PiFrame/ansible-role-wireguard
Archived
1
0
Fork 0
Code Pull requests Releases Activity
This repository has been archived on 2020-08-04. You can view files and clone it, but cannot push or open issues or pull requests.
ansible-role-wireguard/tasks/main.yml

158 lines
3.6 KiB
YAML
Raw Normal View History

Inital implementation (#1) * initial implementation - part 1 * first working version * add handler * separate includes for Debian based and Archlinux OS * refactor * update * add meta tag * added ArchLinux to galaxy meta info * rename file / add more Wiregurad config options * fix typo * update README * update README * fixed typos * update README / variable rename: wireguard_ip -> wireguard_address
2018-08-12 20:21:45 +00:00
---
- name: Gather instance facts
setup:
- include_tasks: "setup-{{ansible_os_family|lower}}.yml"
- name: Install WireGuard
package:
name: "{{item}}"
state: present
with_items:
- wireguard-dkms
- wireguard-tools
tags:
- wg-install
- name: Enable WireGuard kernel module
modprobe:
name: wireguard
state: present
register: wireguard_module_enabled
until: wireguard_module_enabled is succeeded
retries: 10
delay: 10
failed_when: wireguard_module_enabled is failure
tags:
- wg-install
- name: Create WireGuard certificates directory
file:
dest: "{{wireguard_cert_directory}}"
state: directory
owner: "{{wireguard_cert_owner}}"
group: "{{wireguard_cert_group}}"
mode: 0700
run_once: true
delegate_to: localhost
tags:
wg-generate-keys
- name: Set WireGuard IP (without mask)
set_fact:
wireguard_ip: "{{wireguard_address.split('/')[0]}}"
- name: Set path to private key file
set_fact:
private_key_file_path: "{{wireguard_cert_directory}}/{{inventory_hostname}}.private.key"
tags:
wg-generate-keys
- name: Set path to public key file
set_fact:
public_key_file_path: "{{wireguard_cert_directory}}/{{inventory_hostname}}.public.key"
tags:
wg-generate-keys
- name: Register if private key already exists
local_action:
module: stat
path: "{{private_key_file_path}}"
register: private_key_file_stat
tags:
- wg-generate-keys
- name: Generate WireGuard private key
shell: "wg genkey"
register: wg_private_key_result
with_inventory_hostnames:
- vpn
when: private_key_file_stat.stat.exists == False
tags:
- wg-generate-keys
- name: Set private key fact
set_fact:
wg_private_key: "{{wg_private_key_result.results[0].stdout}}"
when: private_key_file_stat.stat.exists == False
tags:
- wg-generate-keys
- name: Generate WireGuard public key
shell: "echo '{{wg_private_key}}' | wg pubkey"
register: wg_public_key_result
when: private_key_file_stat.stat.exists == False
with_inventory_hostnames:
- vpn
tags:
- wg-generate-keys
- name: Set public key fact
set_fact:
wg_public_key: "{{wg_public_key_result.results[0].stdout}}"
when: private_key_file_stat.stat.exists == False
tags:
- wg-generate-keys
- name: Store hosts private key locally
local_action:
module: template
src: "wg-privatekey.j2"
dest: "{{private_key_file_path}}"
owner: "{{wireguard_cert_owner}}"
group: "{{wireguard_cert_group}}"
mode: 0644
when: private_key_file_stat.stat.exists == False
tags:
- wg-generate-keys
- name: Store hosts public key locally
local_action:
module: template
src: "wg-publickey.j2"
dest: "{{public_key_file_path}}"
owner: "{{wireguard_cert_owner}}"
group: "{{wireguard_cert_group}}"
mode: 0644
when: private_key_file_stat.stat.exists == False
tags:
- wg-generate-keys
- name: Read private key
set_fact:
private_key: "{{lookup('file', private_key_file_path)}}"
tags:
wg-config
- name: Read public key
set_fact:
public_key: "{{lookup('file', public_key_file_path)}}"
tags:
wg-config
- name: Create WireGuard configuration directory
file:
dest: "{{wireguard_remote_directory}}"
state: directory
mode: 0700
tags:
- wg-config
- name: Generate WireGuard configuration file
template:
src: wg.conf.j2
dest: "{{wireguard_remote_directory}}/{{wireguard_interface}}.conf"
owner: root
group: root
mode: 0600
tags:
- wg-config
notify:
- restart wireguard
- name: Start and enable WireGuard service
service:
name: "wg-quick@{{wireguard_interface}}"
state: started
enabled: yes
Copy permalink