mirror of
https://github.com/itdoginfo/ansible-openwrt-hirkn.git
synced 2025-12-13 18:44:31 +05:00
add wg_preshared_key variable and fix hashsize
This commit is contained in:
itdoginfo
@@ -58,6 +58,8 @@ rm -rf ansible-openwrt-hirkn README.md
|
|||||||
|
|
||||||
Остальное можно менять, в зависимости от того как настроен wireguard сервер
|
Остальное можно менять, в зависимости от того как настроен wireguard сервер
|
||||||
|
|
||||||
|
Если ваш wg сервер использует preshared_key, то раскомментируйте **wg_preshared_key** и задайте ключ
|
||||||
|
|
||||||
Запуск playbook
|
Запуск playbook
|
||||||
```
|
```
|
||||||
ansible-playbook playbooks/hirkn.yml
|
ansible-playbook playbooks/hirkn.yml
|
||||||
|
|||||||
@@ -12,6 +12,7 @@
|
|||||||
wg_server_address: wg_server_ip/url
|
wg_server_address: wg_server_ip/url
|
||||||
wg_private_key: privatekey-client
|
wg_private_key: privatekey-client
|
||||||
wg_public_key: publickey-server
|
wg_public_key: publickey-server
|
||||||
|
#wg_preshared_key: preshared-key
|
||||||
wg_listen_port: 51820
|
wg_listen_port: 51820
|
||||||
wg_client_port: 51820
|
wg_client_port: 51820
|
||||||
wg_client_address: 192.168.100.3/24
|
wg_client_address: 192.168.100.3/24
|
||||||
@@ -60,12 +61,6 @@
|
|||||||
dest: "/etc/rc.d/S99hirkn"
|
dest: "/etc/rc.d/S99hirkn"
|
||||||
state: link
|
state: link
|
||||||
|
|
||||||
- name: create crontab file
|
|
||||||
file:
|
|
||||||
dest: "/etc/crontabs/root"
|
|
||||||
state: touch
|
|
||||||
mode: 0600
|
|
||||||
|
|
||||||
- name: check string in crontab
|
- name: check string in crontab
|
||||||
shell: grep "hirkn" /etc/crontabs/root
|
shell: grep "hirkn" /etc/crontabs/root
|
||||||
register: check_cron
|
register: check_cron
|
||||||
@@ -123,7 +118,7 @@
|
|||||||
addresses:
|
addresses:
|
||||||
- "{{ wg_client_address }}"
|
- "{{ wg_client_address }}"
|
||||||
|
|
||||||
- name: set wg client
|
- name: set wg client without wg_preshared_key
|
||||||
uci:
|
uci:
|
||||||
command: section
|
command: section
|
||||||
config: network
|
config: network
|
||||||
@@ -137,7 +132,25 @@
|
|||||||
endpoint_host: "{{ wg_server_address }}"
|
endpoint_host: "{{ wg_server_address }}"
|
||||||
allowed_ips: 0.0.0.0/0
|
allowed_ips: 0.0.0.0/0
|
||||||
endpoint_port: "{{ wg_client_port }}"
|
endpoint_port: "{{ wg_client_port }}"
|
||||||
|
when: wg_preshared_key is undefined
|
||||||
|
|
||||||
|
- name: set wg client with wg_preshared_key
|
||||||
|
uci:
|
||||||
|
command: section
|
||||||
|
config: network
|
||||||
|
type: wireguard_wg0
|
||||||
|
find_by:
|
||||||
|
name: wg0_client
|
||||||
|
value:
|
||||||
|
public_key: "{{ wg_public_key }}"
|
||||||
|
preshared_key: "{{ wg_preshared_key }}"
|
||||||
|
route_allowed_ips: 0
|
||||||
|
persistent_keepalive: 25
|
||||||
|
endpoint_host: "{{ wg_server_address }}"
|
||||||
|
allowed_ips: 0.0.0.0/0
|
||||||
|
endpoint_port: "{{ wg_client_port }}"
|
||||||
|
when: wg_preshared_key is defined
|
||||||
|
|
||||||
- name: set rule mark0x1
