reverse changes
This commit is contained in:
parent
ea15919aeb
commit
ebab697ad5
1 changed files with 9 additions and 69 deletions
|
|
@ -24,69 +24,14 @@
|
||||||
set_fact:
|
set_fact:
|
||||||
public_key: "{{ public_key_slurp.content | b64decode }}"
|
public_key: "{{ public_key_slurp.content | b64decode }}"
|
||||||
|
|
||||||
- name: Ensure git repository is cloned and updated
|
|
||||||
git:
|
|
||||||
repo: ssh://git@repos.susurrando.com:1122/srv/git.repos/wireguard_peers.git
|
|
||||||
dest: /var/lib/from_repos/wireguard_peers
|
|
||||||
update: true
|
|
||||||
force: true
|
|
||||||
|
|
||||||
# [Peer]
|
|
||||||
# PublicKey = TrMvSoP4jYQlY6RIzBgbssQqY3vxI2Pi+y71lOWWXX0=
|
|
||||||
# Endpoint = [2607:5300:60:6b0::c05f:543]:2468
|
|
||||||
# AllowedIPs = 10.192.122.4/32, 192.168.0.0/16
|
|
||||||
|
|
||||||
- name: Ensure there is a folder in the repo for the VPN interface
|
|
||||||
file:
|
|
||||||
state: directory
|
|
||||||
path: "/var/lib/from_repos/wireguard_peers/{{ interface_name }}"
|
|
||||||
|
|
||||||
- name: Set public key to peer conf file
|
|
||||||
ini_file:
|
|
||||||
path: "/var/lib/from_repos/wireguard_peers/{{ interface_name }}/{{ inventory_hostname }}.conf"
|
|
||||||
section: Peer
|
|
||||||
option: PublicKey
|
|
||||||
value: "{{ public_key | replace('\\n', '')}}"
|
|
||||||
create: true
|
|
||||||
|
|
||||||
- name: Set allowed IPs to peer conf file
|
|
||||||
ini_file:
|
|
||||||
path: "/var/lib/from_repos/wireguard_peers/{{ interface_name }}/{{ inventory_hostname }}.conf"
|
|
||||||
section: Peer
|
|
||||||
option: AllowedIPs
|
|
||||||
value: "{{ vpnes_ip }}/32"
|
|
||||||
create: true
|
|
||||||
|
|
||||||
- name: Set end point to peer conf file
|
|
||||||
ini_file:
|
|
||||||
path: "/var/lib/from_repos/wireguard_peers/{{ interface_name }}/{{ inventory_hostname }}.conf"
|
|
||||||
section: Peer
|
|
||||||
option: Endpoint
|
|
||||||
value: "{{ ansible_host }}:{{ vpnes_port }}"
|
|
||||||
create: true
|
|
||||||
|
|
||||||
- name: Create commit with changes to repo of peers
|
|
||||||
shell: "git add . && git commit -am 'Update {{ inventory_hostname }}' && git push -f"
|
|
||||||
args:
|
|
||||||
chdir: '/var/lib/from_repos/wireguard_peers/'
|
|
||||||
|
|
||||||
- name: Ensure Wireguard client is configured
|
- name: Ensure Wireguard client is configured
|
||||||
shell: "/var/lib/from_repos/wireguard_peers/update_configuration.sh '${vpnes_ip}' '${vpnes_port}'"
|
template:
|
||||||
|
src: templates/wireguard_client.conf
|
||||||
- name: Restart Wireguard service
|
dest: "/etc/wireguard/{{ interface_name }}.conf"
|
||||||
systemd:
|
backup: yes
|
||||||
name: "wg-quick@{{ interface_name }}"
|
notify:
|
||||||
state: restarted
|
- Restart Wireguard service
|
||||||
enabled: yes
|
|
||||||
daemon_reload: yes
|
|
||||||
|
|
||||||
# - name: Ensure Wireguard client is configured
|
|
||||||
# template:
|
|
||||||
# src: templates/wireguard_client.conf
|
|
||||||
# dest: "/etc/wireguard/{{ interface_name }}.conf"
|
|
||||||
# backup: yes
|
|
||||||
# notify:
|
|
||||||
# - Restart Wireguard service
|
|
||||||
|
|
||||||
- name: Ensure UFW firewall rule exists
|
- name: Ensure UFW firewall rule exists
|
||||||
ufw:
|
ufw:
|
||||||
|
|
@ -95,14 +40,9 @@
|
||||||
comment: 'Wireguard client listener'
|
comment: 'Wireguard client listener'
|
||||||
proto: udp
|
proto: udp
|
||||||
|
|
||||||
# - name: Get public key
|
- name: Show public key reminder
|
||||||
# slurp:
|
debug:
|
||||||
# src: /etc/wireguard/publickey
|
msg: "Remember to add this host '{{ inventory_hostname }}'' public key to the inventory '{{ public_key }}'"
|
||||||
# register: public_key
|
|
||||||
|
|
||||||
# - name: Show public key reminder
|
|
||||||
# debug:
|
|
||||||
# msg: "Remember to add this host '{{ inventory_hostname }}'' public key to the inventory '{{ public_key.content | b64decode }}'"
|
|
||||||
|
|
||||||
- name: Ensure cron to ping VPN server exists
|
- name: Ensure cron to ping VPN server exists
|
||||||
cron:
|
cron:
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue