2023-10-01 17:02:49 +02:00
|
|
|
---
|
|
|
|
- name: Packages
|
|
|
|
ansible.builtin.include_tasks: install.yml
|
|
|
|
tags: install
|
|
|
|
|
|
|
|
- name: Generate private key
|
|
|
|
ansible.builtin.shell:
|
|
|
|
cmd: |
|
|
|
|
set -e -o pipefail
|
|
|
|
umask 077
|
|
|
|
wg genkey | tee private.key | wg pubkey > public.key
|
|
|
|
|
|
|
|
chdir: /etc/wireguard
|
|
|
|
creates: /etc/wireguard/private.key
|
2024-07-12 19:53:09 +02:00
|
|
|
when: wg_generate_keypair
|
2023-10-01 17:02:49 +02:00
|
|
|
|
|
|
|
- name: Get public key
|
|
|
|
ansible.builtin.command: cat /etc/wireguard/public.key
|
|
|
|
register: public_key
|
|
|
|
changed_when: False
|
|
|
|
|
|
|
|
- name: Set public key fact
|
|
|
|
ansible.builtin.set_fact:
|
|
|
|
public_key: "{{ public_key.stdout }}"
|
|
|
|
|
|
|
|
- name: Set dns_command for co-openSUSE
|
|
|
|
ansible.builtin.set_fact:
|
2024-07-12 19:53:09 +02:00
|
|
|
wg_dns_command: "resolvectl dns %i {{ wg_gateway }}; resolvectl domain %i ~{{ wg_domain }}"
|
2024-07-01 21:56:44 +02:00
|
|
|
when: '"openSUSE" not in ansible_distribution'
|
2023-10-01 17:02:49 +02:00
|
|
|
|
|
|
|
- name: Set dns_command for openSUSE
|
|
|
|
ansible.builtin.set_fact:
|
2024-07-12 19:53:09 +02:00
|
|
|
wg_dns_command: "nmcli con mod %i ipv4.dns {{ wg_gateway }}; nmcli con mod %i ipv4.dns-search ~{{ wg_domain }}"
|
2024-07-01 21:56:44 +02:00
|
|
|
when: '"openSUSE" in ansible_distribution'
|
2023-10-01 17:02:49 +02:00
|
|
|
|
|
|
|
- name: Create the config
|
|
|
|
vars:
|
2024-07-12 19:53:09 +02:00
|
|
|
address: "{{ wg_address }}"
|
2023-10-01 17:02:49 +02:00
|
|
|
dns_command: "{{ wg_dns_command }}"
|
2024-07-12 19:53:09 +02:00
|
|
|
domain: "{{ wg_domain }}"
|
|
|
|
gateway: "{{ wg_gateway }}"
|
|
|
|
peers: "{{ wg_peers }}"
|
2023-10-01 17:02:49 +02:00
|
|
|
ansible.builtin.template:
|
2024-07-12 19:53:09 +02:00
|
|
|
src: "{{ wg_ifname }}.conf"
|
|
|
|
dest: "/etc/wireguard/{{ wg_ifname }}.conf"
|
2023-10-01 17:02:49 +02:00
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: "0600"
|
|
|
|
|
|
|
|
- name: Set up the DNS on AlmaLinux
|
|
|
|
ansible.builtin.include_tasks: "dns_{{ ansible_distribution }}.yml"
|
2024-07-12 19:53:09 +02:00
|
|
|
when: domain and ansible_distribution == "AlmaLinux"
|
2023-10-01 17:02:49 +02:00
|
|
|
|
|
|
|
- name: Enable and start the wireguard connection
|
|
|
|
ansible.builtin.service:
|
2024-07-12 19:53:09 +02:00
|
|
|
name: "wg-quick@{{ wg_ifname }}"
|
2023-10-01 17:02:49 +02:00
|
|
|
enabled: yes
|
|
|
|
state: started
|