Lutra_IT_Ansible/stepstones-lutra
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
No description
This repository has been archived on 2025-09-10. You can view files and clone it, but you cannot make any changes to its state, such as pushing and creating new issues, pull requests or comments.
640 commits 1 branch 0 tags 1.4 MiB
Find a file
Exact
Eelco Maljaars b7f38c55d5
 logcheck filtering updates
2024-03-21 21:50:48 +01:00
collections split Lutra IT stepstones playbook from the larger collection 2023-07-22 07:31:09 +02:00
inventories/production new public IP Delta Fiber 2024-03-21 21:50:36 +01:00
roles logcheck filtering updates 2024-03-21 21:50:48 +01:00
.editorconfig manage sysctl settings too, handle restarts 2023-07-22 09:39:55 +02:00
.gitignore Move baseline roles to seperate git repos 2022-05-06 20:32:09 +02:00
.gitlab-ci.yml split Lutra IT stepstones playbook from the larger collection 2023-07-22 07:31:09 +02:00
.pre-commit-config.yaml Allow TCP forwarding on the jumhosts to facility ssh proxy 2023-06-24 21:46:28 +02:00
ansible.cfg Fixed deprecation warning 2021-12-02 06:26:18 +01:00
README.md added documentation 2023-07-22 09:32:08 +02:00
site.yml Add managed unbound setup to VPN host 2024-02-10 11:00:04 +01:00

README.md

README for wpi-ansible repository

What is this?

This is a set of ansible scripts to manage Lutra IT stepstone / management hosts

Usage

Configuration mgmt / deployment

To run all configuration for the WPI group on your test enviroment:

First install 3rd party ansible roles:

$ ansible-galaxy install -r roles/requirements.yml

Then :

$ ansible-playbook --vault-password-file=~/.vault_passwd -i inventories/production site.yml

VPN client setup

  • Secret genereren voor nieuwe client:
wg genkey | tee privatekey | wg pubkey > publickey
  • Template wireguard config:
[Interface]
PrivateKey = XXXXXXXXXXXXXX
Address = 10.45.45.XX/32

[Peer]
PublicKey = Fi2CB7p2iTkZ3FibgRU7kcJ9v0cubSwLL8Db2c2Vjl8=
AllowedIPs = 10.45.45.0/24, 185.233.34.0/24, 142.132.169.13/32, 46.23.92.48/32, 92.247.181.40/32, 86.105.244.7/32, 86.105.244.2/32, 185.206.232.42/32, 176.9.151.27/32, 176.9.151.179/32, 85.10.156.0/24, 88.99.149.207/32, 88.99.66.117/32, 65.21.105.159/32, 159.69.50.200/32, 49.13.28.252/32, 135.181.207.45/32, 95.217.153.4/32, 65.21.111.187/32
Endpoint = a[1-2].lutra.it:1194

Elke client krijgt twee configuraties: een die wijst naar a1.lutra.it en een die wijst naar a2.lutra.it

  • client toevoegen aan server config in inventories/production/group_vars/all.yaml
wireguard:
  interfaces:
    - name: "wg0"
      private_key: !vault |
           [KNIP]
      ipv4_address: "10.45.45.1/24"
      port: "1194"
      peers:
        - public_key: "HoKdfmlWTRXxDZ1szcrIOHUQwBM1Vdy2D+SdnrmCbU4="
          ipv4_address: "10.45.45.6/32"
        - public_key: "qtWd0JliyhOBGH/KG3rgHH32SCm39Km+RP0ZjSIMl0U="
          ipv4_address: "10.45.45.8/32"
        - public_key: "YYYYYYYYYYYYYYYYYYYYYYYY"
          ipv4_address: "10.45.45.XX/32"
  • ansible playbook opnieuw tegen de servers draaien:
ansible-playbook -i inventories/production/ site.yml --vault-password-file=~/.vault_lutra -t application