adelgado/ansible-role-wireguard_client
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ansible-role-wireguard_client/tasks/configure.yml

83 lines
2.3 KiB
YAML
Raw Blame History

---
- name: Ensure keys are generated
shell: umask 077 && wg genkey | tee /etc/wireguard/privatekey | wg pubkey > /etc/wireguard/publickey
args:
creates: /etc/wireguard/publickey
register: key_generation
notify:
- Restart Wireguard service
- name: Register private key
slurp:
src: /etc/wireguard/privatekey
register: private_key_slurp
- name: Set private key variable
set_fact:
private_key: "{{ private_key_slurp.content | b64decode | trim}}"
- name: Register public key
slurp:
src: /etc/wireguard/publickey
register: public_key_slurp
- name: Set public key variable
set_fact:
public_key: "{{ public_key_slurp.content | b64decode }}"
- name: Ensure Wireguard client is configured
template:
src: templates/wireguard_client.conf
dest: "/etc/wireguard/{{ interface_name }}.conf"
backup: yes
notify:
- Restart Wireguard service
- name: Ensure UFW firewall rule exists
ufw:
rule: allow
port: "{{ listenport }}"
comment: 'Wireguard client listener'
proto: udp
notify:
- Restart Wireguard service
- name: Show public key reminder
debug:
msg: "Remember to add this host '{{ inventory_hostname }}'' public key to the inventory '{{ public_key }}'"
when: key_generation.changed
- name: Get host public IP
uri:
url: https://api.ipify.org?format=json
register: pub_ip
# - name: Allow traffic to server
# ufw:
# rule: allow
# from: "{{ pub_ip.json.ip }}"
# delegate_to: "{{ groups['wireguard_server'][0] }}"
# notify:
# - Restart Wireguard service
# - Ping Wireguard server
- name: Configure peers hosts file entry (from wg_address)
lineinfile:
path: /etc/hosts
regexp: "^{{ hostvars[item]['wg_address'] | regex_replace('/.*$', '')}} "
line: "{{ hostvars[item]['wg_address'] | regex_replace('/.*$', '')}} {{ item }}.{{ vpn_domain }}"
backup: true
create: true
loop: "{{ groups['wireguard_clients'] }}"
when: "'wg_address' in hostvars[item]"
- name: Configure peers hosts file entry (from allowed IPs)
lineinfile:
path: /etc/hosts
regexp: "^{{ hostvars[item]['AllowedIPs'] | regex_replace('/.*$', '')}} "
line: "{{ hostvars[item]['AllowedIPs'] | default('') | regex_replace('/.*$', '')}} {{ item }}.{{ vpn_domain }}"
backup: true
create: true
loop: "{{ groups['wireguard_clients'] }}"
when: "'wg_address' not in hostvars[item]"
Reference in a new issue View git blame Copy permalink