refactor
This commit is contained in:
parent
af444f8b77
commit
f2cfbe2f09
|
@ -8,6 +8,8 @@
|
||||||
# the parent directory is writable by the user that runs "ansible-playbook"
|
# the parent directory is writable by the user that runs "ansible-playbook"
|
||||||
# command.
|
# command.
|
||||||
wireguard_cert_directory: "{{ '~/wireguard/certs' | expanduser }}"
|
wireguard_cert_directory: "{{ '~/wireguard/certs' | expanduser }}"
|
||||||
|
wireguard_cert_owner: "root"
|
||||||
|
wireguard_cert_group: "root"
|
||||||
|
|
||||||
# Directory to store Wireguard configuration on the remote hosts
|
# Directory to store Wireguard configuration on the remote hosts
|
||||||
wireguard_remote_directory: "/etc/wireguard"
|
wireguard_remote_directory: "/etc/wireguard"
|
||||||
|
|
|
@ -1,4 +1,7 @@
|
||||||
---
|
---
|
||||||
|
- name: Gather instance facts
|
||||||
|
setup:
|
||||||
|
|
||||||
- include_tasks: "setup-{{ansible_os_family|lower}}.yml"
|
- include_tasks: "setup-{{ansible_os_family|lower}}.yml"
|
||||||
|
|
||||||
- name: Install WireGuard
|
- name: Install WireGuard
|
||||||
|
@ -90,7 +93,7 @@
|
||||||
module: template
|
module: template
|
||||||
src: "wg-privatekey.j2"
|
src: "wg-privatekey.j2"
|
||||||
dest: "{{private_key_file_path}}"
|
dest: "{{private_key_file_path}}"
|
||||||
mode: 0600
|
mode: 0644
|
||||||
when: private_key_file_stat.stat.exists == False
|
when: private_key_file_stat.stat.exists == False
|
||||||
tags:
|
tags:
|
||||||
- wg-generate-keys
|
- wg-generate-keys
|
||||||
|
@ -100,18 +103,18 @@
|
||||||
module: template
|
module: template
|
||||||
src: "wg-publickey.j2"
|
src: "wg-publickey.j2"
|
||||||
dest: "{{public_key_file_path}}"
|
dest: "{{public_key_file_path}}"
|
||||||
mode: 0600
|
mode: 0644
|
||||||
when: private_key_file_stat.stat.exists == False
|
when: private_key_file_stat.stat.exists == False
|
||||||
tags:
|
tags:
|
||||||
- wg-generate-keys
|
- wg-generate-keys
|
||||||
|
|
||||||
- name: Read private key from local filesystem
|
- name: Read private key
|
||||||
set_fact:
|
set_fact:
|
||||||
private_key: "{{lookup('file', private_key_file_path)}}"
|
private_key: "{{lookup('file', private_key_file_path)}}"
|
||||||
tags:
|
tags:
|
||||||
wg-config
|
wg-config
|
||||||
|
|
||||||
- name: Read public key from local filesystem
|
- name: Read public key
|
||||||
set_fact:
|
set_fact:
|
||||||
public_key: "{{lookup('file', public_key_file_path)}}"
|
public_key: "{{lookup('file', public_key_file_path)}}"
|
||||||
tags:
|
tags:
|
||||||
|
@ -128,14 +131,14 @@
|
||||||
- name: Generate WireGuard configuration file
|
- name: Generate WireGuard configuration file
|
||||||
template:
|
template:
|
||||||
src: wg-fullmesh.conf.j2
|
src: wg-fullmesh.conf.j2
|
||||||
dest: "{{wireguard_remote_directory}}/wg0.conf"
|
dest: "{{wireguard_remote_directory}}/{{wireguard_interface}}.conf"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0600
|
mode: 0600
|
||||||
notify:
|
|
||||||
- restart wireguard
|
|
||||||
tags:
|
tags:
|
||||||
- wg-config
|
- wg-config
|
||||||
|
notify:
|
||||||
|
- restart wireguard
|
||||||
|
|
||||||
- name: Start and enable WireGuard service
|
- name: Start and enable WireGuard service
|
||||||
service:
|
service:
|
||||||
|
|
|
@ -1,14 +1,19 @@
|
||||||
#jinja2: trim_blocks:False
|
#jinja2: lstrip_blocks:"True",trim_blocks:"True"
|
||||||
[Interface]
|
[Interface]
|
||||||
Address = {{vpn_ip}}
|
Address = {{hostvars[inventory_hostname].wireguard_ip}}
|
||||||
PrivateKey = {{private_key}}
|
PrivateKey = {{private_key}}
|
||||||
ListenPort = {{wireguard_port}}
|
ListenPort = {{wireguard_port}}
|
||||||
|
|
||||||
{% for host in groups["vpn"] %}
|
{% for host in groups["vpn"] %}
|
||||||
{%- if host != inventory_hostname -%}
|
{% if host != inventory_hostname %}
|
||||||
[Peer]
|
[Peer]
|
||||||
PublicKey = {{hostvars[host]['public_key']}}
|
PublicKey = {{hostvars[host].public_key}}
|
||||||
AllowedIPs = {{hostvars[host]['vpn_ip']}}/32
|
AllowedIPs = {{hostvars[host].wireguard_ip}}/32
|
||||||
|
{% if hostvars[host].wireguard_endpoint is not defined %}
|
||||||
Endpoint = {{host}}:{{wireguard_port}}
|
Endpoint = {{host}}:{{wireguard_port}}
|
||||||
{%- endif -%}
|
{% elif hostvars[host].wireguard_endpoint != "" %}
|
||||||
|
Endpoint = {{hostvars[host].wireguard_endpoint}}:{{wireguard_port}}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{% endif %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
Reference in a new issue