From 4a1926a9008e7e42a5e942f89015fb9bf8d597e8 Mon Sep 17 00:00:00 2001 From: "Antonio J. Delgado" Date: Thu, 6 Apr 2023 20:20:03 +0300 Subject: [PATCH] configure all peers --- tasks/configure.yml | 98 ++++++++++++++++++++++++++++++++++++++------- 1 file changed, 83 insertions(+), 15 deletions(-) diff --git a/tasks/configure.yml b/tasks/configure.yml index 9e07262..4e1ec62 100644 --- a/tasks/configure.yml +++ b/tasks/configure.yml @@ -15,33 +15,101 @@ set_fact: private_key: "{{ private_key_slurp.content | b64decode }}" +- name: Register public key + slurp: + src: /etc/wireguard/publickey + register: public_key_slurp + +- name: Set public key variable + set_fact: + public_key: "{{ public_key_slurp.content | b64decode }}" + +- name: Ensure git repository is cloned and updated + git: + repo: ssh://git@repos.susurrando.com:1122/srv/git.repos/wireguard_peers.git + dest: /var/lib/from_repos/wireguard_peers + update: true + force: true + +# [Peer] +# PublicKey = TrMvSoP4jYQlY6RIzBgbssQqY3vxI2Pi+y71lOWWXX0= +# Endpoint = [2607:5300:60:6b0::c05f:543]:2468 +# AllowedIPs = 10.192.122.4/32, 192.168.0.0/16 + +- name: Ensure there is a folder in the repo for the VPN interface + file: + state: directory + path: "/var/lib/from_repos/wireguard_peers/{{ interface_name }}" + +- name: Set public key to peer conf file + ini_file: + path: "/var/lib/from_repos/wireguard_peers/{{ interface_name }}/{{ inventory_hostname }}.conf" + section: Peer + option: PublicKey + value: "{{ public_key }}" + create: true + backup: true + +- name: Set allowed IPs to peer conf file + ini_file: + path: "/var/lib/from_repos/wireguard_peers/{{ interface_name }}/{{ inventory_hostname }}.conf" + section: Peer + option: AllowedIPs + value: "{{ vpnes_ip }}/32" + create: true + backup: true + +- name: Set end point to peer conf file + ini_file: + path: "/var/lib/from_repos/wireguard_peers/{{ interface_name }}/{{ inventory_hostname }}.conf" + section: Peer + option: Endpoint + value: "{{ ansible_host }}:{{ vpnes_port }}" + create: true + backup: true + +- name: Create commit with changes to repo of peers + shell: "git add . && git commit -am 'Update {{ inventory_hostname }}' && git push -f" + args: + chdir: '/var/lib/from_repos/wireguard_peers/' + - name: Ensure Wireguard client is configure - template: - src: templates/wireguard_client.conf - dest: "/etc/wireguard/{{ interface_name }}.conf" - backup: yes - notify: - - Restart Wireguard service + shell: "/var/lib/from_repos/wireguard_peers/update_configuration.sh '${vpnes_ip}' '${vpnes_port}'" + +- name: Restart Wireguard service + systemd: + name: "wg-quick@{{ interface_name }}" + state: restarted + enabled: yes + daemon_reload: yes + +# - name: Ensure Wireguard client is configure +# template: +# src: templates/wireguard_client.conf +# dest: "/etc/wireguard/{{ interface_name }}.conf" +# backup: yes +# notify: +# - Restart Wireguard service - name: Ensure UFW firewall rule exists ufw: rule: allow - port: "{{ listenport }}" + port: "{{ vpnes_port }}" comment: 'Wireguard client listener' proto: udp -- name: Get public key - slurp: - src: /etc/wireguard/publickey - register: public_key +# - name: Get public key +# slurp: +# src: /etc/wireguard/publickey +# register: public_key -- name: Show public key reminder - debug: - msg: "Remember to add this host '{{ inventory_hostname }}'' public key to the inventory '{{ public_key.content | b64decode }}'" +# - name: Show public key reminder +# debug: +# msg: "Remember to add this host '{{ inventory_hostname }}'' public key to the inventory '{{ public_key.content | b64decode }}'" - name: Ensure cron to ping VPN server exists cron: name: Ping VPN server - job: ping -c 3 192.168.2.1 &> /dev/null + job: ping -c 3 192.168.2.4 &> /dev/null hour: '1' user: gestor