Example Wireguard

This repository contains an example of wireguard (wg-easy) deployment via terraform and docker (rootless) in gitlab ci.

Gitlab pipelines

• pipelines

Environment variables

Env	Description
CI_SSH_PRIVATE_KEY	The SSH private key to access managed host
TF_VAR_sel_account_id	Selectel account id. (contract number)
TF_VAR_sel_account_id	Selectel account id. (contract number)
TF_VAR_sel_api_key	Selectel API key. Can be created here
TF_VAR_sel_project_id	Selectel VPC project id
TF_VAR_sel_user_name	Selectel VPC project name
TF_VAR_sel_user_password	The password of user for access to Selectel VPC project
TF_VAR_ssh_public_key	The SSH public key to access managed host in ci for users created via ansible (SSH access for the root user is disabled)
SSL_EMAIL	The email address to use for the SSL certificate creation
WG_HOST	The public hostname of your VPN server
WG_PASSWORD	The password used for authentication in the Web UI

Warning In this example, TF_VAR_ssh_public_key is the same key as input_sel_ssh_key_name

Requirements

Name	Version
terraform	>= 1.3.3

Providers

Name	Version
local	n/a
null	n/a

Modules

Name	Source	Version
ansible_inventory	git	n/a
available_instances	git	n/a
domain_record	git	n/a
floating_ip_mapping	git	n/a
instance	git	n/a
internal_network	git	n/a
router	git	n/a

Resources

Name	Type
local_file.ansible_inventory	resource
null_resource.deploy_inventory	resource

Inputs

Name	Description	Type	Default	Required
dns_records	Hash map of settings dns records that should be created	map(object({ name = string domain = string type = string ttl = number link_instance_name = string }))	{ "wireguard": { "domain": "sreway.ru", "link_instance_name": "wireguard", "name": "wireguard.sreway.ru", "ttl": 200, "type": "A" } }	no
instances	Hash map of instances setting that should be created	map(object({ name = string vcpus = number ram = number disk = number image = string zone = string network_name = string remote_volumes = map(object({ name = string size = number type = string zone = string })) create_floating_ip = bool tags = list(string) }))	{ "wireguard": { "create_floating_ip": true, "disk": 40, "image": "Ubuntu 22.04 LTS 64-bit", "name": "wireguard", "network_name": "wireguard-net", "ram": 4096, "remote_volumes": {}, "tags": [ "wireguard", "bastion", "docker", "primary" ], "vcpus": 2, "zone": "ru-7a" } }	no
networks	Hash map of Virtual Private Cloud network settings that should be created	map(object({ name = string subnet_cidr = string router_name = string dns_nameservers = list(string) tags = list(string) }))	{ "wireguard-net": { "dns_nameservers": [ "188.93.16.19", "188.93.17.19" ], "enable_dhcp": false, "name": "wireguard-net", "router_name": "wireguard-router", "subnet_cidr": "192.168.1.0/24", "tags": [ "wireguard_net" ] } }	no
sel_account_id	Selectel account id. (contract number)	string	n/a	yes
sel_api_key	Selectel API key. Can be create: https://my.selectel.ru/profile/apikeys	string	n/a	yes
sel_auth_url	Auth url of Selectel VPC API.	string	"https://api.selvpc.ru/identity/v3"	no
sel_project_id	Selectel VPC project ID	string	n/a	yes
sel_project_name	Selectel VPC project name	string	"sreway"	no
sel_region_name	Name of region for Selectel VPC resources	string	"ru-7"	no
sel_ssh_key_name	The name of the SSH key pair to put on the compute instance. The key pair must already be created in some region and associated with Selectel vpc project	string	"ci"	no
sel_user_name	Name of user for access to Selectel VPC project	string	n/a	yes
sel_user_password	Password of user for access to Selectel VPC project	string	n/a	yes
ssh_public_key	SSH public key on compute nodes	string	n/a	yes
ssh_user_admin	SSH username administrator on compute nodes (sudoers)	string	"is"	no
ssh_user_ci	SSH unprivileged username on compute nodes (not sudoers)	string	"ci"	no

Outputs

Name	Description
ansible_inventory_data	n/a
ssh_config	n/a