ansible-role-wireguard_client/tasks/configure.yml

---
- name: Ensure keys are generated
  shell: umask 077 && wg genkey | tee /etc/wireguard/privatekey | wg pubkey > /etc/wireguard/publickey
  args:
    creates: /etc/wireguard/publickey
  notify:
    - Restart Wireguard service

- name: Register private key
  slurp:
    src: /etc/wireguard/privatekey
  register: private_key_slurp

- name: Set private key variable
  set_fact:
    private_key: "{{ private_key_slurp.content | b64decode }}"

- name: Register public key
  slurp:
    src: /etc/wireguard/publickey
  register: public_key_slurp

- name: Set public key variable
  set_fact:
    public_key: "{{ public_key_slurp.content | b64decode }}"

- name: Ensure git repository is cloned and updated
  git:
    repo: ssh://git@repos.susurrando.com:1122/srv/git.repos/wireguard_peers.git
    dest: /var/lib/from_repos/wireguard_peers
    update: true
    force: true

# [Peer]
# PublicKey = TrMvSoP4jYQlY6RIzBgbssQqY3vxI2Pi+y71lOWWXX0=
# Endpoint = [2607:5300:60:6b0::c05f:543]:2468
# AllowedIPs = 10.192.122.4/32, 192.168.0.0/16

- name: Ensure there is a folder in the repo for the VPN interface
  file:
    state: directory
    path: "/var/lib/from_repos/wireguard_peers/{{ interface_name }}"

- name: Set public key to peer conf file
  ini_file:
    path: "/var/lib/from_repos/wireguard_peers/{{ interface_name }}/{{ inventory_hostname }}.conf"
    section: Peer
    option: PublicKey
    value: "{{ public_key | replace('\\n', '')}}"
    create: true

- name: Set allowed IPs to peer conf file
  ini_file:
    path: "/var/lib/from_repos/wireguard_peers/{{ interface_name }}/{{ inventory_hostname }}.conf"
    section: Peer
    option: AllowedIPs
    value: "{{ vpnes_ip }}/32"
    create: true

- name: Set end point to peer conf file
  ini_file:
    path: "/var/lib/from_repos/wireguard_peers/{{ interface_name }}/{{ inventory_hostname }}.conf"
    section: Peer
    option: Endpoint
    value: "{{ ansible_host }}:{{ vpnes_port }}"
    create: true

- name: Create commit with changes to repo of peers
  shell: "git add . && git commit -am 'Update {{ inventory_hostname }}' && git push -f"
  args:
    chdir: '/var/lib/from_repos/wireguard_peers/'

- name: Ensure Wireguard client is configured
  shell: "/var/lib/from_repos/wireguard_peers/update_configuration.sh '${vpnes_ip}' '${vpnes_port}'"

- name: Restart Wireguard service
  systemd:
    name: "wg-quick@{{ interface_name }}"
    state: restarted
    enabled: yes
    daemon_reload: yes

# - name: Ensure Wireguard client is configured
#   template:
#     src: templates/wireguard_client.conf
#     dest: "/etc/wireguard/{{ interface_name }}.conf"
#     backup: yes
#   notify:
#     - Restart Wireguard service

- name: Ensure UFW firewall rule exists
  ufw:
    rule: allow
    port: "{{ vpnes_port }}"
    comment: 'Wireguard client listener'
    proto: udp

# - name: Get public key
#   slurp:
#     src: /etc/wireguard/publickey
#   register: public_key

# - name: Show public key reminder
#   debug:
#     msg: "Remember to add this host '{{ inventory_hostname }}'' public key to the inventory '{{ public_key.content | b64decode }}'"

- name: Ensure cron to ping VPN server exists
  cron:
    name: Ping VPN server
    job: ping -c 3 192.168.2.4 &> /dev/null
    hour: '1'
    user: gestor
Initial commit with previous code 2022-10-11 09:19:16 +02:00			`---`
			`- name: Ensure keys are generated`
			`shell: umask 077 && wg genkey \| tee /etc/wireguard/privatekey \| wg pubkey > /etc/wireguard/publickey`
			`args:`
			`creates: /etc/wireguard/publickey`
			`notify:`
			`- Restart Wireguard service`

			`- name: Register private key`
Use list of all peers 2022-11-04 16:55:00 +01:00			`slurp:`
			`src: /etc/wireguard/privatekey`
fix slurp 2022-11-04 16:59:47 +01:00			`register: private_key_slurp`

			`- name: Set private key variable`
fix set fact 2022-11-04 17:00:30 +01:00			`set_fact:`
fix private key fact 2022-11-04 17:07:00 +01:00			`private_key: "{{ private_key_slurp.content \| b64decode }}"`
Initial commit with previous code 2022-10-11 09:19:16 +02:00
configure all peers 2023-04-06 19:20:03 +02:00			`- name: Register public key`
			`slurp:`
			`src: /etc/wireguard/publickey`
			`register: public_key_slurp`

