wireguard #9
Comments
c-goes
added
documentation
|
team number must be encoded in the ip addresses for #12 to work |
|
When using this setup on a productive server, does it spawn the two vms like in the development environment, or is everything installed directly on the machine hosting the ctf? |
|
@antfeh directly on the host like described in https://github.com/hsasctf/lxctf/blob/master/docs/local.md. the two VMs are just the development environment. I will adapt the document after pushing the dynamic inventory. |
|
@antfeh Thanks for your work. A little feedback to your branch: "delegate_to: 127.0.0.1" is meant only for tasks should run on the system running Ansible. For the "local" installation, the remote and local system are the same. But it's not the case for development environment or other undocumented installation types. When you install wireguard and copy the configuration it should not run on 127.0.0.1. Maybe in the wireguard case it would be easiest to run everything at remote (e.g. template to remote like here https://github.com/hsasctf/lxctf/compare/feature/wireguard#diff-d8238564479491178cd9312e2a4ec074R238) and then fetch or slurp the files to the paths in role (https://docs.ansible.com/ansible/latest/modules/fetch_module.html#fetch-module, https://docs.ansible.com/ansible/latest/modules/slurp_module.html). |
|
Instead of my suggested changes, we can also take out the controller VM from development environment, should work better then. And it's more like a production environment. |
|
@antfeh for idempotence you should use "creates" for the shell tasks that create files https://docs.ansible.com/ansible/2.8/modules/shell_module.html |
|
@c-goes wireguard automatically overwrites the existing keys, so there should be no problem. |
|
@antfeh You could create a pull request and I'll show you what changes are needed |
We plan to switch from openvpn to wireguard for performance reasons
The text was updated successfully, but these errors were encountered: