chore: complete update

ansible/wireguard-server/roles/wireguard/defaults/main.yml

@@ -0,0 +1,6 @@
+wireguard_interface: wg0
+wireguard_port: 51820
+wireguard_address: 10.8.0.1/24
+wireguard_server_ip: 94.16.110.151  # oder deine Domain
+
+wireguard_network: "10.8.0.0/24"

ansible/wireguard-server/roles/wireguard/tasks/configure.yml

@@ -0,0 +1,126 @@
+---
+# WireGuard Server konfigurieren
+- name: Erstelle WireGuard-Verzeichnis
+  file:
+    path: /etc/wireguard
+    state: directory
+    mode: '0700'
+    owner: root
+    group: root
+
+- name: Erstelle Client-Config-Verzeichnis
+  file:
+    path: /etc/wireguard/clients
+    state: directory
+    mode: '0700'
+    owner: root
+    group: root
+
+# Server-Schlüssel verwalten
+- name: Prüfe ob Server-Schlüssel existieren
+  stat:
+    path: /etc/wireguard/server-private.key
+  register: server_private_key_stat
+
+- name: Generiere Server-Schlüssel
+  shell: |
+    wg genkey | tee /etc/wireguard/server-private.key | wg pubkey > /etc/wireguard/server-public.key
+    chmod 600 /etc/wireguard/server-private.key /etc/wireguard/server-public.key
+  when: not server_private_key_stat.stat.exists
+
+- name: Lese Server-Schlüssel
+  slurp:
+    src: /etc/wireguard/server-private.key
+  register: server_private_key_content
+
+- name: Lese Server-Public-Key
+  slurp:
+    src: /etc/wireguard/server-public.key
+  register: server_public_key_content
+
+- name: Setze Server-Schlüssel als Facts
+  set_fact:
+    wg_server_private_key: "{{ server_private_key_content.content | b64decode | trim }}"
+    wg_server_public_key: "{{ server_public_key_content.content | b64decode | trim }}"
+
+# Client-Schlüssel generieren
+- name: Generiere Client-Schlüssel
+  shell: |
+    cd /etc/wireguard/clients
+    if [ ! -f "{{ item.name }}-private.key" ]; then
+      wg genkey | tee "{{ item.name }}-private.key" | wg pubkey > "{{ item.name }}-public.key"
+      chmod 600 "{{ item.name }}-private.key" "{{ item.name }}-public.key"
+    fi
+  loop: "{{ wireguard_clients }}"
+
+# Generiere Pre-shared Keys
+- name: Generiere Pre-shared Keys für Clients
+  shell: |
+    cd /etc/wireguard/clients
+    if [ ! -f "{{ item.name }}-psk.key" ]; then
+      wg genpsk > "{{ item.name }}-psk.key"
+      chmod 600 "{{ item.name }}-psk.key"
+    fi
+  loop: "{{ wireguard_clients }}"
+  when: wireguard_pre_shared_key | default(false)
+
+# Lade alle Client-Keys
+- name: Lese Client-Private-Keys
+  slurp:
+    src: /etc/wireguard/clients/{{ item.name }}-private.key
+  loop: "{{ wireguard_clients }}"
+  register: client_private_keys
+
+- name: Lese Client-Public-Keys
+  slurp:
+    src: /etc/wireguard/clients/{{ item.name }}-public.key
+  loop: "{{ wireguard_clients }}"
+  register: client_public_keys
+
+- name: Lese Pre-shared Keys
+  slurp:
+    src: /etc/wireguard/clients/{{ item.name }}-psk.key
+  loop: "{{ wireguard_clients }}"
+  register: client_psk_keys
+  when: wireguard_pre_shared_key | default(false)
+
+# Erstelle Key-Dictionaries
+- name: Erstelle Client-Key-Dictionary
+  set_fact:
+    wg_client_private_keys: "{{ dict(wireguard_clients | map(attribute='name') | list | zip(client_private_keys.results | map(attribute='content') | map('b64decode') | map('trim') | list)) }}"
+    wg_client_public_keys: "{{ dict(wireguard_clients | map(attribute='name') | list | zip(client_public_keys.results | map(attribute='content') | map('b64decode') | map('trim') | list)) }}"
+
+- name: Erstelle Pre-shared Key Dictionary
+  set_fact:
+    wg_client_psk_keys: "{{ dict(wireguard_clients | map(attribute='name') | list | zip(client_psk_keys.results | map(attribute='content') | map('b64decode') | map('trim') | list)) }}"
+  when: 
+    - wireguard_pre_shared_key | default(false)
+    - client_psk_keys is defined
+
+# Server-Konfiguration erstellen
+- name: Erstelle WireGuard-Server-Konfiguration
+  template:
+    src: wg0.conf.j2
+    dest: /etc/wireguard/wg0.conf
+    mode: '0600'
+    owner: root
+    group: root
+  notify: restart wireguard
+
+# Client-Konfigurationen erstellen
+- name: Erstelle Client-Konfigurationen
+  template:
+    src: client.conf.j2
+    dest: /etc/wireguard/clients/{{ item.name }}.conf
+    mode: '0600'
+    owner: root
+    group: root
+  loop: "{{ wireguard_clients }}"
+
+# WireGuard-Service konfigurieren
+- name: Aktiviere WireGuard-Service
+  systemd:
+    name: wg-quick@wg0
+    enabled: true
+    state: started
+    daemon_reload: true

