serverctl/infrastructure/create-resources/ansible/roles/wireguard/mesh/tasks/main.yml

---
- name: install wireguard
  apt:
    name: wireguard
    state: present
  become: yes
  when: ansible_distribution == 'Debian' or ansible_distribution == "Ubuntu"

- name: install wireguard
  pacman:
    name: wireguard-tools
    state: present
  become: yes
  when: ansible_distribution == "Archlinux"

- name: generate wireguard keypair
  shell: wg genkey | tee /etc/wireguard/serverctl-privatekey | wg pubkey | tee /etc/wireguard/serverctl-publickey
  args:
    creates: /etc/wireguard/serverctl-privatekey
  become: yes

- name: register private key
  shell: cat /etc/wireguard/serverctl-privatekey
  register: wireguard_private_key
  changed_when: false
  become: yes

- name: register public key
  shell: cat /etc/wireguard/serverctl-publickey
  register: wireguard_public_key
  changed_when: false
  become: yes

- name: generate preshared keypair
  shell: "wg genpsk > /etc/wireguard/serverctl-psk-{{item}}"
  args:
    creates: "/etc/wireguard/serverctl-psk-{{item}}"
  when: inventory_hostname < item
  with_items: "{{groups['serverctl_super_cluster']}}"
  become: yes

- name: register preshared key
  shell: "cat /etc/wireguard/serverctl-psk-{{item}}"
  register: wireguard_preshared_key
  changed_when: false
  when: inventory_hostname < item
  with_items: "{{groups['serverctl_super_cluster']}}"
  become: yes

- name: message preshared keys
  set_fact: "wireguard_preshared_keys={{wireguard_preshared_keys|default({}) | combine({item.item: item.stdout})}}"
  when: item.skipped is not defined
  with_items: "{{wireguard_preshared_key.results}}"
  become: yes

#- name: print hostvars
#  ansible.builtin.debug:
#    msg: "{{hostvars[item]}}"
#  with_items: "{{groups['serverctl_super_cluster']}}"

- name: Setup wg0 device
  template:
    src: 'systemd.netdev'
    dest: '{{systemd_network_dir}}/99-serverctl-wg0.netdev'
    owner: root
    group: systemd-network
    mode: 0640
  become: yes
  notify: systemd network restart

- name: Setup wg0 network
  template:
    src: 'systemd.network'
    dest: "{{systemd_network_dir}}/99-serverctl-wg0.network"
    owner: root
    group: systemd-network
    mode: 0640
  become: yes
  notify: systemd network restart

#- name: Start and enalbe wireguard on book
#  systemd:
#    name: wg-quick@wgserverctl0
#    enabled: yes
#    state: started

#- debug: msg="{{item.1}} - {{ (wireguard_base_ipv4|ipaddr(item.0 + 1)) }}"
#  with_indexed_items: "{{groups.serverctl_mesh_nodes}}"
Add wireguard 2022-02-24 13:57:19 +01:00			`---`
Add homeserver to infra 2022-02-24 21:36:07 +01:00			`- name: install wireguard`
Add wireguard 2022-02-24 13:57:19 +01:00			`apt:`
Add homeserver to infra 2022-02-24 21:36:07 +01:00			`name: wireguard`
Add wireguard 2022-02-24 13:57:19 +01:00			`state: present`
			`become: yes`
Add homeserver to infra 2022-02-24 21:36:07 +01:00			`when: ansible_distribution == 'Debian' or ansible_distribution == "Ubuntu"`
Add wireguard 2022-02-24 13:57:19 +01:00
			`- name: install wireguard`
Add homeserver to infra 2022-02-24 21:36:07 +01:00			`pacman:`
			`name: wireguard-tools`
Add wireguard 2022-02-24 13:57:19 +01:00			`state: present`
			`become: yes`
Add homeserver to infra 2022-02-24 21:36:07 +01:00			`when: ansible_distribution == "Archlinux"`
Add wireguard 2022-02-24 13:57:19 +01:00
			`- name: generate wireguard keypair`
Add homeserver to infra 2022-02-24 21:36:07 +01:00			`shell: wg genkey \| tee /etc/wireguard/serverctl-privatekey \| wg pubkey \| tee /etc/wireguard/serverctl-publickey`
Add wireguard 2022-02-24 13:57:19 +01:00			`args:`
Add homeserver to infra 2022-02-24 21:36:07 +01:00			`creates: /etc/wireguard/serverctl-privatekey`
Add wireguard 2022-02-24 13:57:19 +01:00			`become: yes`

