--- - name: install wireguard apt: name: wireguard update_cache: yes cache_valid_time: 3600 - name: generate private and public key pair args: creates: /etc/wireguard shell: | mkdir -p /etc/wireguard/ cd /etc/wireguard/ wg genkey | tee clank-privatekey | wg pubkey > clank-publickey chmod 0400 clank-privatekey chmod 0400 clank-publickey - name: read public key command: cat /etc/wireguard/clank-publickey register: wireguard_publickey - name: read private key command: cat /etc/wireguard/clank-privatekey register: wireguard_privatekey - name: print publickey debug: msg: "{{ wireguard_publickey.stdout_lines[0] }}" - name: Generate WireGuard configuration template: src: wireguard.conf.j2 dest: /etc/wireguard/wg0.conf vars: interface_address: "{{ wireguard_peer_ip }}" listen_port: " {{ main_wireguard_port }} " private_key: "{{ wireguard_privatekey.stdout_lines[0] }}" allowed_ips: "10.0.9.0/24" peer_public_key: "{{ main_wireguard_public_key }}" endpoint: "{{ main_wireguard_ip }}:{{ main_wireguard_port }}" persistent_keepalive: 25 - name: enable and start wireguard service systemd: name: "wg-quick@wg0" state: started enabled: yes - name: Update apt cache apt: update_cache: yes - name: Install prerequisite packages apt: name: - apt-transport-https - ca-certificates - curl - gnupg - lsb-release state: present - name: Add Docker GPG key apt_key: url: https://download.docker.com/linux/debian/gpg state: present - name: Add Docker repository apt_repository: repo: "deb [arch=amd64] https://download.docker.com/linux/debian {{ ansible_lsb.codename }} stable" state: present - name: Install Docker apt: name: docker-ce state: present - name: Start and enable Docker service service: name: docker state: started enabled: yes - name: Download Docker Compose get_url: url: "https://github.com/docker/compose/releases/latest/download/docker-compose-Linux-x86_64" dest: /usr/local/bin/docker-compose mode: 'u=rwx,g=rx,o=rx' - name: Set executable permissions for Docker Compose file: path: /usr/local/bin/docker-compose mode: 'u=rwx,g=rx,o=rx' - name: install git apt: name: - git - python3 - python3-pip update_cache: yes cache_valid_time: 3600 - name: Install docker package pip: name: - docker - docker-compose state: present # Monitoring ## node exporter - name: clone private git repository git: repo: https://git:{{ git_token }}@git.front.kjuulh.io/kjuulh/node-exporter-local.git dest: ~/git/git.front.kjuulh.io/kjuulh/node-exporter-local version: main force: yes - name: ensure docker compose file exists stat: path: ~/git/git.front.kjuulh.io/kjuulh/node-exporter-local/docker-compose.yml register: compose_file_stat - name: run docker compose docker_compose: project_src: ~/git/git.front.kjuulh.io/kjuulh/node-exporter-local/ when: compose_file_stat.stat.exists ## container exporter - name: clone private git repository git: repo: https://git:{{ git_token }}@git.front.kjuulh.io/kjuulh/container-exporter-local.git dest: ~/git/git.front.kjuulh.io/kjuulh/container-exporter-local version: main force: yes - name: ensure docker compose file exists stat: path: ~/git/git.front.kjuulh.io/kjuulh/container-exporter-local/docker-compose.yml register: compose_file_stat - name: run docker compose docker_compose: project_src: ~/git/git.front.kjuulh.io/kjuulh/container-exporter-local/ when: compose_file_stat.stat.exists