|
- name: set rule mark0x1
|
||||||
uci:
|
uci:
|
||||||
command: section
|
command: section
|
||||||
@@ -149,14 +162,14 @@
|
|||||||
mark: "0x1"
|
mark: "0x1"
|
||||||
priority: 100
|
priority: 100
|
||||||
lookup: vpn
|
lookup: vpn
|
||||||
|
|
||||||
- name: set disable dns for wan
|
- name: set disable dns for wan
|
||||||
uci:
|
uci:
|
||||||
command: set
|
command: set
|
||||||
key: network.wan
|
key: network.wan
|
||||||
value:
|
value:
|
||||||
peerdns: 0
|
peerdns: 0
|
||||||
|
|
||||||
- name: uci commit
|
- name: uci commit
|
||||||
uci:
|
uci:
|
||||||
command: commit
|
command: commit
|
||||||
@@ -191,6 +204,7 @@
|
|||||||
value:
|
value:
|
||||||
dest: wg
|
dest: wg
|
||||||
src: lan
|
src: lan
|
||||||
|
family: ipv4
|
||||||
|
|
||||||
- name: add ipset for subnet
|
- name: add ipset for subnet
|
||||||
uci:
|
uci:
|
||||||
@@ -215,9 +229,9 @@
|
|||||||
match: dst_net
|
match: dst_net
|
||||||
storage: hash
|
storage: hash
|
||||||
loadfile: /tmp/lst/ip.lst
|
loadfile: /tmp/lst/ip.lst
|
||||||
hashsize: 1000000
|
hashsize: 9900000
|
||||||
maxelem: 1000000
|
maxelem: 9900000
|
||||||
|
|
||||||
- name: add mark rule vpn_subnet
|
- name: add mark rule vpn_subnet
|
||||||
uci:
|
uci:
|
||||||
command: section
|
command: section
|
||||||
@@ -232,6 +246,7 @@
|
|||||||
ipset: vpn_subnets
|
ipset: vpn_subnets
|
||||||
set_mark: "0x1"
|
set_mark: "0x1"
|
||||||
target: MARK
|
target: MARK
|
||||||
|
family: ipv4
|
||||||
|
|
||||||
- name: add mark rule vpn_ip
|
- name: add mark rule vpn_ip
|
||||||
uci:
|
uci:
|
||||||
@@ -247,6 +262,7 @@
|
|||||||
ipset: vpn_ip
|
ipset: vpn_ip
|
||||||
set_mark: "0x1"
|
set_mark: "0x1"
|
||||||
target: MARK
|
target: MARK
|
||||||
|
family: ipv4
|
||||||
|
|
||||||
- name: uci commit firewall
|
- name: uci commit firewall
|
||||||
uci:
|
uci:
|
||||||
@@ -260,7 +276,7 @@
|
|||||||
src: "{{ ansible_template_dir }}openwrt-dnscrypt-proxy.j2"
|
src: "{{ ansible_template_dir }}openwrt-dnscrypt-proxy.j2"
|
||||||
dest: "/etc/config/dnscrypt-proxy"
|
dest: "/etc/config/dnscrypt-proxy"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
|
||||||
- name: edit dhcp config. resolvfile commented
|
- name: edit dhcp config. resolvfile commented
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/config/dhcp
|
path: /etc/config/dhcp
|
||||||
@@ -275,7 +291,7 @@
|
|||||||
with_items:
|
with_items:
|
||||||
- " list server '127.0.0.1#5353'"
|
- " list server '127.0.0.1#5353'"
|
||||||
- " list server '/pool.ntp.org/208.67.222.222'"
|
- " list server '/pool.ntp.org/208.67.222.222'"
|
||||||
|
|
||||||
- name: enable and start dnscrypt-proxy
|
- name: enable and start dnscrypt-proxy
|
||||||
service:
|
service:
|
||||||
name: dnscrypt-proxy
|
name: dnscrypt-proxy
|
||||||
@@ -297,4 +313,4 @@
|
|||||||
- name: run hirkn script
|
- name: run hirkn script
|
||||||
service:
|
service:
|
||||||
name: hirkn
|
name: hirkn
|
||||||
state: started
|
state: started
|
||||||
Reference in New Issue
Block a user