diff options
| author | heqnx <root@heqnx.com> | 2025-06-24 10:29:19 +0300 |
|---|---|---|
| committer | heqnx <root@heqnx.com> | 2025-06-24 10:29:19 +0300 |
| commit | ba4199955a0d9b273299649b67f9592b27d00617 (patch) | |
| tree | 8a5c7547dbfe7cacd98e7e07ac5aa4e368be4195 /tasks/wg_setup.yaml | |
| parent | 4d996aff99c9c31ed66f82afb11c74569ccc6763 (diff) | |
| download | ansible-pve-host-ba4199955a0d9b273299649b67f9592b27d00617.tar.gz ansible-pve-host-ba4199955a0d9b273299649b67f9592b27d00617.zip | |
added working wg setup + internal access
Diffstat (limited to 'tasks/wg_setup.yaml')
| -rw-r--r-- | tasks/wg_setup.yaml | 39 |
1 files changed, 29 insertions, 10 deletions
diff --git a/tasks/wg_setup.yaml b/tasks/wg_setup.yaml index 9557a79..abe818f 100644 --- a/tasks/wg_setup.yaml +++ b/tasks/wg_setup.yaml @@ -18,44 +18,44 @@ - name: create wireguard server directory file: - path: "{{ wireguard_server_home }}" + path: "{{ wg_server_home }}" state: directory mode: "0700" - name: create wireguard peers directory file: - path: "{{ wireguard_peers_home }}" + path: "{{ wg_peers_home }}" state: directory mode: "0700" - name: generate wireguard server keys shell: cmd: | - wg genpsk > "{{ wireguard_server_home }}/psk.key" - wg genkey > "{{ wireguard_server_home }}/server.key" - creates: "{{ wireguard_server_home }}/server.key" + wg genpsk > "{{ wg_server_home }}/psk.key" + wg genkey > "{{ wg_server_home }}/server.key" + creates: "{{ wg_server_home }}/server.key" args: - chdir: "{{ wireguard_server_home }}" + chdir: "{{ wg_server_home }}" - name: get server public key shell: - cmd: wg pubkey < "{{ wireguard_server_home }}/server.key" + cmd: wg pubkey < "{{ wg_server_home }}/server.key" register: server_pubkey changed_when: false - name: read wireguard server.key from remote host slurp: - src: "{{ wireguard_server_home }}/server.key" + src: "{{ wg_server_home }}/server.key" register: wg_key - name: set private key from remote file set_fact: private_key: "{{ wg_key.content | b64decode }}" -- name: deploy {{ wireguard_server_home }}/wg0.conf +- name: deploy {{ wg_server_home }}/wg0.conf template: src: wg0.conf.j2 - dest: "{{ wireguard_server_home }}/wg0.conf" + dest: "{{ wg_server_home }}/wg0.conf" mode: "0600" - name: deploy manage_wg_peers.sh @@ -70,3 +70,22 @@ state: restarted enabled: true when: ansible_service_mgr == 'systemd' + +- name: allow wg port + ufw: + rule: allow + port: "{{ wg_port }}" + proto: udp + +- name: set wg-only pveproxy config + template: + src: pveproxy + dest: /etc/default/pveproxy + mode: '0644' + +- name: restart pveproxy + systemd: + name: pveproxy + state: restarted + enabled: true + when: ansible_service_mgr == 'systemd' |