60 lines
1.5 KiB
YAML
60 lines
1.5 KiB
YAML
|
---
|
||
|
|
- hosts: [wireguard]
|
||
|
|
tasks:
|
||
|
|
- name: Install wireguard packages
|
||
|
|
become: true
|
||
|
|
ansible.builtin.apt:
|
||
|
|
name: wireguard
|
||
|
|
state: present
|
||
|
|
|
||
|
|
- name: Generate keys
|
||
|
|
become: true
|
||
|
|
ansible.builtin.shell: |
|
||
|
|
umask 0077
|
||
|
|
wg genkey > /etc/wireguard/privatekey
|
||
|
|
wg pubkey < /etc/wireguard/privatekey > /etc/wireguard/publickey
|
||
|
|
args:
|
||
|
|
creates:
|
||
|
|
- /etc/wireguard/privatekey
|
||
|
|
- /etc/wireguard/publickey
|
||
|
|
|
||
|
|
- name: Register public key
|
||
|
|
become: true
|
||
|
|
ansible.builtin.shell: cat /etc/wireguard/publickey
|
||
|
|
register: wireguard_public_key
|
||
|
|
changed_when: false
|
||
|
|
|
||
|
|
- name: Register private key
|
||
|
|
become: true
|
||
|
|
ansible.builtin.shell: cat /etc/wireguard/privatekey
|
||
|
|
register: wireguard_private_key
|
||
|
|
changed_when: false
|
||
|
|
|
||
|
|
- name: Setup network device
|
||
|
|
become: yes
|
||
|
|
notify: systemd network restart
|
||
|
|
ansible.builtin.template:
|
||
|
|
src: ./templates/wireguard/wg0.netdev.j2
|
||
|
|
dest: /etc/systemd/network/wg0.netdev
|
||
|
|
owner: root
|
||
|
|
group: systemd-network
|
||
|
|
mode: 0640
|
||
|
|
|
||
|
|
- name: Setup network
|
||
|
|
become: yes
|
||
|
|
notify: systemd network restart
|
||
|
|
ansible.builtin.template:
|
||
|
|
src: ./templates/wireguard/wg0.network.j2
|
||
|
|
dest: /etc/systemd/network/wg0.network
|
||
|
|
owner: root
|
||
|
|
group: systemd-network
|
||
|
|
mode: 0640
|
||
|
|
|
||
|
|
handlers:
|
||
|
|
- name: systemd network restart
|
||
|
|
become: true
|
||
|
|
ansible.builtin.service:
|
||
|
|
name: systemd-networkd
|
||
|
|
state: restarted
|
||
|
|
enabled: true
|