diff options
Diffstat (limited to 'tasks')
| -rw-r--r-- | tasks/pve_setup.yaml | 9 | ||||
| -rw-r--r-- | tasks/wg_setup.yaml | 72 |
2 files changed, 80 insertions, 1 deletions
diff --git a/tasks/pve_setup.yaml b/tasks/pve_setup.yaml index 7d04ff2..9fcea47 100644 --- a/tasks/pve_setup.yaml +++ b/tasks/pve_setup.yaml @@ -7,7 +7,7 @@ mode: '0644' - name: create /etc/apt/sources.list.d directory - ansible.builtin.file: + file: path: /etc/apt/sources.list.d state: directory mode: '0755' @@ -51,6 +51,8 @@ name: "{{ apt_packages }}" state: present update_cache: true + environment: + DEBIAN_FRONTEND: noninteractive - name: reboot to activate proxmox ve kernel reboot: @@ -91,3 +93,8 @@ apt: name: "{{ apt_packages_to_remove }}" state: absent + +- name: remove pve-enterprise apt source + file: + path: /etc/apt/sources.list.d/pve-enterprise.list + state: absent diff --git a/tasks/wg_setup.yaml b/tasks/wg_setup.yaml new file mode 100644 index 0000000..9557a79 --- /dev/null +++ b/tasks/wg_setup.yaml @@ -0,0 +1,72 @@ +- name: install wireguard and dependencies + apt: + name: "{{ wireguard_packages }}" + state: present + update_cache: yes + +- name: update apt packages + apt: + update_cache: true + +- name: install apt packages + apt: + name: "{{ apt_packages }}" + state: present + update_cache: true + environment: + DEBIAN_FRONTEND: noninteractive + +- name: create wireguard server directory + file: + path: "{{ wireguard_server_home }}" + state: directory + mode: "0700" + +- name: create wireguard peers directory + file: + path: "{{ wireguard_peers_home }}" + state: directory + mode: "0700" + +- name: generate wireguard server keys + shell: + cmd: | + wg genpsk > "{{ wireguard_server_home }}/psk.key" + wg genkey > "{{ wireguard_server_home }}/server.key" + creates: "{{ wireguard_server_home }}/server.key" + args: + chdir: "{{ wireguard_server_home }}" + +- name: get server public key + shell: + cmd: wg pubkey < "{{ wireguard_server_home }}/server.key" + register: server_pubkey + changed_when: false + +- name: read wireguard server.key from remote host + slurp: + src: "{{ wireguard_server_home }}/server.key" + register: wg_key + +- name: set private key from remote file + set_fact: + private_key: "{{ wg_key.content | b64decode }}" + +- name: deploy {{ wireguard_server_home }}/wg0.conf + template: + src: wg0.conf.j2 + dest: "{{ wireguard_server_home }}/wg0.conf" + mode: "0600" + +- name: deploy manage_wg_peers.sh + template: + src: manage_wg_peers.sh.j2 + dest: /root/manage_wg_peers.sh + mode: "0600" + +- name: restart wireguard + systemd: + name: wg-quick@wg0.service + state: restarted + enabled: true + when: ansible_service_mgr == 'systemd' |