Refactor lmn_vpn role
- Separate `lmn_vpn` from `lmn_teacherlaptop`. - Implement a check for the availability of the wireguard-server during the wg-config rollout. - Enhance variable support with a standardized naming schema: - VPN selection via `vpn` variable (`none`, `wg`). - Wireguard configuration (endpoint, allowed IPs, ip_cdr, dns, searchpath). - Run wg-config role in separate play with serial 1 to avoid conflicts, when the role attempts to determine the next free Wireguard IP on the server when role try to Add a check to verify if the radius certificate is revoked. - Ensure required packages and services are only installed and configured if the `vpn` variable is set. - Provide documentation for `lmn_vpn` module.
This commit is contained in:
Raphael Dannecker
parent
a68aaeb81c
commit
f1cb7486a5
11 changed files with 676 additions and 580 deletions
9
roles/lmn_vpn/defaults/main.yml
Normal file
9
roles/lmn_vpn/defaults/main.yml
Normal file
|
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
vpn: none
|
||||
|
||||
# Wireguad config
|
||||
wg_endpoint: "203.0.113.1:51820"
|
||||
wg_allowed_ips: "10.0.0.0/16;"
|
||||
wg_ip_cdr: 24
|
||||
wg_dns: "9.9.9.9"
|
||||
wg_dns_search: "example.com"
|
||||
Loading…
Add table
Add a link
Reference in a new issue