valleyforge/resist-vpn-infra
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
resist-vpn-infra/roles/wireguard_server/defaults/main.yml
Sparticus 28db1d2104 CIS + inital
2026-01-26 21:22:41 -05:00

42 lines
1.1 KiB
YAML
Raw Permalink Blame History

---
# WireGuard Server Role - Default Variables
# WireGuard interface configuration
wg_interface: wg0
wg_port: 51820
wg_network: "10.100.0.0/24"
wg_server_ip: "10.100.0.1"
# DNS servers for VPN clients
wg_dns_servers:
- "1.1.1.1"
- "1.0.0.1"
# WireGuard users/peers
# Format:
# wg_peers:
# - name: user1
# ip: 10.100.0.10
# - name: user2
# ip: 10.100.0.11
wg_peers: []
# Automatic peer IP allocation
wg_auto_allocate_ips: true
wg_ip_start: 10 # Start allocating from 10.100.0.10
# Key management
wg_keys_dir: "/etc/wireguard/keys"
wg_config_dir: "/etc/wireguard"
wg_client_configs_dir: "/root/wireguard-client-configs"
# Post-up and post-down rules for NAT
wg_postup: "iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o {{ ansible_default_ipv4.interface }} -j MASQUERADE"
wg_postdown: "iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o {{ ansible_default_ipv4.interface }} -j MASQUERADE"
# Keepalive
wg_persistent_keepalive: 25
# MTU
wg_mtu: 1420
Reference in New Issue View Git Blame Copy Permalink