Initial commit with previous code

2022-10-11 10:19:16 +03:00 · 2022-10-11 10:19:16 +03:00 · 0d99ebf938
commit 0d99ebf938
6 changed files with 85 additions and 0 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -0,0 +1,9 @@
+---
+address: '192.168.2.2/24'
+listenport: '1928'
+privatekey: ''
+interface_name: wg0
+server_publickey: ''
+server_address: '192.168.2.1'
+endpoint: ''
+dns: '1.1.1.1'
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -0,0 +1,6 @@
+- name: Restart Wireguard service
+  systemd:
+    name: "wg-quick@{{ interface_name }}"
+    state: restarted
+    enabled: yes
+    daemon_reload: yes
--- a/tasks/configure.yml
+++ b/tasks/configure.yml
@ -0,0 +1,38 @@
+---
+- name: Ensure keys are generated
+  shell: umask 077 && wg genkey | tee /etc/wireguard/privatekey | wg pubkey > /etc/wireguard/publickey
+  args:
+    creates: /etc/wireguard/publickey
+  notify:
+    - Restart Wireguard service
+
+- name: Register private key
+  shell: cat /etc/wireguard/privatekey
+  register: privatekey
+
+- name: Ensure Wireguard client is configure
+  template:
+    src: templates/wireguard_client.conf
+    dest: "/etc/wireguard/{{ interface_name }}.conf"
+    backup: yes
+  notify:
+    - Restart Wireguard service
+
+- name: Ensure UFW firewall rule exists
+  ufw:
+    rule: allow
+    port: "{{ listenport }}"
+    comment: 'Wireguard client listener'
+    proto: udp
+
+- name: Get public key
+  slurp:
+    src: /etc/wireguard/publickey
+  register: public_key
+
+- name: Ensure cron to ping VPN server exists
+  cron:
+    name: Ping VPN server
+    job: ping -c 3 192.168.2.1 &> /dev/null
+    hour: '1'
+    user: gestor
--- a/tasks/install.yml
+++ b/tasks/install.yml
@ -0,0 +1,17 @@
+---
+- name: Ensure Wireguard is installed (Ubuntu >= 19.10)
+  apt:
+    name: wireguard
+  when: ansible_distribution_major_version|int >= 20 or ansible_distribution_version == '19.10'
+
+- apt_repository:
+    repo: ppa:wireguard/wireguard
+    state: absent
+  when: ansible_distribution_major_version|int < 20 and ansible_distribution_version != '19.10'
+
+- name: Ensure Wireguard is installed (Ubuntu < 19.10)
+  apt:
+    name: wireguard
+    state: latest
+    update_cache: yes
+  when: ansible_distribution_major_version|int < 20 and ansible_distribution_version != '19.10'
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -0,0 +1,5 @@
+---
+- name: Ensure installation
+  include_tasks: install.yml
+- name: Ensure configuration
+  include_tasks: configure.yml
--- a/templates/wireguard_client.conf
+++ b/templates/wireguard_client.conf
@ -0,0 +1,10 @@
+[Interface]
+Address = {{ addresses[ansible_hostname] }}
+PrivateKey = {{ privatekey.stdout }}
+ListenPort = {{ listenport }}
+
+# Server:
+[Peer]
+PublicKey = {{ server_publickey }}
+AllowedIPs =  {{ allowed_ips }}
+EndPoint = {{ endpoint }}