ansible/wireguard-server/roles/wireguard/tasks/install.yml

@@ -0,0 +1,8 @@
+---
+# Installiere WireGuard
+- name: Installiere WireGuard
+  apt:
+    name: wireguard
+    state: present
+    update_cache: yes
+  when: ansible_connection != "local"

ansible/wireguard-server/roles/wireguard/tasks/main.yml

@@ -0,0 +1,21 @@
+---
+- name: Prüfe erforderliche Variablen
+  assert:
+    that:
+      - wireguard_clients is defined
+      - wireguard_server_ip is defined
+      - wireguard_network is defined
+    fail_msg: "WireGuard-Konfiguration unvollständig: erforderliche Variablen nicht definiert"
+    success_msg: "WireGuard-Variablen korrekt definiert"
+  tags: [always]
+
+- name: Installiere WireGuard
+  import_tasks: install.yml
+  when: ansible_connection != "local"
+
+- name: Konfiguriere WireGuard
+  import_tasks: configure.yml
+
+- name: Konfiguriere Netzwerk für WireGuard
+  import_tasks: network.yml
+  when: ansible_connection != "local"

ansible/wireguard-server/roles/wireguard/templates/client.conf.j2

@@ -0,0 +1,20 @@
+[Interface]
+PrivateKey = {{ wg_client_private_keys[item.name] }}
+Address = {{ item.address }}/32
+{% if wireguard_dns_servers is defined %}
+DNS = {{ wireguard_dns_servers | join(', ') }}
+{% endif %}
+{% if wireguard_mtu is defined %}
+MTU = {{ wireguard_mtu }}
+{% endif %}
+
+[Peer]
+PublicKey = {{ wg_server_public_key }}
+Endpoint = {{ wireguard_server_ip }}:{{ wireguard_port }}
+AllowedIPs = {{ wireguard_network }}
+{% if wireguard_keepalive is defined %}
+PersistentKeepalive = {{ wireguard_keepalive }}
+{% endif %}
+{% if wireguard_pre_shared_key | default(false) and wg_client_psk_keys is defined %}
+PresharedKey = {{ wg_client_psk_keys[item.name] }}
+{% endif %}

ansible/wireguard-server/roles/wireguard/templates/wg0.conf.j2

@@ -0,0 +1,28 @@
+[Interface]
+Address = {{ wireguard_address }}
+PrivateKey = {{ wg_server_private_key }}
+ListenPort = {{ wireguard_port }}
+{% if wireguard_mtu is defined %}
+MTU = {{ wireguard_mtu }}
+{% endif %}
+
+# Einfache NAT-Regeln für VPN-Traffic
+PostUp = iptables -t nat -I POSTROUTING -o {{ wireguard_exit_interface }} -s {{ wireguard_network }} -j MASQUERADE
+PostUp = iptables -I FORWARD -i {{ wireguard_interface }} -j ACCEPT
+PostUp = iptables -I FORWARD -o {{ wireguard_interface }} -j ACCEPT
+
+PostDown = iptables -t nat -D POSTROUTING -o {{ wireguard_exit_interface }} -s {{ wireguard_network }} -j MASQUERADE
+PostDown = iptables -D FORWARD -i {{ wireguard_interface }} -j ACCEPT
+PostDown = iptables -D FORWARD -o {{ wireguard_interface }} -j ACCEPT
+
+# Client-Peers
+{% for client in wireguard_clients %}
+[Peer]
+# {{ client.name }}
+PublicKey = {{ wg_client_public_keys[client.name] }}
+AllowedIPs = {{ client.address }}/32
+{% if wireguard_pre_shared_key | default(false) and wg_client_psk_keys is defined %}
+PresharedKey = {{ wg_client_psk_keys[client.name] }}
+{% endif %}
+
+{% endfor %}

ansible/wireguard-server/wireguard-create-config.yml

@@ -0,0 +1,53 @@
+---
+- name: Create WireGuard Client Configurations
+  hosts: vpn
+  become: true
+  gather_facts: false
+  
+  tasks:
+    - name: Ensure client directory exists
+      file:
+        path: /etc/wireguard/clients
+        state: directory
+        mode: '0700'
+    
+    - name: Load existing server keys
+      slurp:
+        src: /etc/wireguard/server-public.key
+      register: server_pub_key
+    
+    - name: Set server public key fact
+      set_fact:
+        wg_server_public_key: "{{ server_pub_key.content | b64decode | trim }}"
+    
+    - name: Generate client configurations
+      include_role:
+        name: wireguard
+        tasks_from: configure
+      vars:
+        wg_server_public_key: "{{ server_pub_key.content | b64decode | trim }}"
+    
+    - name: List created client configurations
+      find:
+        paths: /etc/wireguard/clients
+        patterns: "*.conf"
+      register: client_configs
+    
+    - name: Show created configurations
+      debug:
+        msg: "Created client configurations: {{ client_configs.files | map(attribute='path') | map('basename') | list }}"
+    
+    - name: Generate QR codes for mobile clients
+      shell: qrencode -t ansiutf8 < /etc/wireguard/clients/{{ item.name }}.conf
+      loop: "{{ wireguard_clients }}"
+      register: qr_results
+      when: item.name is search('phone|mobile')
+      ignore_errors: true
+    
+    - name: Display QR codes
+      debug:
+        msg: |
+          QR Code for {{ item.item.name }}:
+          {{ item.stdout }}
+      loop: "{{ qr_results.results }}"
+      when: item.stdout is defined and not item.failed

ansible/wireguard-server/wireguard-install-server.yml

@@ -0,0 +1,27 @@
+---
+- name: Install WireGuard Server
+  hosts: vpn
+  become: true
+  gather_facts: true
+  
+  pre_tasks:
+    - name: Update package cache
+      apt:
+        update_cache: true
+        cache_valid_time: 3600
+  
+  roles:
+    - role: wireguard
+      tags: [install, configure]
+
+  post_tasks:
+    - name: Show WireGuard status
+      command: wg show
+      register: wg_status
+      changed_when: false
+      ignore_errors: true
+    
+    - name: Display WireGuard status
+      debug:
+        var: wg_status.stdout_lines
+      when: wg_status.stdout is defined