{"id":27255607,"url":"https://github.com/mawalu/wireguard-private-networking","last_synced_at":"2025-04-11T02:20:28.023Z","repository":{"id":52880850,"uuid":"153189733","full_name":"mawalu/wireguard-private-networking","owner":"mawalu","description":"Build your own multi server private network using wireguard and ansible","archived":false,"fork":false,"pushed_at":"2022-09-22T10:51:40.000Z","size":70,"stargazers_count":159,"open_issues_count":5,"forks_count":36,"subscribers_count":9,"default_branch":"master","last_synced_at":"2023-11-07T17:25:06.277Z","etag":null,"topics":["ansible","mesh","mesh-networks","private-network","vpn","wireguard"],"latest_commit_sha":null,"homepage":"","language":"Jinja","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mawalu.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-10-15T22:29:53.000Z","updated_at":"2023-10-11T14:33:26.000Z","dependencies_parsed_at":"2023-01-19T00:45:19.088Z","dependency_job_id":null,"html_url":"https://github.com/mawalu/wireguard-private-networking","commit_stats":null,"previous_names":[],"tags_count":22,"template":null,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mawalu%2Fwireguard-private-networking","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mawalu%2Fwireguard-private-networking/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mawalu%2Fwireguard-private-networking/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mawalu%2Fwireguard-private-networking/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mawalu","download_url":"https://codeload.github.com/mawalu/wireguard-private-networking/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248328355,"owners_count":21085298,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","mesh","mesh-networks","private-network","vpn","wireguard"],"created_at":"2025-04-11T02:20:27.413Z","updated_at":"2025-04-11T02:20:28.012Z","avatar_url":"https://github.com/mawalu.png","language":"Jinja","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Private server to server network with ansible and wireguard \n \n[![Ansible Role](https://img.shields.io/ansible/role/d/33136)](https://galaxy.ansible.com/mawalu/wireguard_private_networking)\n \nThis role allowes you to deploy a fast, secure and provider agnostic private network between multiple servers. This is usefull for providers that do not provide you with a private network or if you want to connect servers that are spread over multiple regions and providers.\n\n## How\n\nThe role installs [wireguard](https://wireguard.com) on Debian or Ubuntu, creates a mesh between all servers by adding them all as peers and configures the wg-quick systemd service.\n\n## Installation\n\nInstallation can be done using [ansible galaxy](https://galaxy.ansible.com/mawalu/wireguard_private_networking):\n\n```\n$ ansible-galaxy install mawalu.wireguard_private_networking\n```\n\n## Setup\n\nInstall this role, assign a `vpn_ip` variable to every host that should be part of the network and run the role. Plese make sure to allow the VPN port (default is 5888) in your firewall. Here is a small example configuration:\n\nOptionally, you can set a `public_addr` on each host. This address will be used to connect to the wireguard peer instead of the address in the inventory. Useful if you are configuring over a different network than wireguard is using. e.g. ansible connects over a LAN to your peer.\n\n```yaml\n# inventory host file\n\nwireguard:\n  hosts:\n    1.1.1.1:\n      vpn_ip: 10.1.0.1/32\n      public_addr: \"example.com\" # optional\n    2.2.2.2:\n      vpn_ip: 10.1.0.2/32\n\n```\n\n```yaml\n# playbook\n\n- name: Configure wireguard mesh\n  hosts: wireguard\n  remote_user: root\n  roles:\n    - mawalu.wireguard_private_networking\n```\n\n```yaml\n# playbook (with client config)\n- name: Configure wireguard mesh\n  hosts: wireguard\n  remote_user: root\n  vars:\n    client_vpn_ip: 10.1.0.100\n    client_wireguard_path: \"~/my-client-config.conf\"\n  roles:\n    - mawalu.wireguard_private_networking\n```\n\n## Additional configuration\n\nThere are a small number of role variables that can be overwritten.\n\n```yaml\nwireguard_port: \"5888\" # the port to use for server to server connections\nwireguard_path: \"/etc/wireguard\" # location of all wireguard configurations\n\nwireguard_network_name: \"private\" # the name to use for the config file and wg-quick\n\nwireguard_mtu: 1500 # Optionally a MTU to set in the wg-quick file. Not set by default. Can also be set per host\n\ndebian_enable_backports: true # if the debian backports repos should be added on debian machines\n\n# Raspberry Pi Zero support\n# Needs kernel headers and manual compilation of wireguard, opt in via flag, install `community.general` collection\n# Caution: Might trigger a reboot.\nallow_build_from_source: true\n\nwireguard_sources_path: \"/var/cache\" # Location to clone the WireGuard sources if manual build is required\n\nclient_vpn_ip: \"\" # if set an additional wireguard config file will be generated at the specified path on localhost\nclient_wireguard_path: \"~/wg.conf\" # path on localhost to write client config, if client_vpn_ip is set\n\n# a list of additional peers that will be added to each server\nwireguard_additional_peers:\n  - comment: martin\n    ip: 10.2.3.4\n    key: your_wireguard_public_key\n  - comment: other_network\n    ip: 10.32.0.0/16\n    key: their_wireguard_public_key\n    keepalive: 20 \n    endpoint: some.endpoint:2230 \n\nwireguard_post_up: \"iptables ...\" # PostUp hook command\nwireguard_post_down: \"iptables\"   # PostDown hook command\n```\n\n## Testing\n\nThis role has a small test setup that is created using [molecule](https://github.com/ansible-community/molecule). To run the tests follow the molecule [install guide](https://molecule.readthedocs.io/en/latest/installation.html), ensure that a docker daemon runs on your machine and execute `molecule test`.\n\n## Contributing\n\nFeel free to open issues or MRs if you find problems or have ideas for improvements. I'm especially open for MRs that add support for additional operating systems and more tests.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmawalu%2Fwireguard-private-networking","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmawalu%2Fwireguard-private-networking","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmawalu%2Fwireguard-private-networking/lists"}