You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
96 lines
2.4 KiB
YAML
96 lines
2.4 KiB
YAML
---
|
|
|
|
- name: Check for debian major version
|
|
assert:
|
|
that: "ansible_distribution_major_version is version_compare('10', '>=')"
|
|
msg: "This role requires at least Debian Buster"
|
|
|
|
- name: Install wireguard using apt
|
|
apt:
|
|
name:
|
|
- wireguard
|
|
state: present
|
|
|
|
- name: Upgrade systemd to backports (required for buster)
|
|
apt:
|
|
default_release: buster-backports
|
|
name:
|
|
- libpam-systemd
|
|
- libsystemd0
|
|
- systemd
|
|
state: latest # required to trigger update
|
|
when: "ansible_distribution_major_version == '10'"
|
|
|
|
- name: Create wireguard configuration directory
|
|
file:
|
|
state: directory
|
|
path: "{{ global_wireguard_configuration_directory }}"
|
|
owner: root
|
|
group: "{{ global_systemd_network_system_user }}"
|
|
mode: u=rwx,g=rx,o=rx
|
|
|
|
- name: Create wireguard key directory
|
|
file:
|
|
state: directory
|
|
path: "{{ wireguard_key_directory }}"
|
|
owner: root
|
|
group: "{{ global_systemd_network_system_user }}"
|
|
mode: u=rwx,g=rx,o=
|
|
|
|
- name: Generate key pair
|
|
shell: >-
|
|
wg genkey
|
|
| tee {{ wireguard_private_key | quote }}
|
|
| wg pubkey > {{ wireguard_public_key | quote }}
|
|
args:
|
|
chdir: "{{ wireguard_key_directory }}"
|
|
creates: "{{ wireguard_public_key }}"
|
|
|
|
- name: Secure key to prevent logging
|
|
file:
|
|
state: file
|
|
path: "{{ wireguard_private_key }}"
|
|
owner: root
|
|
group: "{{ global_systemd_network_system_user }}"
|
|
mode: u=rwx,g=rx,o=
|
|
|
|
- name: Download wireguard public key
|
|
fetch:
|
|
src: "{{ wireguard_public_key }}"
|
|
dest: "{{ global_wireguard_public_directory }}/{{ inventory_hostname }}"
|
|
fail_on_missing: yes
|
|
flat: yes
|
|
validate_checksum: yes
|
|
|
|
- name: Store peer configuration locally
|
|
template:
|
|
src: peer.conf
|
|
dest: "{{ global_wireguard_peers_directory }}/{{ inventory_hostname }}"
|
|
owner: "{{ local_user }}"
|
|
group: "{{ local_user }}"
|
|
mode: "u=rw,g=r,o="
|
|
delegate_to: localhost
|
|
|
|
- name: Configure systemd for WireGuard
|
|
template:
|
|
src: "{{ item.src }}"
|
|
dest: "{{ item.dest }}"
|
|
owner: root
|
|
group: "{{ global_systemd_network_system_user }}"
|
|
mode: u=rw,g=r,o=
|
|
loop:
|
|
- src: wg.netdev
|
|
dest: "{{ netdev_file }}"
|
|
- src: wg.network
|
|
dest: "{{ network_file }}"
|
|
notify:
|
|
- restart systemd network
|
|
|
|
- name: Create directory for systemd WireGuard network
|
|
file:
|
|
state: directory
|
|
path: "{{ netdev_directory }}"
|
|
owner: root
|
|
group: "{{ global_systemd_network_system_user }}"
|
|
mode: u=rwx,g=rx,o=
|