add unmanaged hosts configuration (smartphones, tablets...)
This commit is contained in:
parent
3322faf576
commit
836559ca51
|
@ -42,6 +42,7 @@
|
|||
- name: Get wg subcommands
|
||||
command: "wg --help"
|
||||
register: wg_subcommands
|
||||
changed_when: false
|
||||
|
||||
- name: Set default value for wg_syncconf variable (assume wg syncconf subcommand not available)
|
||||
set_fact:
|
||||
|
@ -106,6 +107,38 @@
|
|||
tags:
|
||||
- wg-config
|
||||
|
||||
- name: Create private key for unmanaged hosts
|
||||
shell: "wg genkey | tee {{ wireguard_remote_directory }}/{{ item.host }}-privatekey"
|
||||
args:
|
||||
creates: "{{ wireguard_remote_directory }}/{{ item.host }}-privatekey"
|
||||
register: uh_privkey
|
||||
with_items: "{{ wireguard_unmanaged_hosts | default([]) }}"
|
||||
|
||||
- name: Validate permissions of unmanaged hosts' private keys
|
||||
file:
|
||||
path: "{{ wireguard_remote_directory }}/{{ item.host }}-privatekey"
|
||||
mode: '0400'
|
||||
with_items: "{{ wireguard_unmanaged_hosts | default([]) }}"
|
||||
|
||||
- name: Recover existing private key for unmanaged hosts
|
||||
shell: "cat {{ wireguard_remote_directory }}/{{ item.host }}-privatekey"
|
||||
register: uh_privkey
|
||||
changed_when: false
|
||||
with_items: "{{ wireguard_unmanaged_hosts | default([]) }}"
|
||||
|
||||
- name: Derive WireGuard public key for unmanaged hosts
|
||||
shell: "cat {{ wireguard_remote_directory }}/{{ item.host }}-privatekey | wg pubkey | tee {{ wireguard_remote_directory }}/{{ item.host }}-pubkey"
|
||||
args:
|
||||
creates: "{{ wireguard_remote_directory }}/{{ item.host }}-pubkey"
|
||||
register: uh_pubkey
|
||||
with_items: "{{ wireguard_unmanaged_hosts | default([]) }}"
|
||||
|
||||
- name: Recover existing public key for unmanaged hosts
|
||||
shell: "cat {{ wireguard_remote_directory }}/{{ item.host }}-pubkey"
|
||||
register: uh_pubkey
|
||||
changed_when: false
|
||||
with_items: "{{ wireguard_unmanaged_hosts | default([]) }}"
|
||||
|
||||
- name: Generate WireGuard configuration file
|
||||
template:
|
||||
src: wg.conf.j2
|
||||
|
@ -118,6 +151,16 @@
|
|||
notify:
|
||||
- reconfigure wireguard
|
||||
|
||||
- debug: var=uh_privkey
|
||||
- name: Generate WireGuard configuration file for unmanaged systems
|
||||
template:
|
||||
src: wg-unmanaged.conf.j2
|
||||
dest: "{{ wireguard_remote_directory }}/{{ item.item.host }}.conf"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0600
|
||||
with_items: "{{ uh_privkey.results }}"
|
||||
|
||||
- name: Check if reload-module-on-update is set
|
||||
stat:
|
||||
path: "{{ wireguard_remote_directory }}/.reload-module-on-update"
|
||||
|
|
16
templates/wg-unmanaged.conf.j2
Normal file
16
templates/wg-unmanaged.conf.j2
Normal file
|
@ -0,0 +1,16 @@
|
|||
{{ ansible_managed | comment }}
|
||||
# For unmanaged host {{ item.item.host }}
|
||||
# qrencode -t ansiutf8 < /etc/wireguard/{{ item.item.host }}.conf
|
||||
[Interface]
|
||||
PrivateKey = {{ item.stdout }}
|
||||
Address = {{ item.item.allowed_ips }}
|
||||
{% if item.item.dns is defined %}
|
||||
DNS = {{ item.item.dns }}
|
||||
{% endif %}
|
||||
|
||||
[Peer]
|
||||
Endpoint = {{ wireguard_endpoint }}:{{ wireguard_port }}
|
||||
PublicKey = {{ public_key }}
|
||||
# PresharedKey =
|
||||
# Using the catch-all AllowedIPs = 0.0.0.0/0, ::/0 will forward all IPv4 (0.0.0.0/0) and IPv6 (::/0) traffic over the VPN.
|
||||
AllowedIPs = 0.0.0.0/0, ::/0
|
|
@ -68,3 +68,11 @@ SaveConfig = true
|
|||
{% endif %}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{# unmanaged hosts #}
|
||||
{% for hostdata in uh_pubkey.results %}
|
||||
|
||||
[Peer]
|
||||
# {{ hostdata.item.host }}
|
||||
PublicKey = {{ hostdata.stdout }}
|
||||
AllowedIPs = {{ hostdata.item.allowed_ips}}
|
||||
{% endfor %}
|
||||
|
|
Reference in a new issue