			`- name: register private key`
Add homeserver to infra 2022-02-24 21:36:07 +01:00			`shell: cat /etc/wireguard/serverctl-privatekey`
Add wireguard 2022-02-24 13:57:19 +01:00			`register: wireguard_private_key`
			`changed_when: false`
			`become: yes`

			`- name: register public key`
Add homeserver to infra 2022-02-24 21:36:07 +01:00			`shell: cat /etc/wireguard/serverctl-publickey`
Add wireguard 2022-02-24 13:57:19 +01:00			`register: wireguard_public_key`
			`changed_when: false`
			`become: yes`

			`- name: generate preshared keypair`
Add homeserver to infra 2022-02-24 21:36:07 +01:00			`shell: "wg genpsk > /etc/wireguard/serverctl-psk-{{item}}"`
Add wireguard 2022-02-24 13:57:19 +01:00			`args:`
Add homeserver to infra 2022-02-24 21:36:07 +01:00			`creates: "/etc/wireguard/serverctl-psk-{{item}}"`
Add wireguard 2022-02-24 13:57:19 +01:00			`when: inventory_hostname < item`
Add homeserver to infra 2022-02-24 21:36:07 +01:00			`with_items: "{{groups['serverctl_super_cluster']}}"`
Add wireguard 2022-02-24 13:57:19 +01:00			`become: yes`

			`- name: register preshared key`
Add homeserver to infra 2022-02-24 21:36:07 +01:00			`shell: "cat /etc/wireguard/serverctl-psk-{{item}}"`
Add wireguard 2022-02-24 13:57:19 +01:00			`register: wireguard_preshared_key`
			`changed_when: false`
			`when: inventory_hostname < item`
Add homeserver to infra 2022-02-24 21:36:07 +01:00			`with_items: "{{groups['serverctl_super_cluster']}}"`
Add wireguard 2022-02-24 13:57:19 +01:00			`become: yes`

			`- name: message preshared keys`
			`set_fact: "wireguard_preshared_keys={{wireguard_preshared_keys\|default({}) \| combine({item.item: item.stdout})}}"`
			`when: item.skipped is not defined`
			`with_items: "{{wireguard_preshared_key.results}}"`
			`become: yes`

Add homeserver to infra 2022-02-24 21:36:07 +01:00			`#- name: print hostvars`
			`# ansible.builtin.debug:`
			`# msg: "{{hostvars[item]}}"`
			`# with_items: "{{groups['serverctl_super_cluster']}}"`

Merged configs 2022-02-24 14:03:42 +01:00			`- name: Setup wg0 device`
Add wireguard 2022-02-24 13:57:19 +01:00			`template:`
			`src: 'systemd.netdev'`
Add homeserver to infra 2022-02-24 21:36:07 +01:00			`dest: '{{systemd_network_dir}}/99-serverctl-wg0.netdev'`
Add wireguard 2022-02-24 13:57:19 +01:00			`owner: root`
			`group: systemd-network`
			`mode: 0640`
			`become: yes`
			`notify: systemd network restart`

Merged configs 2022-02-24 14:03:42 +01:00			`- name: Setup wg0 network`
Add wireguard 2022-02-24 13:57:19 +01:00			`template:`
			`src: 'systemd.network'`
Add homeserver to infra 2022-02-24 21:36:07 +01:00			`dest: "{{systemd_network_dir}}/99-serverctl-wg0.network"`
Add wireguard 2022-02-24 13:57:19 +01:00			`owner: root`
			`group: systemd-network`
			`mode: 0640`
			`become: yes`
			`notify: systemd network restart`

			`#- name: Start and enalbe wireguard on book`
			`# systemd:`
			`# name: wg-quick@wgserverctl0`
			`# enabled: yes`
			`# state: started`

			`#- debug: msg="{{item.1}} - {{ (wireguard_base_ipv4\|ipaddr(item.0 + 1)) }}"`
			`# with_indexed_items: "{{groups.serverctl_mesh_nodes}}"`