add wg_preshared_key variable and fix hashsize

2025-12-13 18:44:31 +05:00 · 2022-06-09 22:45:09 +07:00
parent 67f357cd91
commit f5ff3e3abc
2 changed files with 33 additions and 15 deletions
--- a/README.md
+++ b/README.md
@@ -58,6 +58,8 @@ rm -rf ansible-openwrt-hirkn README.md

 Остальное можно менять, в зависимости от того как настроен wireguard сервер

+Если ваш wg сервер использует preshared_key, то раскомментируйте **wg_preshared_key** и задайте ключ
+
 Запуск playbook
 ```
 ansible-playbook playbooks/hirkn.yml
--- a/playbooks/hirkn.yml
+++ b/playbooks/hirkn.yml
@@ -12,6 +12,7 @@
    wg_server_address: wg_server_ip/url
    wg_private_key: privatekey-client
    wg_public_key: publickey-server
+    #wg_preshared_key: preshared-key
    wg_listen_port: 51820
    wg_client_port: 51820
    wg_client_address: 192.168.100.3/24
@@ -60,12 +61,6 @@
      dest: "/etc/rc.d/S99hirkn"
      state: link

-  - name: create crontab file
-    file:
-      dest: "/etc/crontabs/root"
-      state: touch
-      mode: 0600
-
  - name: check string in crontab
    shell: grep "hirkn" /etc/crontabs/root
    register: check_cron
@@ -123,7 +118,7 @@
        addresses:
          - "{{ wg_client_address }}"
      
-  - name: set wg client
+  - name: set wg client without wg_preshared_key
    uci:
      command: section
      config: network
@@ -137,6 +132,24 @@
        endpoint_host: "{{ wg_server_address }}"
        allowed_ips: 0.0.0.0/0
        endpoint_port: "{{ wg_client_port }}"
+    when: wg_preshared_key is undefined
+        
+  - name: set wg client with wg_preshared_key
+    uci:
+      command: section
+      config: network
+      type: wireguard_wg0
+      find_by:
+        name: wg0_client
+      value:
+        public_key: "{{ wg_public_key }}"
+        preshared_key: "{{ wg_preshared_key }}"
+        route_allowed_ips: 0
+        persistent_keepalive: 25
+        endpoint_host: "{{ wg_server_address }}"
+        allowed_ips: 0.0.0.0/0
+        endpoint_port: "{{ wg_client_port }}"
+    when: wg_preshared_key is defined

  - name: set rule mark0x1
    uci:
@@ -191,6 +204,7 @@
      value:
        dest: wg
        src: lan
+        family: ipv4
        
  - name: add ipset for subnet
    uci:
@@ -215,8 +229,8 @@
         match: dst_net
         storage: hash
         loadfile: /tmp/lst/ip.lst
-         hashsize: 1000000
-         maxelem: 1000000
+         hashsize: 9900000
+         maxelem: 9900000

  - name: add mark rule vpn_subnet
    uci:
@@ -232,6 +246,7 @@
         ipset: vpn_subnets
         set_mark: "0x1"
         target: MARK
+         family: ipv4

  - name: add mark rule vpn_ip
    uci:
@@ -247,6 +262,7 @@
         ipset: vpn_ip
         set_mark: "0x1"
         target: MARK
+         family: ipv4

  - name: uci commit firewall
    uci: