add unmanaged hosts configuration (smartphones, tablets...)
This commit is contained in:
parent
3322faf576
commit
836559ca51
|
@ -42,6 +42,7 @@
|
||||||
- name: Get wg subcommands
|
- name: Get wg subcommands
|
||||||
command: "wg --help"
|
command: "wg --help"
|
||||||
register: wg_subcommands
|
register: wg_subcommands
|
||||||
|
changed_when: false
|
||||||
|
|
||||||
- name: Set default value for wg_syncconf variable (assume wg syncconf subcommand not available)
|
- name: Set default value for wg_syncconf variable (assume wg syncconf subcommand not available)
|
||||||
set_fact:
|
set_fact:
|
||||||
|
@ -106,6 +107,38 @@
|
||||||
tags:
|
tags:
|
||||||
- wg-config
|
- wg-config
|
||||||
|
|
||||||
|
- name: Create private key for unmanaged hosts
|
||||||
|
shell: "wg genkey | tee {{ wireguard_remote_directory }}/{{ item.host }}-privatekey"
|
||||||
|
args:
|
||||||
|
creates: "{{ wireguard_remote_directory }}/{{ item.host }}-privatekey"
|
||||||
|
register: uh_privkey
|
||||||
|
with_items: "{{ wireguard_unmanaged_hosts | default([]) }}"
|
||||||
|
|
||||||
|
- name: Validate permissions of unmanaged hosts' private keys
|
||||||
|
file:
|
||||||
|
path: "{{ wireguard_remote_directory }}/{{ item.host }}-privatekey"
|
||||||
|
mode: '0400'
|
||||||
|
with_items: "{{ wireguard_unmanaged_hosts | default([]) }}"
|
||||||
|
|
||||||
|
- name: Recover existing private key for unmanaged hosts
|
||||||
|
shell: "cat {{ wireguard_remote_directory }}/{{ item.host }}-privatekey"
|
||||||
|
register: uh_privkey
|
||||||
|
changed_when: false
|
||||||
|
with_items: "{{ wireguard_unmanaged_hosts | default([]) }}"
|
||||||
|
|
||||||
|
- name: Derive WireGuard public key for unmanaged hosts
|
||||||
|
shell: "cat {{ wireguard_remote_directory }}/{{ item.host }}-privatekey | wg pubkey | tee {{ wireguard_remote_directory }}/{{ item.host }}-pubkey"
|
||||||
|
args:
|
||||||
|
creates: "{{ wireguard_remote_directory }}/{{ item.host }}-pubkey"
|
||||||
|
register: uh_pubkey
|
||||||
|
with_items: "{{ wireguard_unmanaged_hosts | default([]) }}"
|
||||||
|
|
||||||
|
- name: Recover existing public key for unmanaged hosts
|
||||||
|
shell: "cat {{ wireguard_remote_directory }}/{{ item.host }}-pubkey"
|
||||||
|
register: uh_pubkey
|
||||||
|
changed_when: false
|
||||||
|
with_items: "{{ wireguard_unmanaged_hosts | default([]) }}"
|
||||||
|
|
||||||
- name: Generate WireGuard configuration file
|
- name: Generate WireGuard configuration file
|
||||||
template:
|
template:
|
||||||
src: wg.conf.j2
|
src: wg.conf.j2
|
||||||
|
@ -118,6 +151,16 @@
|
||||||
notify:
|
notify:
|
||||||
- reconfigure wireguard
|
- reconfigure wireguard
|
||||||
|
|
||||||
|
- debug: var=uh_privkey
|
||||||
|
- name: Generate WireGuard configuration file for unmanaged systems
|
||||||
|
template:
|
||||||
|
src: wg-unmanaged.conf.j2
|
||||||
|
dest: "{{ wireguard_remote_directory }}/{{ item.item.host }}.conf"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0600
|
||||||
|
with_items: "{{ uh_privkey.results }}"
|
||||||
|
|
||||||
- name: Check if reload-module-on-update is set
|
- name: Check if reload-module-on-update is set
|
||||||
stat:
|
stat:
|
||||||
path: "{{ wireguard_remote_directory }}/.reload-module-on-update"
|
path: "{{ wireguard_remote_directory }}/.reload-module-on-update"
|
||||||
|
|
16
templates/wg-unmanaged.conf.j2
Normal file
16
templates/wg-unmanaged.conf.j2
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
# For unmanaged host {{ item.item.host }}
|
||||||
|
# qrencode -t ansiutf8 < /etc/wireguard/{{ item.item.host }}.conf
|
||||||
|
[Interface]
|
||||||
|
PrivateKey = {{ item.stdout }}
|
||||||
|
Address = {{ item.item.allowed_ips }}
|
||||||
|
{% if item.item.dns is defined %}
|
||||||
|
DNS = {{ item.item.dns }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
[Peer]
|
||||||
|
Endpoint = {{ wireguard_endpoint }}:{{ wireguard_port }}
|
||||||
|
PublicKey = {{ public_key }}
|
||||||
|
# PresharedKey =
|
||||||
|
# Using the catch-all AllowedIPs = 0.0.0.0/0, ::/0 will forward all IPv4 (0.0.0.0/0) and IPv6 (::/0) traffic over the VPN.
|
||||||
|
AllowedIPs = 0.0.0.0/0, ::/0
|
|
@ -68,3 +68,11 @@ SaveConfig = true
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
{# unmanaged hosts #}
|
||||||
|
{% for hostdata in uh_pubkey.results %}
|
||||||
|
|
||||||
|
[Peer]
|
||||||
|
# {{ hostdata.item.host }}
|
||||||
|
PublicKey = {{ hostdata.stdout }}
|
||||||
|
AllowedIPs = {{ hostdata.item.allowed_ips}}
|
||||||
|
{% endfor %}
|
||||||
|
|
Reference in a new issue