serverctl/infrastructure/create-resources/ansible/roles/wireguard/mesh/tasks/main.yml
kjuulh 5c9f96be8e
All checks were successful
continuous-integration/drone/push Build is passing
Add homeserver to infra
2022-02-24 21:36:07 +01:00

94 lines
2.5 KiB
YAML

---
- name: Print distro
ansible.builtin.debug:
msg: Current distro {{ansible_distribution}}
- name: install wireguard
apt:
name: wireguard
state: present
become: yes
when: ansible_distribution == 'Debian' or ansible_distribution == "Ubuntu"
- name: install wireguard
pacman:
name: wireguard-tools
state: present
become: yes
when: ansible_distribution == "Archlinux"
- name: generate wireguard keypair
shell: wg genkey | tee /etc/wireguard/serverctl-privatekey | wg pubkey | tee /etc/wireguard/serverctl-publickey
args:
creates: /etc/wireguard/serverctl-privatekey
become: yes
- name: register private key
shell: cat /etc/wireguard/serverctl-privatekey
register: wireguard_private_key
changed_when: false
become: yes
- name: register public key
shell: cat /etc/wireguard/serverctl-publickey
register: wireguard_public_key
changed_when: false
become: yes
- name: generate preshared keypair
shell: "wg genpsk > /etc/wireguard/serverctl-psk-{{item}}"
args:
creates: "/etc/wireguard/serverctl-psk-{{item}}"
when: inventory_hostname < item
with_items: "{{groups['serverctl_super_cluster']}}"
become: yes
- name: register preshared key
shell: "cat /etc/wireguard/serverctl-psk-{{item}}"
register: wireguard_preshared_key
changed_when: false
when: inventory_hostname < item
with_items: "{{groups['serverctl_super_cluster']}}"
become: yes
- name: message preshared keys
set_fact: "wireguard_preshared_keys={{wireguard_preshared_keys|default({}) | combine({item.item: item.stdout})}}"
when: item.skipped is not defined
with_items: "{{wireguard_preshared_key.results}}"
become: yes
#- name: print hostvars
# ansible.builtin.debug:
# msg: "{{hostvars[item]}}"
# with_items: "{{groups['serverctl_super_cluster']}}"
- name: Setup wg0 device
template:
src: 'systemd.netdev'
dest: '{{systemd_network_dir}}/99-serverctl-wg0.netdev'
owner: root
group: systemd-network
mode: 0640
become: yes
notify: systemd network restart
- name: Setup wg0 network
template:
src: 'systemd.network'
dest: "{{systemd_network_dir}}/99-serverctl-wg0.network"
owner: root
group: systemd-network
mode: 0640
become: yes
notify: systemd network restart
#- name: Start and enalbe wireguard on book
# systemd:
# name: wg-quick@wgserverctl0
# enabled: yes
# state: started
#- debug: msg="{{item.1}} - {{ (wireguard_base_ipv4|ipaddr(item.0 + 1)) }}"
# with_indexed_items: "{{groups.serverctl_mesh_nodes}}"