dotfiles/roles/system/wg-admin/tasks/main.yml

---
- name: Packages
  ansible.builtin.include_tasks: install.yml
  tags: install

- name: Generate private key
  ansible.builtin.shell:
    cmd: |
      set -e -o pipefail
      umask 077
      wg genkey | tee private.key | wg pubkey > public.key

    chdir: /etc/wireguard
    creates: /etc/wireguard/private.key

- name: Get public key
  ansible.builtin.command: cat /etc/wireguard/public.key
  register: public_key
  changed_when: False

- name: Set public key fact
  ansible.builtin.set_fact:
    public_key: "{{ public_key.stdout }}"

- name: Set dns_command for co-openSUSE
  ansible.builtin.set_fact:
    wg_dns_command: "resolvectl dns %i 10.42.0.1; resolvectl domain %i ~admin"
  when: '"openSUSE" not in ansible_distribution'

- name: Set dns_command for openSUSE
  ansible.builtin.set_fact:
    wg_dns_command: "nmcli con mod %i ipv4.dns 10.42.0.1; nmcli con mod %i ipv4.dns-search ~admin"
  when: '"openSUSE" in ansible_distribution'

- name: Create the config
  vars:
    address: "{{ wg_admin_address }}"
    dns_command: "{{ wg_dns_command }}"
  ansible.builtin.template:
    src: wg-admin.conf
    dest: /etc/wireguard/wg-admin.conf
    owner: root
    group: root
    mode: "0600"

- name: Set up the DNS on AlmaLinux
  ansible.builtin.include_tasks: "dns_{{ ansible_distribution }}.yml"
  when: ansible_distribution == "AlmaLinux"

- name: Enable and start the wireguard connection
  ansible.builtin.service:
    name: "wg-quick@wg-admin"
    enabled: yes
    state: started
feat(wg-admin): add playbooks for wg-admin clients Signed-off-by: Matej Focko <mfocko@redhat.com> 2023-10-01 17:02:49 +02:00			`---`
			`- name: Packages`
			`ansible.builtin.include_tasks: install.yml`
			`tags: install`

			`- name: Generate private key`
			`ansible.builtin.shell:`
			`cmd: \|`
			`set -e -o pipefail`
			`umask 077`
			`wg genkey \| tee private.key \| wg pubkey > public.key`

			`chdir: /etc/wireguard`
			`creates: /etc/wireguard/private.key`

			`- name: Get public key`
			`ansible.builtin.command: cat /etc/wireguard/public.key`
			`register: public_key`
			`changed_when: False`

			`- name: Set public key fact`
			`ansible.builtin.set_fact:`
			`public_key: "{{ public_key.stdout }}"`

			`- name: Set dns_command for co-openSUSE`
			`ansible.builtin.set_fact:`
			`wg_dns_command: "resolvectl dns %i 10.42.0.1; resolvectl domain %i ~admin"`
fix: improve SUSE detection Signed-off-by: Matej Focko <me@mfocko.xyz> 2024-07-01 21:56:44 +02:00			`when: '"openSUSE" not in ansible_distribution'`
feat(wg-admin): add playbooks for wg-admin clients Signed-off-by: Matej Focko <mfocko@redhat.com> 2023-10-01 17:02:49 +02:00
			`- name: Set dns_command for openSUSE`
			`ansible.builtin.set_fact:`
			`wg_dns_command: "nmcli con mod %i ipv4.dns 10.42.0.1; nmcli con mod %i ipv4.dns-search ~admin"`
fix: improve SUSE detection Signed-off-by: Matej Focko <me@mfocko.xyz> 2024-07-01 21:56:44 +02:00			`when: '"openSUSE" in ansible_distribution'`
feat(wg-admin): add playbooks for wg-admin clients Signed-off-by: Matej Focko <mfocko@redhat.com> 2023-10-01 17:02:49 +02:00
			`- name: Create the config`
			`vars:`
			`address: "{{ wg_admin_address }}"`
			`dns_command: "{{ wg_dns_command }}"`
			`ansible.builtin.template:`
			`src: wg-admin.conf`
			`dest: /etc/wireguard/wg-admin.conf`
			`owner: root`
			`group: root`
			`mode: "0600"`

			`- name: Set up the DNS on AlmaLinux`
			`ansible.builtin.include_tasks: "dns_{{ ansible_distribution }}.yml"`
			`when: ansible_distribution == "AlmaLinux"`

			`- name: Enable and start the wireguard connection`
			`ansible.builtin.service:`
			`name: "wg-quick@wg-admin"`
			`enabled: yes`
			`state: started`