adelgado/ansible-role-wireguard_client
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ansible-role-wireguard_client/tasks/configure.yml

84 lines
2.3 KiB
YAML
Raw Normal View History

Initial commit with previous code
2022-10-11 09:19:16 +02:00
---
- name: Ensure keys are generated
shell: umask 077 && wg genkey | tee /etc/wireguard/privatekey | wg pubkey > /etc/wireguard/publickey
args:
creates: /etc/wireguard/publickey
Show reminder when key generated
2023-04-20 13:26:28 +02:00
register: key_generation
Initial commit with previous code
2022-10-11 09:19:16 +02:00
notify:
- Restart Wireguard service
- name: Register private key
Use list of all peers
2022-11-04 16:55:00 +01:00
slurp:
src: /etc/wireguard/privatekey
fix slurp
2022-11-04 16:59:47 +01:00
register: private_key_slurp
- name: Set private key variable
fix set fact
2022-11-04 17:00:30 +01:00
set_fact:
trim public key
2023-10-05 10:16:26 +02:00
private_key: "{{ private_key_slurp.content | b64decode | trim}}"
Initial commit with previous code
2022-10-11 09:19:16 +02:00
configure all peers
2023-04-06 19:20:03 +02:00
- name: Register public key
slurp:
src: /etc/wireguard/publickey
register: public_key_slurp
- name: Set public key variable
set_fact:
public_key: "{{ public_key_slurp.content | b64decode }}"
replace new lines
2023-04-06 19:34:26 +02:00
- name: Ensure Wireguard client is configured
reverse changes
2023-04-06 19:46:17 +02:00
template:
src: templates/wireguard_client.conf
dest: "/etc/wireguard/{{ interface_name }}.conf"
backup: yes
notify:
- Restart Wireguard service
Initial commit with previous code
2022-10-11 09:19:16 +02:00
- name: Ensure UFW firewall rule exists
ufw:
rule: allow
change to inventory variables per host
2023-10-05 09:41:23 +02:00
port: "{{ listenport }}"
Initial commit with previous code
2022-10-11 09:19:16 +02:00
comment: 'Wireguard client listener'
proto: udp
add restart of vpn when changes
2023-07-12 07:56:01 +02:00
notify:
- Restart Wireguard service
Initial commit with previous code
2022-10-11 09:19:16 +02:00
reverse changes
2023-04-06 19:46:17 +02:00
- name: Show public key reminder
debug:
msg: "Remember to add this host '{{ inventory_hostname }}'' public key to the inventory '{{ public_key }}'"
Show reminder when key generated
2023-04-20 13:26:28 +02:00
when: key_generation.changed
add reminder
2022-11-04 17:13:14 +01:00
add ufw rule to allow traffic to server
2023-04-20 13:21:24 +02:00
- name: Get host public IP
uri:
url: https://api.ipify.org?format=json
register: pub_ip
remove firewall rule and fix hosts file config
2023-10-05 10:05:32 +02:00
# - name: Allow traffic to server
# ufw:
# rule: allow
# from: "{{ pub_ip.json.ip }}"
# delegate_to: "{{ groups['wireguard_server'][0] }}"
# notify:
# - Restart Wireguard service
# - Ping Wireguard server
add hosts file entries
2023-08-09 14:04:21 +02:00
get IP address
2023-10-06 21:48:29 +02:00
- name: Configure peers hosts file entry (from wg_address)
add hosts file entries
2023-08-09 14:04:21 +02:00
lineinfile:
path: /etc/hosts
fix hots for router
2023-10-06 18:30:38 +02:00
regexp: "^{{ hostvars[item]['wg_address'] | regex_replace('/.*$', '')}} "
line: "{{ hostvars[item]['wg_address'] | regex_replace('/.*$', '')}} {{ item }}.{{ vpn_domain }}"
add hosts file entries
2023-08-09 14:04:21 +02:00
backup: true
create: true
remove firewall rule and fix hosts file config
2023-10-05 10:05:32 +02:00
loop: "{{ groups['wireguard_clients'] }}"
get IP address
2023-10-06 21:48:29 +02:00
when: "'wg_address' in hostvars[item]"
- name: Configure peers hosts file entry (from allowed IPs)
lineinfile:
path: /etc/hosts
regexp: "^{{ hostvars[item]['AllowedIPs'] | regex_replace('/.*$', '')}} "
line: "{{ hostvars[item]['AllowedIPs'] | regex_replace('/.*$', '')}} {{ item }}.{{ vpn_domain }}"
backup: true
create: true
loop: "{{ groups['wireguard_clients'] }}"
when: "'wg_address' not in hostvars[item]"
Reference in a new issue Copy permalink