Added role wireguard/application

roles/wireguard/application/defaults/main.yml

@@ -0,0 +1,5 @@
+---
+
+wireguard_key_directory: "/root/wireguard"
+wireguard_private_key: "{{ wireguard_key_directory }}/wg-private.key"
+wireguard_public_key: "{{ wireguard_key_directory }}/wg-public.key"

roles/wireguard/application/meta/main.yml

@@ -0,0 +1,3 @@
+---
+
+allow_duplicates: no

roles/wireguard/application/tasks/main.yml

@@ -0,0 +1,53 @@
+---
+
+# TODO Exclude to own role
+- name: Register debian unstable for apt
+  copy:
+    dest: "/etc/apt/sources.list.d/unstable.list"
+    owner: root
+    group: root
+    mode: "u=rw,g=r,o=r"
+    content: "deb http://deb.debian.org/debian/ unstable main"
+
+- name: Restrict unstable for apt
+  copy:
+    dest: "/etc/apt/preferences.d/unstable"
+    owner: root
+    group: root
+    mode: "u=rw,g=r,o=r"
+    content: |
+      Package: *
+      Pin: release a=unstable
+      Pin-Priority: 90
+
+- name: Install wireguard using apt
+  apt:
+    name:
+      - wireguard
+    state: present
+    update_cache: yes
+
+- name: Create wireguard key directory
+  file:
+    state: directory
+    path: "{{ wireguard_key_directory }}"
+    owner: root
+    group: root
+    mode: "u=rwx,g=,o="
+
+- name: Generate key pair
+  command: >-
+    /bin/sh -c "wg genkey
+    | tee {{ wireguard_private_key | quote }}
+    | wg pubkey > {{ wireguard_public_key | quote }}"
+  args:
+    chdir: "{{ wireguard_key_directory }}"
+    creates: "{{ wireguard_public_key }}"
+
+- name: Download wireguard public key
+  fetch:
+    src: "{{ wireguard_public_key }}"
+    dest: "{{ global_wireguard_public_directory }}/{{ ansible_fqdn }}"
+    fail_on_missing: yes
+    flat: yes
+    validate_checksum: yes