100.0.1"
|
||||
|
||||
# DNS servers for VPN clients
|
||||
wg_dns_servers:
|
||||
- "1.1.1.1"
|
||||
- "1.0.0.1"
|
||||
|
||||
# WireGuard users/peers
|
||||
# Format:
|
||||
# wg_peers:
|
||||
# - name: user1
|
||||
# ip: 10.100.0.10
|
||||
# - name: user2
|
||||
# ip: 10.100.0.11
|
||||
wg_peers: []
|
||||
|
||||
# Automatic peer IP allocation
|
||||
wg_auto_allocate_ips: true
|
||||
wg_ip_start: 10 # Start allocating from 10.100.0.10
|
||||
|
||||
# Key management
|
||||
wg_keys_dir: "/etc/wireguard/keys"
|
||||
wg_config_dir: "/etc/wireguard"
|
||||
wg_client_configs_dir: "/root/wireguard-client-configs"
|
||||
|
||||
# Post-up and post-down rules for NAT
|
||||
wg_postup: "iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o {{ ansible_default_ipv4.interface }} -j MASQUERADE"
|
||||
wg_postdown: "iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o {{ ansible_default_ipv4.interface }} -j MASQUERADE"
|
||||
|
||||
# Keepalive
|
||||
wg_persistent_keepalive: 25
|
||||
|
||||
# MTU
|
||||
wg_mtu: 1420
|
||||
Reference in New Issue
Block a user