73 lines
1.9 KiB
YAML
73 lines
1.9 KiB
YAML
- name: Get kernel release
|
|
command: 'uname -r'
|
|
register: uname_r_result
|
|
no_log: true
|
|
|
|
- name: Install packages
|
|
apt:
|
|
name:
|
|
- wireguard
|
|
- linux-headers-{{ uname_r_result.stdout }}
|
|
state: latest
|
|
install_recommends: false
|
|
|
|
- name: Generate Wireguard keypair
|
|
shell: wg genkey | tee /etc/wireguard/privatekey | wg pubkey | tee /etc/wireguard/publickey
|
|
args:
|
|
creates: /etc/wireguard/privatekey
|
|
|
|
- name: Register private key
|
|
shell: cat /etc/wireguard/privatekey
|
|
register: wireguard_private_key
|
|
changed_when: false
|
|
|
|
- name: Register public key
|
|
shell: cat /etc/wireguard/publickey
|
|
register: wireguard_public_key
|
|
changed_when: false
|
|
|
|
- name: Generate Preshared Key Pair
|
|
shell: "wg genpsk > /etc/wireguard/psk-{{ item }}"
|
|
args:
|
|
creates: "/etc/wireguard/psk-{{ item }}"
|
|
when: inventory_hostname < item
|
|
with_items: "{{ groups['all'] }}"
|
|
|
|
- name: Register preshared key
|
|
shell: "cat /etc/wireguard/psk-{{ item }}"
|
|
register: wireguard_preshared_key
|
|
changed_when: false
|
|
when: inventory_hostname < item
|
|
with_items: "{{ groups['all'] }}"
|
|
|
|
- name: Destructure into dictionary
|
|
set_fact: "wireguard_preshared_keys={{ wireguard_preshared_keys|default({}) | combine( {item.item: item.stdout} ) }}"
|
|
when: item.skipped is not defined
|
|
with_items: "{{ wireguard_preshared_key.results }}"
|
|
|
|
- name: Setup wg0 config
|
|
template:
|
|
src: "wg0.conf.j2"
|
|
dest: /etc/wireguard/wg0.conf
|
|
owner: root
|
|
group: root
|
|
mode: 0600
|
|
|
|
- name: Check if wg0 interface is up
|
|
shell: "ip link show wg0"
|
|
register: wg0_status
|
|
ignore_errors: true
|
|
|
|
- name: Stop WireGuard service if wg0 is up
|
|
command: "wg-quick down wg0"
|
|
when: wg0_status.rc == 0
|
|
|
|
- name: Use wg-quick to setup
|
|
command: "wg-quick up wg0"
|
|
|
|
- name: Enable wg-quick setup service
|
|
command: "systemctl enable wg-quick@wg0.service"
|
|
|
|
- name: ping
|
|
command: "ping -c6 -W 3 {{ hostvars[item].wireguard_ip }}"
|
|
with_items: "{{ groups['all'] }}" |