blob: 9557a797d4d3d1e60e2d5997de879e8ba2d27fef (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
|
- name: install wireguard and dependencies
apt:
name: "{{ wireguard_packages }}"
state: present
update_cache: yes
- name: update apt packages
apt:
update_cache: true
- name: install apt packages
apt:
name: "{{ apt_packages }}"
state: present
update_cache: true
environment:
DEBIAN_FRONTEND: noninteractive
- name: create wireguard server directory
file:
path: "{{ wireguard_server_home }}"
state: directory
mode: "0700"
- name: create wireguard peers directory
file:
path: "{{ wireguard_peers_home }}"
state: directory
mode: "0700"
- name: generate wireguard server keys
shell:
cmd: |
wg genpsk > "{{ wireguard_server_home }}/psk.key"
wg genkey > "{{ wireguard_server_home }}/server.key"
creates: "{{ wireguard_server_home }}/server.key"
args:
chdir: "{{ wireguard_server_home }}"
- name: get server public key
shell:
cmd: wg pubkey < "{{ wireguard_server_home }}/server.key"
register: server_pubkey
changed_when: false
- name: read wireguard server.key from remote host
slurp:
src: "{{ wireguard_server_home }}/server.key"
register: wg_key
- name: set private key from remote file
set_fact:
private_key: "{{ wg_key.content | b64decode }}"
- name: deploy {{ wireguard_server_home }}/wg0.conf
template:
src: wg0.conf.j2
dest: "{{ wireguard_server_home }}/wg0.conf"
mode: "0600"
- name: deploy manage_wg_peers.sh
template:
src: manage_wg_peers.sh.j2
dest: /root/manage_wg_peers.sh
mode: "0600"
- name: restart wireguard
systemd:
name: wg-quick@wg0.service
state: restarted
enabled: true
when: ansible_service_mgr == 'systemd'
|