fix(wg): improve generation of keypairs
Signed-off-by: Matej Focko <me@mfocko.xyz>
This commit is contained in:
parent
037716df0c
commit
b49b5a3e91
3 changed files with 48 additions and 16 deletions
20
roles/wg/tasks/generate_keypair.yml
Normal file
20
roles/wg/tasks/generate_keypair.yml
Normal file
|
@ -0,0 +1,20 @@
|
|||
---
|
||||
- name: Generate private key
|
||||
ansible.builtin.command:
|
||||
cmd: wg genkey
|
||||
changed_when: false
|
||||
check_mode: false
|
||||
register: _generated_private_key
|
||||
|
||||
- name: Derive public key
|
||||
ansible.builtin.command:
|
||||
cmd: wg pubkey
|
||||
stdin: "{{ _generated_private_key.stdout }}"
|
||||
changed_when: false
|
||||
check_mode: false
|
||||
register: _derived_public_key
|
||||
|
||||
- name: Set key/pair facts
|
||||
ansible.builtin.set_fact:
|
||||
wg_private_key: _generated_private_key.stdout
|
||||
wg_public_key: _derived_public_key.stdout
|
|
@ -3,25 +3,36 @@
|
|||
ansible.builtin.include_tasks: install.yml
|
||||
tags: install
|
||||
|
||||
- name: Generate private key
|
||||
ansible.builtin.shell:
|
||||
cmd: |
|
||||
set -e -o pipefail
|
||||
umask 077
|
||||
wg genkey | tee private.key | wg pubkey > public.key
|
||||
- name: Check for existence of private key
|
||||
ansible.builtin.stat:
|
||||
path: /etc/wireguard/private.key
|
||||
register: _private_key_stat
|
||||
|
||||
chdir: /etc/wireguard
|
||||
creates: /etc/wireguard/private.key
|
||||
when: wg_generate_keypair
|
||||
- name: Generate keypair
|
||||
ansible.builtin.include_tasks: tasks/generate_keypair.yml
|
||||
when: not _private_key_stat.exists
|
||||
|
||||
- name: Get public key
|
||||
ansible.builtin.command: cat /etc/wireguard/public.key
|
||||
register: public_key
|
||||
changed_when: False
|
||||
- name: Save private key
|
||||
ansible.builtin.template:
|
||||
src: templates/keyfile.j2
|
||||
dest: /etc/wireguard/private.key
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0700
|
||||
vars:
|
||||
key: "{{ wg_private_key }}"
|
||||
when: not _private_key_stat.exists
|
||||
|
||||
- name: Set public key fact
|
||||
ansible.builtin.set_fact:
|
||||
public_key: "{{ public_key.stdout }}"
|
||||
- name: Save public key
|
||||
ansible.builtin.template:
|
||||
src: templates/keyfile.j2
|
||||
dest: /etc/wireguard/public.key
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0700
|
||||
vars:
|
||||
key: "{{ wg_public_key }}"
|
||||
when: not _private_key_stat.exists
|
||||
|
||||
- name: Set dns_command for co-openSUSE
|
||||
ansible.builtin.set_fact:
|
||||
|
|
1
roles/wg/templates/keyfile.j2
Normal file
1
roles/wg/templates/keyfile.j2
Normal file
|
@ -0,0 +1 @@
|
|||
{{ key }}
|
Loading…
Reference in a new issue