From 452f4bef1481dfc518471c124b4909a88db1cf5e Mon Sep 17 00:00:00 2001
From: Lulzette <ivan@lulzette.ru>
Date: Wed, 10 Nov 2021 17:47:51 +0000
Subject: [PATCH] Init

---
 README.md                               |  3 +++
 ansible.cfg                             |  3 +++
 inventory                               |  7 +++++++
 playbook.yml                            | 11 ++++++++++
 roles/docker/tasks/main.yml             | 14 +++++++++++++
 roles/nyancat/files/nyancat-tty.service | 17 +++++++++++++++
 roles/nyancat/tasks/main.yml            | 28 +++++++++++++++++++++++++
 roles/openvpn/tasks/main.yml            |  0
 roles/wireguard/tasks/main.yml          | 23 ++++++++++++++++++++
 roles/wireguard/templates/wghub.conf.j2 |  4 ++++
 10 files changed, 110 insertions(+)
 create mode 100644 README.md
 create mode 100644 ansible.cfg
 create mode 100644 inventory
 create mode 100644 playbook.yml
 create mode 100644 roles/docker/tasks/main.yml
 create mode 100644 roles/nyancat/files/nyancat-tty.service
 create mode 100644 roles/nyancat/tasks/main.yml
 create mode 100644 roles/openvpn/tasks/main.yml
 create mode 100644 roles/wireguard/tasks/main.yml
 create mode 100644 roles/wireguard/templates/wghub.conf.j2

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..8b80a19
--- /dev/null
+++ b/README.md
@@ -0,0 +1,3 @@
+wg genkey
+
+echo `wg genkey` | wg pubkey
diff --git a/ansible.cfg b/ansible.cfg
new file mode 100644
index 0000000..ba6efb0
--- /dev/null
+++ b/ansible.cfg
@@ -0,0 +1,3 @@
+# ansible.cfg
+[defaults]
+inventory = inventory
diff --git a/inventory b/inventory
new file mode 100644
index 0000000..7a0189a
--- /dev/null
+++ b/inventory
@@ -0,0 +1,7 @@
+# inventory/hosts
+
+[vpns]
+test_vpn ansible_host=195.140.147.45 ansible_ssh_user=root
+
+[all:vars]
+ansible_python_interpreter=/usr/bin/python3
diff --git a/playbook.yml b/playbook.yml
new file mode 100644
index 0000000..1a795b9
--- /dev/null
+++ b/playbook.yml
@@ -0,0 +1,11 @@
+---
+- hosts: vpns
+  roles:
+    - docker
+    - wireguard
+    - openvpn
+    - nyancat
+  vars:
+    wg_pubkey: PHww02NctXHyNM8Jf/n/QzhL07VXbFYxuUsq6OAXHFc=
+    wg_privkey: uDUNwltNneDXvurpw/yZGpTfL+Vfcp7GX6BmOFbNBXg=
+    wg_port: 40124
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
new file mode 100644
index 0000000..c9d55ba
--- /dev/null
+++ b/roles/docker/tasks/main.yml
@@ -0,0 +1,14 @@
+---
+- name: Install docker
+  apt:
+    name: ['docker.io', 'docker-compose']
+    state: present
+    update_cache: yes
+- name: Run mtproto container
+  community.docker.docker_container:
+    name: mtproto-telegram
+    state: present
+    image: telegrammessenger/proxy
+    ports:
+      - '443:443'
+
diff --git a/roles/nyancat/files/nyancat-tty.service b/roles/nyancat/files/nyancat-tty.service
new file mode 100644
index 0000000..c28f8e6
--- /dev/null
+++ b/roles/nyancat/files/nyancat-tty.service
@@ -0,0 +1,17 @@
+[Unit]
+Description=nyancat on tty1
+After=graphical.target
+
+[Service]
+Type=simple
+ExecStartPre=/bin/sleep 5
+ExecStart=/usr/bin/nyancat -snI
+ExecStop=/bin/kill -HUP ${MAINPID}
+StandardInput=tty
+StandardOutput=tty
+TTYPath=/dev/tty1
+Restart=always
+RestartSec=2
+
+[Install]
+WantedBy=graphical.target
diff --git a/roles/nyancat/tasks/main.yml b/roles/nyancat/tasks/main.yml
new file mode 100644
index 0000000..4db96e1
--- /dev/null
+++ b/roles/nyancat/tasks/main.yml
@@ -0,0 +1,28 @@
+---
+- name: Install nyancat
+  apt:
+    name: nyancat
+    state: present
+  when: ansible_facts['os_family'] == "Debian"
+
+- name: Install nyancat unit
+  copy:
+    src: files/nyancat-tty.service
+    dest: /etc/systemd/system/nyancat-tty.service
+
+- name: Disable tty
+  systemd:
+    name: "{{ item }}"
+    enabled: no
+    state: stopped
+  loop:
+    - getty
+    - getty@tty1
+  ignore_errors: True
+
+- name: Install nyancat unit
+  systemd:
+    name: nyancat-tty
+    enabled: yes
+    state: started
+    daemon_reload: yes
diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml
new file mode 100644
index 0000000..e69de29
diff --git a/roles/wireguard/tasks/main.yml b/roles/wireguard/tasks/main.yml
new file mode 100644
index 0000000..66e4f0f
--- /dev/null
+++ b/roles/wireguard/tasks/main.yml
@@ -0,0 +1,23 @@
+---
+- name: install wg packages
+  apt: 
+    name: ['wireguard','wireguard-tools']
+    state: present
+
+- name: install wg hub config
+  template:
+    src: templates/wghub.conf.j2
+    dest: /etc/wireguard/wghub.conf
+
+- name: enable and persist ip forwarding
+  sysctl:
+    name: net.ipv4.ip_forward
+    value: "1"
+    state: present
+    sysctl_set: yes
+    reload: yes
+- name: start and enable wireguard
+  systemd:
+    name: wg-quick@wghub
+    enabled: yes
+    state: started
diff --git a/roles/wireguard/templates/wghub.conf.j2 b/roles/wireguard/templates/wghub.conf.j2
new file mode 100644
index 0000000..a9c4587
--- /dev/null
+++ b/roles/wireguard/templates/wghub.conf.j2
@@ -0,0 +1,4 @@
+[Interface]
+Address = 10.205.101.1/24
+ListenPort = {{ wg_port }}
+PrivateKey = {{ wg_privkey }}