			`- name: Set public key variable`
			`set_fact:`
			`public_key: "{{ public_key_slurp.content \| b64decode }}"`

			`- name: Ensure git repository is cloned and updated`
			`git:`
			`repo: ssh://git@repos.susurrando.com:1122/srv/git.repos/wireguard_peers.git`
			`dest: /var/lib/from_repos/wireguard_peers`
			`update: true`
			`force: true`

			`# [Peer]`
			`# PublicKey = TrMvSoP4jYQlY6RIzBgbssQqY3vxI2Pi+y71lOWWXX0=`
			`# Endpoint = [2607:5300:60:6b0::c05f:543]:2468`
			`# AllowedIPs = 10.192.122.4/32, 192.168.0.0/16`

			`- name: Ensure there is a folder in the repo for the VPN interface`
			`file:`
			`state: directory`
			`path: "/var/lib/from_repos/wireguard_peers/{{ interface_name }}"`

			`- name: Set public key to peer conf file`
			`ini_file:`
			`path: "/var/lib/from_repos/wireguard_peers/{{ interface_name }}/{{ inventory_hostname }}.conf"`
			`section: Peer`
			`option: PublicKey`
fix escaped 2023-04-06 19:38:48 +02:00			`value: "{{ public_key \| replace('\\n', '')}}"`
configure all peers 2023-04-06 19:20:03 +02:00			`create: true`

			`- name: Set allowed IPs to peer conf file`
			`ini_file:`
			`path: "/var/lib/from_repos/wireguard_peers/{{ interface_name }}/{{ inventory_hostname }}.conf"`
			`section: Peer`
			`option: AllowedIPs`
			`value: "{{ vpnes_ip }}/32"`
			`create: true`

			`- name: Set end point to peer conf file`
			`ini_file:`
			`path: "/var/lib/from_repos/wireguard_peers/{{ interface_name }}/{{ inventory_hostname }}.conf"`
			`section: Peer`
			`option: Endpoint`
			`value: "{{ ansible_host }}:{{ vpnes_port }}"`
			`create: true`

			`- name: Create commit with changes to repo of peers`
			`shell: "git add . && git commit -am 'Update {{ inventory_hostname }}' && git push -f"`
			`args:`
			`chdir: '/var/lib/from_repos/wireguard_peers/'`

replace new lines 2023-04-06 19:34:26 +02:00			`- name: Ensure Wireguard client is configured`
configure all peers 2023-04-06 19:20:03 +02:00			`shell: "/var/lib/from_repos/wireguard_peers/update_configuration.sh '${vpnes_ip}' '${vpnes_port}'"`

			`- name: Restart Wireguard service`
			`systemd:`
			`name: "wg-quick@{{ interface_name }}"`
			`state: restarted`
			`enabled: yes`
			`daemon_reload: yes`

replace new lines 2023-04-06 19:34:26 +02:00			`# - name: Ensure Wireguard client is configured`
configure all peers 2023-04-06 19:20:03 +02:00			`# template:`
			`# src: templates/wireguard_client.conf`
			`# dest: "/etc/wireguard/{{ interface_name }}.conf"`
			`# backup: yes`
			`# notify:`
			`# - Restart Wireguard service`
Initial commit with previous code 2022-10-11 09:19:16 +02:00
			`- name: Ensure UFW firewall rule exists`
			`ufw:`
			`rule: allow`
configure all peers 2023-04-06 19:20:03 +02:00			`port: "{{ vpnes_port }}"`
Initial commit with previous code 2022-10-11 09:19:16 +02:00			`comment: 'Wireguard client listener'`
			`proto: udp`

configure all peers 2023-04-06 19:20:03 +02:00			`# - name: Get public key`
			`# slurp:`
			`# src: /etc/wireguard/publickey`
			`# register: public_key`
Initial commit with previous code 2022-10-11 09:19:16 +02:00
configure all peers 2023-04-06 19:20:03 +02:00			`# - name: Show public key reminder`
			`# debug:`
			`# msg: "Remember to add this host '{{ inventory_hostname }}'' public key to the inventory '{{ public_key.content \| b64decode }}'"`
add reminder 2022-11-04 17:13:14 +01:00
Initial commit with previous code 2022-10-11 09:19:16 +02:00			`- name: Ensure cron to ping VPN server exists`
			`cron:`
			`name: Ping VPN server`
configure all peers 2023-04-06 19:20:03 +02:00			`job: ping -c 3 192.168.2.4 &> /dev/null`
Initial commit with previous code 2022-10-11 09:19:16 +02:00			`hour: '1'`
Use list of all peers 2022-11-04 16:55:00 +01:00			`user: gestor`