clank-manage/roles/wireguard/tasks/main.yaml

48 lines
1.2 KiB
YAML
Raw Normal View History

2023-05-14 21:52:03 +02:00
---
- name: install wireguard
apt:
name: wireguard
update_cache: yes
cache_valid_time: 3600
- name: generate private and public key pair
args:
creates: /etc/wireguard
shell: |
mkdir -p /etc/wireguard/
cd /etc/wireguard/
wg genkey | tee clank-privatekey | wg pubkey > clank-publickey
chmod 0400 clank-privatekey
chmod 0400 clank-publickey
- name: read public key
command: cat /etc/wireguard/clank-publickey
register: wireguard_publickey
- name: read private key
command: cat /etc/wireguard/clank-privatekey
register: wireguard_privatekey
- name: print publickey
debug:
msg: "{{ wireguard_publickey.stdout_lines[0] }}"
- name: Generate WireGuard configuration
template:
src: wireguard.conf.j2
dest: /etc/wireguard/wg0.conf
vars:
interface_address: "{{ wireguard_peer_ip }}"
listen_port: " {{ main_wireguard_port }} "
private_key: "{{ wireguard_privatekey.stdout_lines[0] }}"
allowed_ips: "10.0.9.0/24"
peer_public_key: "{{ main_wireguard_public_key }}"
endpoint: "{{ main_wireguard_ip }}:{{ main_wireguard_port }}"
persistent_keepalive: 25
- name: enable and start wireguard service
systemd:
name: "wg-quick@wg0"
state: started
enabled: yes