refactor
This commit is contained in:
githubixx
parent
af444f8b77
commit
f2cfbe2f09
|
|
@ -8,6 +8,8 @@
|
|||
# the parent directory is writable by the user that runs "ansible-playbook"
|
||||
# command.
|
||||
wireguard_cert_directory: "{{ '~/wireguard/certs' | expanduser }}"
|
||||
wireguard_cert_owner: "root"
|
||||
wireguard_cert_group: "root"
|
||||
|
||||
# Directory to store Wireguard configuration on the remote hosts
|
||||
wireguard_remote_directory: "/etc/wireguard"
|
||||
|
|
|
|||
|
|
@ -1,4 +1,7 @@
|
|||
---
|
||||
- name: Gather instance facts
|
||||
setup:
|
||||
|
||||
- include_tasks: "setup-{{ansible_os_family|lower}}.yml"
|
||||
|
||||
- name: Install WireGuard
|
||||
|
|
@ -90,7 +93,7 @@
|
|||
module: template
|
||||
src: "wg-privatekey.j2"
|
||||
dest: "{{private_key_file_path}}"
|
||||
mode: 0600
|
||||
mode: 0644
|
||||
when: private_key_file_stat.stat.exists == False
|
||||
tags:
|
||||
- wg-generate-keys
|
||||
|
|
@ -100,18 +103,18 @@
|
|||
module: template
|
||||
src: "wg-publickey.j2"
|
||||
dest: "{{public_key_file_path}}"
|
||||
mode: 0600
|
||||
mode: 0644
|
||||
when: private_key_file_stat.stat.exists == False
|
||||
tags:
|
||||
- wg-generate-keys
|
||||
|
||||
- name: Read private key from local filesystem
|
||||
- name: Read private key
|
||||
set_fact:
|
||||
private_key: "{{lookup('file', private_key_file_path)}}"
|
||||
tags:
|
||||
wg-config
|
||||
|
||||
- name: Read public key from local filesystem
|
||||
- name: Read public key
|
||||
set_fact:
|
||||
public_key: "{{lookup('file', public_key_file_path)}}"
|
||||
tags:
|
||||
|
|
@ -128,14 +131,14 @@
|
|||
- name: Generate WireGuard configuration file
|
||||
template:
|
||||
src: wg-fullmesh.conf.j2
|
||||
dest: "{{wireguard_remote_directory}}/wg0.conf"
|
||||
dest: "{{wireguard_remote_directory}}/{{wireguard_interface}}.conf"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0600
|
||||
notify:
|
||||
- restart wireguard
|
||||
tags:
|
||||
- wg-config
|
||||
notify:
|
||||
- restart wireguard
|
||||
|
||||
- name: Start and enable WireGuard service
|
||||
service:
|
||||
|
|
|
|||
|
|
@ -1,14 +1,19 @@
|
|||
#jinja2: trim_blocks:False
|
||||
#jinja2: lstrip_blocks:"True",trim_blocks:"True"
|
||||
[Interface]
|
||||
Address = {{vpn_ip}}
|
||||
Address = {{hostvars[inventory_hostname].wireguard_ip}}
|
||||
PrivateKey = {{private_key}}
|
||||
ListenPort = {{wireguard_port}}
|
||||
|
||||
{% for host in groups["vpn"] %}
|
||||
{%- if host != inventory_hostname -%}
|
||||
{% if host != inventory_hostname %}
|
||||
[Peer]
|
||||
PublicKey = {{hostvars[host]['public_key']}}
|
||||
AllowedIPs = {{hostvars[host]['vpn_ip']}}/32
|
||||
PublicKey = {{hostvars[host].public_key}}
|
||||
AllowedIPs = {{hostvars[host].wireguard_ip}}/32
|
||||
{% if hostvars[host].wireguard_endpoint is not defined %}
|
||||
Endpoint = {{host}}:{{wireguard_port}}
|
||||
{%- endif -%}
|
||||
{% elif hostvars[host].wireguard_endpoint != "" %}
|
||||
Endpoint = {{hostvars[host].wireguard_endpoint}}:{{wireguard_port}}
|
||||
{% endif %}
|
||||
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
|
|
|
|||
Reference in a new issue