adelgado/ansible-role-wireguard_client
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ansible-role-wireguard_client/tasks/configure.yml

97 lines
2.4 KiB
YAML
Raw Normal View History

Initial commit with previous code
2022-10-11 09:19:16 +02:00
---
- name: Ensure keys are generated
shell: umask 077 && wg genkey | tee /etc/wireguard/privatekey | wg pubkey > /etc/wireguard/publickey
args:
creates: /etc/wireguard/publickey
Show reminder when key generated
2023-04-20 13:26:28 +02:00
register: key_generation
Initial commit with previous code
2022-10-11 09:19:16 +02:00
notify:
- Restart Wireguard service
- name: Register private key
Use list of all peers
2022-11-04 16:55:00 +01:00
slurp:
src: /etc/wireguard/privatekey
fix slurp
2022-11-04 16:59:47 +01:00
register: private_key_slurp
- name: Set private key variable
fix set fact
2022-11-04 17:00:30 +01:00
set_fact:
fix private key fact
2022-11-04 17:07:00 +01:00
private_key: "{{ private_key_slurp.content | b64decode }}"
Initial commit with previous code
2022-10-11 09:19:16 +02:00
configure all peers
2023-04-06 19:20:03 +02:00
- name: Register public key
slurp:
src: /etc/wireguard/publickey
register: public_key_slurp
- name: Set public key variable
set_fact:
public_key: "{{ public_key_slurp.content | b64decode }}"
replace new lines
2023-04-06 19:34:26 +02:00
- name: Ensure Wireguard client is configured
reverse changes
2023-04-06 19:46:17 +02:00
template:
src: templates/wireguard_client.conf
dest: "/etc/wireguard/{{ interface_name }}.conf"
backup: yes
notify:
- Restart Wireguard service
Initial commit with previous code
2022-10-11 09:19:16 +02:00
- name: Ensure UFW firewall rule exists
ufw:
rule: allow
configure all peers
2023-04-06 19:20:03 +02:00
port: "{{ vpnes_port }}"
Initial commit with previous code
2022-10-11 09:19:16 +02:00
comment: 'Wireguard client listener'
proto: udp
reverse changes
2023-04-06 19:46:17 +02:00
- name: Show public key reminder
debug:
msg: "Remember to add this host '{{ inventory_hostname }}'' public key to the inventory '{{ public_key }}'"
Show reminder when key generated
2023-04-20 13:26:28 +02:00
when: key_generation.changed
add reminder
2022-11-04 17:13:14 +01:00
Initial commit with previous code
2022-10-11 09:19:16 +02:00
- name: Ensure cron to ping VPN server exists
cron:
change to ping hiljainen
2023-04-06 23:12:16 +02:00
name: Ping Hiljainen
Chagne cron for system units
2023-04-08 13:23:04 +02:00
state: absent
change to ping hiljainen
2023-04-06 23:12:16 +02:00
job: ping -c 3 192.168.2.4 &> /dev/null
Initial commit with previous code
2022-10-11 09:19:16 +02:00
hour: '1'
Use list of all peers
2022-11-04 16:55:00 +01:00
user: gestor
Chagne cron for system units
2023-04-08 13:23:04 +02:00
- name: Ensure service unit to ping server exists
template:
src: templates/ping_wg_server.service.j2
dest: '/etc/systemd/system/ping_wg_server.service'
backup: yes
- name: Ensure timer unit to ping server exists
template:
src: templates/ping_wg_server.timer.j2
dest: '/etc/systemd/system/ping_wg_server.timer'
backup: yes
- name: Ensure ping systemd service unit is enabled
systemd:
name: ping_wg_server.service
disable ping_wg
2023-05-01 12:40:14 +02:00
enabled: false
Chagne cron for system units
2023-04-08 13:23:04 +02:00
daemon_reload: true
masked: false
- name: Ensure ping systemd timer unit is enabled
systemd:
name: ping_wg_server.timer
state: started
disable ping_wg
2023-05-01 12:40:14 +02:00
enabled: false
Chagne cron for system units
2023-04-08 13:23:04 +02:00
daemon_reload: true
masked: false
add ufw rule to allow traffic to server
2023-04-20 13:21:24 +02:00
- name: Get host public IP
uri:
url: https://api.ipify.org?format=json
register: pub_ip
- name: Allow traffic to server
ufw:
rule: allow
from: "{{ pub_ip.json.ip }}"
delegate_to: "{{ groups['wireguard_server'][0] }}"
add one time ping
2023-05-01 12:53:45 +02:00
- name: Ping Hiljainen for monitoring
shell: ping -c 3 -4 192.168.2.4
register: ping_result
Reference in a new issue Copy permalink