Refactor lmn_vpn role

- Separate `lmn_vpn` from `lmn_teacherlaptop`.
- Implement a check for the availability of the wireguard-server during the wg-config rollout.
- Enhance variable support with a standardized naming schema:
  - VPN selection via `vpn` variable (`none`, `wg`).
  - Wireguard configuration (endpoint, allowed IPs, ip_cdr, dns, searchpath).
- Run wg-config role in separate play with serial 1 to avoid conflicts, when the role attempts
  to determine the next free Wireguard IP on the server when role try to Add a check to verify if the radius certificate is revoked.
- Ensure required packages and services are only installed and configured if the `vpn` variable is set.
- Provide documentation for `lmn_vpn` module.
This commit is contained in:
Raphael Dannecker 2025-03-20 21:13:20 +01:00
parent a68aaeb81c
commit f1cb7486a5
11 changed files with 676 additions and 580 deletions

View file

@ -1,26 +0,0 @@
[connection]
id=VPN-Schule
type=wireguard
autoconnect=false
interface-name=wg0
[wireguard]
listen-port=51820
private-key={{ wg_privatekey }}
mtu=1280
[wireguard-peer.{{ wg_serverpublickey }}]
endpoint={{ wg_endpoint }}
allowed-ips={{ wg_allowed_ips }}
[ipv4]
address1={{ wg_ip }}/{{ wg_ip_cdr }}
dns={{ wg_dns }}
dns-search={{ wg_dns_search }}
method=manual
[ipv6]
addr-gen-mode=stable-privacy
method=ignore
[proxy]