wireguard-mesh-network-role/tasks/main.yml

- name: Generate Wireguard keypair
  shell: wg genkey | tee /etc/wireguard/privatekey | wg pubkey | tee /etc/wireguard/publickey
  args:
    creates: /etc/wireguard/privatekey

- name: Register private key
  shell: cat /etc/wireguard/privatekey
  register: wireguard_private_key
  changed_when: false

- name: Register public key
  shell: cat /etc/wireguard/publickey
  register: wireguard_public_key
  changed_when: false

- name: Generate Preshared Key Pair
  shell: "wg genpsk > /etc/wireguard/psk-{{ item }}"
  args:
    creates: "/etc/wireguard/psk-{{ item }}"
  when: inventory_hostname < item
  with_items: "{{ groups['all'] }}"

- name: Register preshared key
  shell: "cat /etc/wireguard/psk-{{ item }}"
  register: wireguard_preshared_key
  changed_when: false
  when: inventory_hostname < item
  with_items: "{{ groups['all'] }}"

- name: Destructure into dictionary
  set_fact: "wireguard_preshared_keys={{ wireguard_preshared_keys|default({}) | combine( {item.item: item.stdout} ) }}"
  when: item.skipped is not defined
  with_items: "{{ wireguard_preshared_key.results }}"

- name: Setup wg0 config
  template:
    src: "wg0.conf.j2"
    dest: /etc/wireguard/wg0.conf
    owner: root
    group: root
    mode: 0600

- name: Check if wg0 interface is up
  shell: "ip link show wg0"
  register: wg0_status
  ignore_errors: true

- name: Stop WireGuard service if wg0 is up
  command: "wg-quick down wg0"
  when: wg0_status.rc == 0

- name: Use wg-quick to setup
  command: "wg-quick up wg0"

- name: Enable wg-quick setup service
  command: "systemctl enable wg-quick@wg0.service"

- name: ping
  command: "ping -c6 -W 3 {{ hostvars[item].wireguard_ip }}"
  with_items: "{{ groups['all'] }}"
Inital commit 2023-11-08 01:13:53 +08:00			`- name: Generate Wireguard keypair`
			`shell: wg genkey \| tee /etc/wireguard/privatekey \| wg pubkey \| tee /etc/wireguard/publickey`
			`args:`
			`creates: /etc/wireguard/privatekey`

			`- name: Register private key`
			`shell: cat /etc/wireguard/privatekey`
			`register: wireguard_private_key`
			`changed_when: false`

			`- name: Register public key`
			`shell: cat /etc/wireguard/publickey`
			`register: wireguard_public_key`
			`changed_when: false`

			`- name: Generate Preshared Key Pair`
			`shell: "wg genpsk > /etc/wireguard/psk-{{ item }}"`
			`args:`
			`creates: "/etc/wireguard/psk-{{ item }}"`
			`when: inventory_hostname < item`
			`with_items: "{{ groups['all'] }}"`

			`- name: Register preshared key`
			`shell: "cat /etc/wireguard/psk-{{ item }}"`
			`register: wireguard_preshared_key`
			`changed_when: false`
			`when: inventory_hostname < item`
			`with_items: "{{ groups['all'] }}"`

			`- name: Destructure into dictionary`
			`set_fact: "wireguard_preshared_keys={{ wireguard_preshared_keys\|default({}) \| combine( {item.item: item.stdout} ) }}"`
			`when: item.skipped is not defined`
			`with_items: "{{ wireguard_preshared_key.results }}"`

			`- name: Setup wg0 config`
			`template:`
			`src: "wg0.conf.j2"`
			`dest: /etc/wireguard/wg0.conf`
			`owner: root`
			`group: root`
			`mode: 0600`

			`- name: Check if wg0 interface is up`
			`shell: "ip link show wg0"`
			`register: wg0_status`
			`ignore_errors: true`

			`- name: Stop WireGuard service if wg0 is up`
			`command: "wg-quick down wg0"`
			`when: wg0_status.rc == 0`

			`- name: Use wg-quick to setup`
			`command: "wg-quick up wg0"`

			`- name: Enable wg-quick setup service`
			`command: "systemctl enable wg-quick@wg0.service"`

			`- name: ping`
			`command: "ping -c6 -W 3 {{ hostvars[item].wireguard_ip }}"`
			`with_items: "{{ groups['all'] }}"`