banananetwork
/
ansible
1
0
Fork 0
Code Issues Pull Requests Releases Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
dehydrated
wip
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0939f14b21'
${ noResults }
ansible/roles/wireguard/application/tasks/main.yml

101 lines
2.5 KiB
YAML
Raw Blame History

---
- name: Install wireguard using apt
apt:
name:
- wireguard
state: present
- name: Create wireguard configuration environment directories
file:
state: directory
path: "{{ item }}"
owner: root
group: root
mode: "u=rwx,g=rx,o=rx"
loop:
- "{{ global_wireguard_configuration_environment_directory }}"
- "{{ global_wireguard_configuration_environment_directory }}/peers"
- name: Upload makefile to wireguard configuration environment
template:
src: wireguard.makefile
dest: "{{ global_wireguard_configuration_environment_directory }}/makefile"
owner: root
group: root
mode: "u=rw,g=r,o=r"
- name: Create link in ssh configuration environment
file:
state: link
src: "{{ global_wireguard_configuration_directory }}"
dest: "{{ global_wireguard_configuration_link }}"
- name: Create wireguard key directory
file:
state: directory
path: "{{ wireguard_key_directory }}"
owner: root
group: root
mode: "u=rwx,g=,o="
- name: Generate key pair
shell: >-
wg genkey
| tee {{ wireguard_private_key | quote }}
| wg pubkey > {{ wireguard_public_key | quote }}
args:
chdir: "{{ wireguard_key_directory }}"
creates: "{{ wireguard_public_key }}"
- name: Download wireguard public key
fetch:
src: "{{ wireguard_public_key }}"
dest: "{{ global_wireguard_public_directory }}/{{ inventory_hostname }}"
fail_on_missing: yes
flat: yes
validate_checksum: yes
- name: Store peer configuration locally
template:
src: "peer.cfg"
dest: "{{ global_wireguard_peers_directory }}/{{ inventory_hostname }}"
owner: "{{ local_user }}"
group: "{{ local_user }}"
mode: "u=rw,g=r,o="
delegate_to: localhost
- name: Store main config
template:
src: "wireguard.cfg"
dest: "{{ global_wireguard_configuration_environment_directory }}/main.cfg"
owner: root
group: root
mode: "u=rw,g=,o="
notify:
- reassemble wireguard config
- name: Add control scripts
template:
src: "{{ item }}.sh"
dest: "{{ global_wireguard_configuration_directory }}/{{ item }}.sh"
owner: root
group: root
mode: "u=rwx,g=r,o=r"
validate: "{{ global_validate_shell_script }}"
notify:
- reload wireguard interface
loop:
- up
- down
- name: Configure WireGuard on boot
template:
src: wireguard.service
dest: "{{ global_systemd_configuration_directory }}/wireguard.service"
owner: root
group: root
mode: "u=rw,g=r,o=r"
notify:
- reload systemd
Reference in New Issue View Git Blame Copy Permalink