91 lines
2.3 KiB
YAML
91 lines
2.3 KiB
YAML
---
|
|
- name: "Ensure wireguard is installed"
|
|
ansible.builtin.apt:
|
|
update_cache: true
|
|
name:
|
|
- wireguard
|
|
|
|
- name: "Ensure /etc/wireguard directory exists"
|
|
ansible.builtin.file:
|
|
path: "/etc/wireguard/"
|
|
state: directory
|
|
owner: root
|
|
group: systemd-network
|
|
mode: '0750'
|
|
|
|
- name: "Ensure wireguard private key is present"
|
|
ansible.builtin.shell:
|
|
cmd: "wg genkey > /etc/wireguard/privatekey"
|
|
creates: "/etc/wireguard/privatekey"
|
|
notify:
|
|
- "Reload systemd"
|
|
- "Reload networkd"
|
|
|
|
- name: "Ensure proper permissions are set on wireguard private key"
|
|
ansible.builtin.file:
|
|
path: "/etc/wireguard/privatekey"
|
|
mode: '0640'
|
|
owner: root
|
|
group: systemd-network
|
|
notify:
|
|
- "Reload systemd"
|
|
- "Reload networkd"
|
|
|
|
- name: "Ensure wireguard publickey file exists"
|
|
ansible.builtin.shell:
|
|
cmd: "wg pubkey < /etc/wireguard/privatekey > /etc/wireguard/publickey"
|
|
creates: "/etc/wireguard/publickey"
|
|
notify:
|
|
- "Reload systemd"
|
|
- "Reload networkd"
|
|
|
|
- name: "Ensure internal peering systemd netdevs exist"
|
|
ansible.builtin.template:
|
|
src: wireguard_peer.netdev.j2
|
|
dest: /etc/systemd/network/{{ peer.name }}.netdev
|
|
mode: "0644"
|
|
loop: "{{ internal_peers | default([]) }}"
|
|
loop_control:
|
|
loop_var: peer
|
|
when: internal_peers is not none and 'wg' in peer
|
|
notify:
|
|
- "Reload systemd"
|
|
- "Reload networkd"
|
|
|
|
- name: "Create internal peering systemd networks"
|
|
ansible.builtin.template:
|
|
src: wireguard_peer.network.j2
|
|
dest: /etc/systemd/network/{{ peer.name }}.network
|
|
mode: "0644"
|
|
loop: "{{ internal_peers | default([]) }}"
|
|
loop_control:
|
|
loop_var: peer
|
|
when: internal_peers is not none and 'wg' in peer
|
|
notify:
|
|
- "Reload systemd"
|
|
- "Reload networkd"
|
|
|
|
- name: "Create peering systemd netdevs"
|
|
ansible.builtin.template:
|
|
src: wireguard_peer.netdev.j2
|
|
dest: /etc/systemd/network/{{ peer.name }}.netdev
|
|
mode: "0644"
|
|
loop: "{{ peers | default([]) }}"
|
|
loop_control:
|
|
loop_var: peer
|
|
notify:
|
|
- "Reload systemd"
|
|
- "Reload networkd"
|
|
|
|
- name: "Create peering systemd networks"
|
|
ansible.builtin.template:
|
|
src: wireguard_peer.network.j2
|
|
dest: /etc/systemd/network/{{ peer.name }}.network
|
|
mode: "0644"
|
|
loop: "{{ peers | default([]) }}"
|
|
loop_control:
|
|
loop_var: peer
|
|
notify:
|
|
- "Reload systemd"
|
|
- "Reload networkd"
|