diff --git a/hosts b/hosts index 28c10e0..d6887f8 100644 --- a/hosts +++ b/hosts @@ -1,5 +1,10 @@ [bespoke] +renovate ansible_ssh_private_key_file=~/.ssh/id_clank ansible_host=10.0.9.9 +drone ansible_ssh_private_key_file=~/.ssh/id_clank ansible_host=10.0.10.2 + +[wireguard] renovate ansible_ssh_private_key_file=~/.ssh/id_clank ansible_host=10.0.9.9 wireguard_peer_ip=10.0.9.9 [renovate] -renovate ansible_ssh_private_key_file=~/.ssh/id_clank ansible_host=10.0.9.9 wireguard_peer_ip=10.0.9.9 +renovate ansible_ssh_private_key_file=~/.ssh/id_clank ansible_host=10.0.9.9 + diff --git a/roles/bespoke/tasks/main.yaml b/roles/bespoke/tasks/main.yaml index 2eb5628..ebb4a80 100644 --- a/roles/bespoke/tasks/main.yaml +++ b/roles/bespoke/tasks/main.yaml @@ -1,52 +1,4 @@ --- -- name: install wireguard - apt: - name: wireguard - update_cache: yes - cache_valid_time: 3600 - -- name: generate private and public key pair - args: - creates: /etc/wireguard - shell: | - mkdir -p /etc/wireguard/ - cd /etc/wireguard/ - wg genkey | tee clank-privatekey | wg pubkey > clank-publickey - chmod 0400 clank-privatekey - chmod 0400 clank-publickey - -- name: read public key - command: cat /etc/wireguard/clank-publickey - register: wireguard_publickey - -- name: read private key - command: cat /etc/wireguard/clank-privatekey - register: wireguard_privatekey - -- name: print publickey - debug: - msg: "{{ wireguard_publickey.stdout_lines[0] }}" - -- name: Generate WireGuard configuration - template: - src: wireguard.conf.j2 - dest: /etc/wireguard/wg0.conf - vars: - interface_address: "{{ wireguard_peer_ip }}" - listen_port: " {{ main_wireguard_port }} " - private_key: "{{ wireguard_privatekey.stdout_lines[0] }}" - allowed_ips: "10.0.9.0/24" - peer_public_key: "{{ main_wireguard_public_key }}" - endpoint: "{{ main_wireguard_ip }}:{{ main_wireguard_port }}" - persistent_keepalive: 25 - -- name: enable and start wireguard service - systemd: - name: "wg-quick@wg0" - state: started - enabled: yes - - - name: Update apt cache apt: update_cache: yes diff --git a/roles/wireguard/tasks/main.yaml b/roles/wireguard/tasks/main.yaml new file mode 100644 index 0000000..370d30b --- /dev/null +++ b/roles/wireguard/tasks/main.yaml @@ -0,0 +1,47 @@ +--- +- name: install wireguard + apt: + name: wireguard + update_cache: yes + cache_valid_time: 3600 + +- name: generate private and public key pair + args: + creates: /etc/wireguard + shell: | + mkdir -p /etc/wireguard/ + cd /etc/wireguard/ + wg genkey | tee clank-privatekey | wg pubkey > clank-publickey + chmod 0400 clank-privatekey + chmod 0400 clank-publickey + +- name: read public key + command: cat /etc/wireguard/clank-publickey + register: wireguard_publickey + +- name: read private key + command: cat /etc/wireguard/clank-privatekey + register: wireguard_privatekey + +- name: print publickey + debug: + msg: "{{ wireguard_publickey.stdout_lines[0] }}" + +- name: Generate WireGuard configuration + template: + src: wireguard.conf.j2 + dest: /etc/wireguard/wg0.conf + vars: + interface_address: "{{ wireguard_peer_ip }}" + listen_port: " {{ main_wireguard_port }} " + private_key: "{{ wireguard_privatekey.stdout_lines[0] }}" + allowed_ips: "10.0.9.0/24" + peer_public_key: "{{ main_wireguard_public_key }}" + endpoint: "{{ main_wireguard_ip }}:{{ main_wireguard_port }}" + persistent_keepalive: 25 + +- name: enable and start wireguard service + systemd: + name: "wg-quick@wg0" + state: started + enabled: yes diff --git a/roles/bespoke/templates/wireguard.conf.j2 b/roles/wireguard/templates/wireguard.conf.j2 similarity index 100% rename from roles/bespoke/templates/wireguard.conf.j2 rename to roles/wireguard/templates/wireguard.conf.j2