Silent Drop: Wireguard Ansible Role From The Silent Architect

ghostware.jpg

If you read this, you already know what a VPN is.

OpenVPN was once the standard.
IPSec handled the corporate network jungle.

Complexity is a danger. A liability.

This is where Wireguard strikes.

Wireguard - The Silent Guardian

It's not a huge app.
WireGuard lives in the Linux kernel. Other systems run it in user space - same protocol, same silence.

  • Simple configuration.
  • Modern cryptography.
  • Light footprint.
  • Auditable code size.

Wireguard is like The Silent Architect - no fluff, no over-complication.

Ansible - The Moving Hands Of Precision

Ansible is trusted.
Simple.

It already proved its capabilities.
It has its place in the GhostWare.

The Wireguard Ansible Role - A Silent Drop From DeadSwitch

OpenVPN and the OpenVPN Ansible Role has been field tested for long - now retired.

DeadSwitch adapts:

  • Wireguard hums silently on the Ghost Infra.
  • Ansible and the new role handles its deployment.

Privacy and digital freedom is for everyone - so the new role is open-source:

DeadSwitch Wireguard Role on GitHub

  • Audit.
  • Use.
  • Share.
  • Criticize.

It's simple.
Idempotent.
Safe by design.

It handles the peers' configuration. 

-  name:  Deploy Wireguard VPN server
   hosts: vpn-servers
   become:  true
   roles:
    -  role: ds-wireguard
       vars:
         wg_vpn_network: 10.200.200.1/24
         wg_vpn_interface: wg0
         wg_vpn_port: 51820
         wg_network_interface: enp1s0
         vault_wg_private_key:  " {{  vault_wg_private_key  }} "    #  Optional
         wg_peers:
           iron:
             public_key: e2V40zdPiX43lqOamcoEI8J10uKaXWBeKwf+spWDWgc=
             allowed_ips: 10.200.200.2/32

Stay silent.
Stay private.

[ Fear the Silence. Fear the Switch. ]