43 lines
1 KiB
YAML
43 lines
1 KiB
YAML
---
|
|
- name: Ensure keys are generated
|
|
shell: umask 077 && wg genkey | tee /etc/wireguard/privatekey | wg pubkey > /etc/wireguard/publickey
|
|
args:
|
|
creates: /etc/wireguard/publickey
|
|
notify:
|
|
- Restart Wireguard service
|
|
|
|
- name: Register private key
|
|
slurp:
|
|
src: /etc/wireguard/privatekey
|
|
register: private_key_slurp
|
|
|
|
- name: Set private key variable
|
|
set_fact:
|
|
private_key: "{{ private_key_slurp.content | b64decode }}"
|
|
|
|
- name: Ensure Wireguard client is configure
|
|
template:
|
|
src: templates/wireguard_client.conf
|
|
dest: "/etc/wireguard/{{ interface_name }}.conf"
|
|
backup: yes
|
|
notify:
|
|
- Restart Wireguard service
|
|
|
|
- name: Ensure UFW firewall rule exists
|
|
ufw:
|
|
rule: allow
|
|
port: "{{ listenport }}"
|
|
comment: 'Wireguard client listener'
|
|
proto: udp
|
|
|
|
- name: Get public key
|
|
slurp:
|
|
src: /etc/wireguard/publickey
|
|
register: public_key
|
|
|
|
- name: Ensure cron to ping VPN server exists
|
|
cron:
|
|
name: Ping VPN server
|
|
job: ping -c 3 192.168.2.1 &> /dev/null
|
|
hour: '1'
|
|
user: gestor
|