121 lines
2.8 KiB
YAML
121 lines
2.8 KiB
YAML
---
|
|
- name: Determine kernel release
|
|
shell: "uname -r"
|
|
register: kernel_release
|
|
|
|
- name: Install required packages
|
|
package:
|
|
name: "{{item}}"
|
|
state: present
|
|
with_items:
|
|
- software-properties-common
|
|
- linux-headers-{{kernel_release}}
|
|
|
|
- name : Add WireGuard repository
|
|
apt_repository:
|
|
repo: "ppa:wireguard/wireguard"
|
|
state: present
|
|
update_cache: yes
|
|
|
|
- name: Install WireGuard
|
|
package:
|
|
name: "{{item}}"
|
|
state: present
|
|
with_items:
|
|
- wireguard-dkms
|
|
- wireguard-tools
|
|
|
|
- name: Enable WireGuard kernel module
|
|
modprobe:
|
|
name: wireguard
|
|
state: present
|
|
register: wireguard_module_enabled
|
|
until: wireguard_module_enabled is succeeded
|
|
retries: 10
|
|
delay: 10
|
|
failed_when: wireguard_module_enabled is failure
|
|
|
|
- name: Create WireGuard certificates directory
|
|
file:
|
|
dest: "{{wireguard_cert_directory}}"
|
|
state: directory
|
|
mode: 0700
|
|
run_once: true
|
|
delegate_to: localhost
|
|
|
|
- name: Register if private key already exists
|
|
local_action:
|
|
module: stat
|
|
path: "{{wireguard_cert_directory}}/{{inventory_hostname}}.private.key"
|
|
register: private_key_file
|
|
tags:
|
|
- wg-generate-keys
|
|
|
|
- name: Generate WireGuard private key
|
|
shell: "wg genkey"
|
|
register: wg_private_key_result
|
|
with_inventory_hostnames:
|
|
- vpn
|
|
when: private_key_file.stat.exists == False
|
|
tags:
|
|
- wg-generate-keys
|
|
|
|
- name: Set private key fact
|
|
set_fact:
|
|
wg_private_key: "{{wg_private_key_result.results[0].stdout}}"
|
|
when: private_key_file.stat.exists == False
|
|
tags:
|
|
- wg-generate-keys
|
|
|
|
- name: Generate WireGuard public key
|
|
shell: "echo '{{wg_private_key}}' | wg pubkey"
|
|
register: wg_public_key_result
|
|
when: private_key_file.stat.exists == False
|
|
with_inventory_hostnames:
|
|
- vpn
|
|
tags:
|
|
- wg-generate-keys
|
|
|
|
- name: Set public key fact
|
|
set_fact:
|
|
wg_public_key: "{{wg_public_key_result.results[0].stdout}}"
|
|
when: private_key_file.stat.exists == False
|
|
tags:
|
|
- wg-generate-keys
|
|
|
|
- name: Store hosts private key locally
|
|
local_action:
|
|
module: template
|
|
src: "wg-privatekey.j2"
|
|
dest: "{{wireguard_cert_directory}}/{{inventory_hostname}}.private.key"
|
|
mode: 0600
|
|
when: private_key_file.stat.exists == False
|
|
tags:
|
|
- wg-generate-keys
|
|
|
|
- name: Store hosts public key locally
|
|
local_action:
|
|
module: template
|
|
src: "wg-publickey.j2"
|
|
dest: "{{wireguard_cert_directory}}/{{inventory_hostname}}.public.key"
|
|
mode: 0600
|
|
when: private_key_file.stat.exists == False
|
|
tags:
|
|
- wg-generate-keys
|
|
|
|
#- name: Generate WireGuard configuration file
|
|
# template:
|
|
# src: wireguard.conf.j2
|
|
# dest: /etc/wireguard/wg0.conf
|
|
# owner: root
|
|
# group: root
|
|
# mode: 0600
|
|
# force: no
|
|
#
|
|
#
|
|
#- name: Start and enable WireGuard service
|
|
# service:
|
|
# name: wg-quick@wg0
|
|
# state: started
|
|
# enabled: yes
|