54 lines
1.5 KiB
YAML
54 lines
1.5 KiB
YAML
---
|
|
- name: Packages
|
|
ansible.builtin.include_tasks: install.yml
|
|
tags: install
|
|
|
|
- name: Generate private key
|
|
ansible.builtin.shell:
|
|
cmd: |
|
|
set -e -o pipefail
|
|
umask 077
|
|
wg genkey | tee private.key | wg pubkey > public.key
|
|
|
|
chdir: /etc/wireguard
|
|
creates: /etc/wireguard/private.key
|
|
|
|
- name: Get public key
|
|
ansible.builtin.command: cat /etc/wireguard/public.key
|
|
register: public_key
|
|
changed_when: False
|
|
|
|
- name: Set public key fact
|
|
ansible.builtin.set_fact:
|
|
public_key: "{{ public_key.stdout }}"
|
|
|
|
- name: Set dns_command for co-openSUSE
|
|
ansible.builtin.set_fact:
|
|
wg_dns_command: "resolvectl dns %i 10.42.0.1; resolvectl domain %i ~admin"
|
|
when: '"openSUSE" not in ansible_distribution'
|
|
|
|
- name: Set dns_command for openSUSE
|
|
ansible.builtin.set_fact:
|
|
wg_dns_command: "nmcli con mod %i ipv4.dns 10.42.0.1; nmcli con mod %i ipv4.dns-search ~admin"
|
|
when: '"openSUSE" in ansible_distribution'
|
|
|
|
- name: Create the config
|
|
vars:
|
|
address: "{{ wg_admin_address }}"
|
|
dns_command: "{{ wg_dns_command }}"
|
|
ansible.builtin.template:
|
|
src: wg-admin.conf
|
|
dest: /etc/wireguard/wg-admin.conf
|
|
owner: root
|
|
group: root
|
|
mode: "0600"
|
|
|
|
- name: Set up the DNS on AlmaLinux
|
|
ansible.builtin.include_tasks: "dns_{{ ansible_distribution }}.yml"
|
|
when: ansible_distribution == "AlmaLinux"
|
|
|
|
- name: Enable and start the wireguard connection
|
|
ansible.builtin.service:
|
|
name: "wg-quick@wg-admin"
|
|
enabled: yes
|
|
state: started
|