48 lines
1.4 KiB
YAML
48 lines
1.4 KiB
YAML
- name: "Ensure wireguard is installed"
|
|
ansible.builtin.apt:
|
|
update_cache: true
|
|
name:
|
|
- wireguard
|
|
|
|
- name: "Ensure /etc/wireguard directory exists"
|
|
ansible.builtin.file:
|
|
path: "/etc/wireguard/"
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: '0750'
|
|
|
|
- name: "Ensure wireguard private key is present"
|
|
ansible.builtin.shell:
|
|
cmd: "wg genkey > /etc/wireguard/privatekey"
|
|
creates: "/etc/wireguard/privatekey"
|
|
|
|
- name: "Ensure proper permissions are set on wireguard private key"
|
|
ansible.builtin.file:
|
|
path: "/etc/wireguard/privatekey"
|
|
mode: '0640'
|
|
owner: root
|
|
group: systemd-network
|
|
|
|
- name: "Ensure wireguard publickey file exists"
|
|
ansible.builtin.shell:
|
|
cmd: "wg pubkey < /etc/wireguard/privatekey > /etc/wireguard/publickey"
|
|
creates: "/etc/wireguard/publickey"
|
|
|
|
- name: "Ensure internal wireguard interfaces are present"
|
|
ansible.builtin.template:
|
|
src: internal-wg-interface.j2
|
|
dest: /etc/wireguard/int-{{ item }}.conf
|
|
mode: "0640"
|
|
loop: "{{ routers.keys() | list }}"
|
|
when: item != shortname
|
|
register: if_changed
|
|
|
|
- name: "Restart wg-quick units for changed interfaces"
|
|
ansible.builtin.systemd:
|
|
name: "wg-quick@int-{{ item.item }}"
|
|
state: restarted
|
|
enabled: true
|
|
loop: "{{ if_changed.results | selectattr('changed') | list }}"
|
|
when: if_changed is defined and if_changed.results | length > 0
|