59 lines
1.5 KiB
YAML
59 lines
1.5 KiB
YAML
---
|
|
- hosts: [wireguard]
|
|
tasks:
|
|
- name: Install wireguard packages
|
|
become: true
|
|
ansible.builtin.apt:
|
|
name: wireguard
|
|
state: present
|
|
|
|
- name: Generate keys
|
|
become: true
|
|
ansible.builtin.shell: |
|
|
umask 0077
|
|
wg genkey > /etc/wireguard/privatekey
|
|
wg pubkey < /etc/wireguard/privatekey > /etc/wireguard/publickey
|
|
args:
|
|
creates:
|
|
- /etc/wireguard/privatekey
|
|
- /etc/wireguard/publickey
|
|
|
|
- name: Register public key
|
|
become: true
|
|
ansible.builtin.shell: cat /etc/wireguard/publickey
|
|
register: wireguard_public_key
|
|
changed_when: false
|
|
|
|
- name: Register private key
|
|
become: true
|
|
ansible.builtin.shell: cat /etc/wireguard/privatekey
|
|
register: wireguard_private_key
|
|
changed_when: false
|
|
|
|
- name: Setup network device
|
|
become: yes
|
|
notify: systemd network restart
|
|
ansible.builtin.template:
|
|
src: ./templates/wireguard/wg0.netdev.j2
|
|
dest: /etc/systemd/network/wg0.netdev
|
|
owner: root
|
|
group: systemd-network
|
|
mode: 0640
|
|
|
|
- name: Setup network
|
|
become: yes
|
|
notify: systemd network restart
|
|
ansible.builtin.template:
|
|
src: ./templates/wireguard/wg0.network.j2
|
|
dest: /etc/systemd/network/wg0.network
|
|
owner: root
|
|
group: systemd-network
|
|
mode: 0640
|
|
|
|
handlers:
|
|
- name: systemd network restart
|
|
become: true
|
|
ansible.builtin.service:
|
|
name: systemd-networkd
|
|
state: restarted
|
|
enabled: true
|