48 lines
1.2 KiB
YAML
48 lines
1.2 KiB
YAML
|
---
|
||
|
- name: install wireguard
|
||
|
apt:
|
||
|
name: wireguard
|
||
|
update_cache: yes
|
||
|
cache_valid_time: 3600
|
||
|
|
||
|
- name: generate private and public key pair
|
||
|
args:
|
||
|
creates: /etc/wireguard
|
||
|
shell: |
|
||
|
mkdir -p /etc/wireguard/
|
||
|
cd /etc/wireguard/
|
||
|
wg genkey | tee clank-privatekey | wg pubkey > clank-publickey
|
||
|
chmod 0400 clank-privatekey
|
||
|
chmod 0400 clank-publickey
|
||
|
|
||
|
- name: read public key
|
||
|
command: cat /etc/wireguard/clank-publickey
|
||
|
register: wireguard_publickey
|
||
|
|
||
|
- name: read private key
|
||
|
command: cat /etc/wireguard/clank-privatekey
|
||
|
register: wireguard_privatekey
|
||
|
|
||
|
- name: print publickey
|
||
|
debug:
|
||
|
msg: "{{ wireguard_publickey.stdout_lines[0] }}"
|
||
|
|
||
|
- name: Generate WireGuard configuration
|
||
|
template:
|
||
|
src: wireguard.conf.j2
|
||
|
dest: /etc/wireguard/wg0.conf
|
||
|
vars:
|
||
|
interface_address: "{{ wireguard_peer_ip }}"
|
||
|
listen_port: " {{ main_wireguard_port }} "
|
||
|
private_key: "{{ wireguard_privatekey.stdout_lines[0] }}"
|
||
|
allowed_ips: "10.0.9.0/24"
|
||
|
peer_public_key: "{{ main_wireguard_public_key }}"
|
||
|
endpoint: "{{ main_wireguard_ip }}:{{ main_wireguard_port }}"
|
||
|
persistent_keepalive: 25
|
||
|
|
||
|
- name: enable and start wireguard service
|
||
|
systemd:
|
||
|
name: "wg-quick@wg0"
|
||
|
state: started
|
||
|
enabled: yes
|