GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → mjtechguy → terransible-wirehole

mjtechguy / terransible-wirehole

Licence: GPL-3.0 license
Wirehole (Wireguard, Pi-hole, Upbound) deployment on Free Tier Oracle Cloud or other providers leveraging Docker Containers and deployed using Terraform and Ansible.

Programming Languages

HCL
1544 projects

Labels

dockerawsansibledigitaloceanubuntudocker-composeterraformpi-holeoracle-cloudwireguardwireguard-vpnterransibleoci-free-tier

Projects that are alternatives of or similar to terransible-wirehole

warp
WARP one-click script. Add an IPv4, IPv6 or dual-stack CloudFlare WARP network interface and Socks5 proxy for VPS. 一键脚本
Stars: ✭ 950 (+2778.79%)
Mutual labels:  digitalocean, wireguard
wg-operator
Wireguard operator
Stars: ✭ 20 (-39.39%)
Mutual labels:  wireguard, wireguard-vpn
wireguard config maker
Simple Java program to create wireguard client config files
Stars: ✭ 51 (+54.55%)
Mutual labels:  wireguard, wireguard-vpn
webping.cloud
Test your network latency to the nearest cloud provider in AWS, Azure, GCP, Alibaba Cloud, IBM Cloud, Oracle Cloud and DigitalOcean directly from your browser.
Stars: ✭ 60 (+81.82%)
Mutual labels:  digitalocean, oracle-cloud
aws-wireguard-linux
WireGuard VPN implemented on Amazon Linux 2 with Load Balancing
Stars: ✭ 93 (+181.82%)
Mutual labels:  wireguard, wireguard-vpn
raspbian10-buster
Raspbian 10 (Buster) Lite Setup: with Wireguard, Pi-hole, Unbound
Stars: ✭ 54 (+63.64%)
Mutual labels:  wireguard, wireguard-vpn
hide.client.linux
Hide.me CLI VPN client for Linux
Stars: ✭ 41 (+24.24%)
Mutual labels:  wireguard, wireguard-vpn
wgrest
WireGuard REST API
Stars: ✭ 92 (+178.79%)
Mutual labels:  wireguard, wireguard-vpn
wireguard-kmod
WireGuard for UDM series routers
Stars: ✭ 328 (+893.94%)
Mutual labels:  wireguard, wireguard-vpn
WGDashboard
Simplest dashboard for WireGuard VPN written in Python w/ Flask
Stars: ✭ 772 (+2239.39%)
Mutual labels:  wireguard, wireguard-vpn
DoTH-DNS
Your server doth DNS the safe way if you use DoTH-DNS.
Stars: ✭ 26 (-21.21%)
Mutual labels:  pi-hole
community.digitalocean
This Ansible collection contains modules for assisting in the automation of the DigitalOcean cloud.
Stars: ✭ 115 (+248.48%)
Mutual labels:  digitalocean
wireguard
Wireguard for UDM
Stars: ✭ 56 (+69.7%)
Mutual labels:  wireguard
copernicus
A windows tray application for the Pi-Hole advertising-aware DNS/web server
Stars: ✭ 64 (+93.94%)
Mutual labels:  pi-hole
oci-java-sdk
Oracle Cloud Infrastructure SDK for Java
Stars: ✭ 153 (+363.64%)
Mutual labels:  oracle-cloud
AutoScriptVPS
VPN AutoScript
Stars: ✭ 59 (+78.79%)
Mutual labels:  wireguard
cloud-detect
Module that determines a host's cloud provider.
Stars: ✭ 28 (-15.15%)
Mutual labels:  digitalocean
hacktoberfest
Contribute to this repo for your T-shirt, must be relevant that can add some value to this repo.
Stars: ✭ 33 (+0%)
Mutual labels:  digitalocean
warpy
A command-line program to get WARP+ as WireGuard written in python
Stars: ✭ 57 (+72.73%)
Mutual labels:  wireguard
desktop-app-cli
Official IVPN command-line interface (CLI)
Stars: ✭ 18 (-45.45%)
Mutual labels:  wireguard
View All Similar Projects ➔

TERRANSIBLE-WIREHOLE

Disclaimer

This project is provided with no warranty or guarantee of functionality or security. This is a proof of concept and should be implemented with caution and additional security measures to ensure it is secure and stable.

