athens-school/Ansible
4
0
Fork 0
Code Issues 4 Pull Requests Packages Projects Releases Wiki Activity

docs(Wireguard): Add documentation

Browse Source
This commit is contained in:
Tanguy Herbron 2025-03-25 18:01:19 +01:00
parent 551aa7a9cf
commit 55a6e0f713
1 changed files with 36 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
docs/6-network.md
View File

@ -1,4 +1,38 @@
# Network
Coming soon !
// Wireguard
Our infrascture may have machines accross multiple locations. We need to ensure that all machines can communicate with each other, even if they are behind a NAT. To allow such configuration, we will be using a VPN, more precisely, Wireguard. This also has the advantage of encrypting all traffic going between nodes.
To ease the installation process, the installation is handled by [Jawher Moussa's ansible playbook](https://github.com/jawher/automation-wireguard).
## Configuration
When adding a new host to the inventory, the following entry needs to be added:
```yaml
all:
hosts:
<hostname>:
wireguard_ip: <wireguard_ip>
[...]
```
The `wireguard_ip` is the unique IP address the host will use to communicate with other hosts.
It is also recommended to change the `wireguard_port` in `inventory/*/group_vars/all.yml` to a random port for added obfuscation.
Lastly, you can modify the `wireguard_mask_bits` to change the size of the subnet, but it is recommended to keep it at 8 for 254 IPs.
### UFW
For added security, UFW can be installed, but isn't enabled by default with these playbooks. To enable it, set the `enable_ufw` variable to `true` in `inventory/*/group_vars/all.yml`.
You will need to read more about the playbook's documentation [here](https://github.com/jawher/automation-wireguard).
## Installation
To install Wireguard on all hosts, run the following commands:
```bash
# Select the desired environment
export ENV=<environment>
# Install Wireguard
make wg
```