playbooks/trixie
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
trixie/doc/vpn.md

47 lines
1 KiB
Markdown
Raw Normal View History

Refactor lmn_vpn role - Separate `lmn_vpn` from `lmn_teacherlaptop`. - Implement a check for the availability of the wireguard-server during the wg-config rollout. - Enhance variable support with a standardized naming schema: - VPN selection via `vpn` variable (`none`, `wg`). - Wireguard configuration (endpoint, allowed IPs, ip_cdr, dns, searchpath). - Run wg-config role in separate play with serial 1 to avoid conflicts, when the role attempts to determine the next free Wireguard IP on the server when role try to Add a check to verify if the radius certificate is revoked. - Ensure required packages and services are only installed and configured if the `vpn` variable is set. - Provide documentation for `lmn_vpn` module.
2025-03-20 21:13:20 +01:00
# VPN
Provides VPN access to school network via
- Wireguard
Which vpn method is used is determined by the variable `vpn`
Choices:
* `"none"` <- (default)
* `"wg"`
## Description / use cases
* This module provides a NetworkManager Config with valid wireguard credentials.
* Private/public keys will be created and configured on wireguard-server.
* After VPN-connection is established, network shares will be connected and printers will be installed too.
## Requirements
* You need to run a wireguard server. For installation see https://codeberg....
* The user, running this playbook, must have access to the wireguard-Server via ssh.
## Example
VPN profile will be created on teacher devices
inventory.yml
```yaml
infrastructure:
hosts:
wg_server:
ansible_host: 10.0.0.16
ansible_user: ansible
teacherdevices:
hosts:
10.0.14.[1..75]
vars:
vpn: wg
wg_endpoint: "203.0.113.1:51820"
wg_allowed_ips: "10.0.0.0/16;"
wg_ip_cdr: 24
wg_dns: "9.9.9.9"
wg_dns_search: "example.com"
```
Reference in a new issue Copy permalink