adding wireguard setup for pve vm access

1 files changed, 72 insertions, 0 deletions

diff --git a/tasks/wg_setup.yaml b/tasks/wg_setup.yaml
new file mode 100644
index 0000000..9557a79
--- /dev/null
+++ b/tasks/wg_setup.yaml
@@ -0,0 +1,72 @@
+- name: install wireguard and dependencies
+  apt:
+    name: "{{ wireguard_packages }}"
+    state: present
+    update_cache: yes
+
+- name: update apt packages
+  apt:
+    update_cache: true
+
+- name: install apt packages
+  apt:
+    name: "{{ apt_packages }}"
+    state: present
+    update_cache: true
+  environment:
+    DEBIAN_FRONTEND: noninteractive
+
+- name: create wireguard server directory
+  file:
+    path: "{{ wireguard_server_home }}"
+    state: directory
+    mode: "0700"
+
+- name: create wireguard peers directory
+  file:
+    path: "{{ wireguard_peers_home }}"
+    state: directory
+    mode: "0700"
+
+- name: generate wireguard server keys
+  shell:
+    cmd: |
+      wg genpsk > "{{ wireguard_server_home }}/psk.key"
+      wg genkey > "{{ wireguard_server_home }}/server.key"
+    creates: "{{ wireguard_server_home }}/server.key"
+  args:
+    chdir: "{{ wireguard_server_home }}"
+
+- name: get server public key
+  shell:
+    cmd: wg pubkey < "{{ wireguard_server_home }}/server.key"
+  register: server_pubkey
+  changed_when: false
+
+- name: read wireguard server.key from remote host
+  slurp:
+    src: "{{ wireguard_server_home }}/server.key"
+  register: wg_key
+
+- name: set private key from remote file
+  set_fact:
+    private_key: "{{ wg_key.content | b64decode }}"
+
+- name: deploy {{ wireguard_server_home }}/wg0.conf
+  template:
+    src: wg0.conf.j2
+    dest: "{{ wireguard_server_home }}/wg0.conf"
+    mode: "0600"
+
+- name: deploy manage_wg_peers.sh
+  template:
+    src: manage_wg_peers.sh.j2
+    dest: /root/manage_wg_peers.sh
+    mode: "0600"
+
+- name: restart wireguard
+  systemd:
+    name: wg-quick@wg0.service 
+    state: restarted
+    enabled: true
+  when: ansible_service_mgr == 'systemd'