PiFrame
/
ansible-role-wireguard
Archived
3
0
Fork 0
Code Pull Requests Releases Activity

refactor

This commit is contained in:
githubixx 2018-07-23 23:50:53 +02:00
parent af444f8b77
commit f2cfbe2f09
3 changed files with 23 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
defaults/main.yml
View File

@ -8,6 +8,8 @@
# the parent directory is writable by the user that runs "ansible-playbook" # the parent directory is writable by the user that runs "ansible-playbook"
# command. # command.
wireguard_cert_directory: "{{ '~/wireguard/certs' | expanduser }}" wireguard_cert_directory: "{{ '~/wireguard/certs' | expanduser }}"
wireguard_cert_owner: "root"
wireguard_cert_group: "root"
# Directory to store Wireguard configuration on the remote hosts # Directory to store Wireguard configuration on the remote hosts
wireguard_remote_directory: "/etc/wireguard" wireguard_remote_directory: "/etc/wireguard"

17
tasks/main.yml
View File

@ -1,4 +1,7 @@
--- ---
- name: Gather instance facts
setup:
- include_tasks: "setup-{{ansible_os_family|lower}}.yml" - include_tasks: "setup-{{ansible_os_family|lower}}.yml"
- name: Install WireGuard - name: Install WireGuard
@ -90,7 +93,7 @@
module: template module: template
src: "wg-privatekey.j2" src: "wg-privatekey.j2"
dest: "{{private_key_file_path}}" dest: "{{private_key_file_path}}"
mode: 0600 mode: 0644
when: private_key_file_stat.stat.exists == False when: private_key_file_stat.stat.exists == False
tags: tags:
- wg-generate-keys - wg-generate-keys
@ -100,18 +103,18 @@
module: template module: template
src: "wg-publickey.j2" src: "wg-publickey.j2"
dest: "{{public_key_file_path}}" dest: "{{public_key_file_path}}"
mode: 0600 mode: 0644
when: private_key_file_stat.stat.exists == False when: private_key_file_stat.stat.exists == False
tags: tags:
- wg-generate-keys - wg-generate-keys
- name: Read private key from local filesystem - name: Read private key
set_fact: set_fact:
private_key: "{{lookup('file', private_key_file_path)}}" private_key: "{{lookup('file', private_key_file_path)}}"
tags: tags:
wg-config wg-config
- name: Read public key from local filesystem - name: Read public key
set_fact: set_fact:
public_key: "{{lookup('file', public_key_file_path)}}" public_key: "{{lookup('file', public_key_file_path)}}"
tags: tags:
@ -128,14 +131,14 @@
- name: Generate WireGuard configuration file - name: Generate WireGuard configuration file
template: template:
src: wg-fullmesh.conf.j2 src: wg-fullmesh.conf.j2
dest: "{{wireguard_remote_directory}}/wg0.conf" dest: "{{wireguard_remote_directory}}/{{wireguard_interface}}.conf"
owner: root owner: root
group: root group: root
mode: 0600 mode: 0600
notify:
- restart wireguard
tags: tags:
- wg-config - wg-config
notify:
- restart wireguard
- name: Start and enable WireGuard service - name: Start and enable WireGuard service
service: service:

17
templates/wg-fullmesh.conf.j2
View File

@ -1,14 +1,19 @@
#jinja2: trim_blocks:False #jinja2: lstrip_blocks:"True",trim_blocks:"True"
[Interface] [Interface]
Address = {{vpn_ip}} Address = {{hostvars[inventory_hostname].wireguard_ip}}
PrivateKey = {{private_key}} PrivateKey = {{private_key}}
ListenPort = {{wireguard_port}} ListenPort = {{wireguard_port}}
{% for host in groups["vpn"] %} {% for host in groups["vpn"] %}
{%- if host != inventory_hostname -%} {% if host != inventory_hostname %}
[Peer] [Peer]
PublicKey = {{hostvars[host]['public_key']}} PublicKey = {{hostvars[host].public_key}}
AllowedIPs = {{hostvars[host]['vpn_ip']}}/32 AllowedIPs = {{hostvars[host].wireguard_ip}}/32
{% if hostvars[host].wireguard_endpoint is not defined %}
Endpoint = {{host}}:{{wireguard_port}} Endpoint = {{host}}:{{wireguard_port}}
{%- endif -%} {% elif hostvars[host].wireguard_endpoint != "" %}
Endpoint = {{hostvars[host].wireguard_endpoint}}:{{wireguard_port}}
{% endif %}
{% endif %}
{% endfor %} {% endfor %}