What is Terransible

Terransible is the combination of Terraform and Ansible to deploy and manage infrastructure. Terraform is used to deploy the infrastructure and track its state. Ansible is used as the configuration management tool to ensure that the OS does not drift from our declarative configuration.

You can see more Terransible projects at https://terransible.com - COMING SOON

Why Does Terransible Wirehole Exist?

Terransible Wirehole exists because I wanted to make it easy for anyone to manage their own VPN servers on all of the major providers. You should not be locked into a single provider and you should not have to use one of the commercial VPN providers either.

As for why Wirehole exists, I can only speculate. But if I had to guess, it was created because you should have the freedom to roam the web without being overwhelmingly advertised to and tracked. You and you entire household (or even company) deserve a better experience and it is now within your own power to provide that experience on your own terms using PiHole and other tools.

We hope you find this empowering and please contribute where you see fit so that all may benefit.

Technologies

Modifications from original

  • Allow for deployment to the following providers:
    • Oracle Cloud Infrastructure (OCI)
    • Digital Ocean (DO)
    • Hetzner Cloud (HCLOUD)
    • Amazon Web Services (AWS)
    • Google Cloud Platform (GCP) - COMING LESS SOON
    • Microsoft Azure (AZURE) - MAYBE ONE DAY
  • Terraform output saves the public IP of the Wirehole server that is created to an Ansible Inventory file
  • Added a Terraform varibale to manually input your OCI free tier Availability Domain (mine was trying to select the incorrect zone and the instance would not launch)
  • Removed the Bash setup script in favor of Ansible Playbook provisioning. This allows for easy future configuration management of the instance for updates, additional software installs and more.
  • Ansible automatically updates the instance on first boot, installs all of the prereqs as well as haveged for additional VM entropy, and reboots once the install is complete and the containers are online.
  • Default creates 10 Wireguard clients and downloads the configuration files to the local machine

Setup

git clone https://github.com/mjtechguy/terransible-wirehole
cd terransible-wirehole
terraform init

Deploying

Teardown

  • To teardown any of your environments, cd into the appropriate ./terraform/* directory for the appropriate provider and run terraform destroy --auto-approve.
  • Delete any old client configs on the wg_client_config directory for the deleted environment
  • Delete the ./ansible/*_inventory file for the deleted environment

Link To Original and Thanks

This project is based on the excellent Wirehole project by Devin Stokes found below:

Repo: https://github.com/IAmStoxe/wirehole

Blog: https://medium.com/@devinjaystokes/automating-the-deployment-of-your-forever-free-pihole-and-wireguard-server-dce581f71b7

Thanks to Devin Stokes for the initial project and to the creators of Pi-Hole, Wireguard and Unbound.

Closing

There are a few other tasks that you should do such as:

  • Secure port 22 on your Wirehole instance to only allow access from your IP address or change the SSH port AND secure for extra security.
  • Backup your terraform.state file regularly or move the backend Terraform state storage to S3 for easy state management from multiple machines. Don't forget to enable versioning on the bucket.
  • Add more clients to the network using the additional Peer configuration files
  • Add more blocklists to your Pi-Hole for more effective ad blocking. Good collection of lists here: https://firebog.net/
  • Regularly running your Ansible playbook to make sure that your system and docker-containers are up to date.
  • Other regular management tasks

Issues and Troubleshooting

Please open a Github issue if you have problems and I will try to assist when I have time.

Social

You can engage with me on social media at the following:

Twitter: https://twitter.com/mjtechguy

GitHub: https://github.com/mjtechguy

Youtube (Coming Soon): https://www.youtube.com/channel/UCjrGJ7W90ZT2Cw9oLrEFztA

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].