dotfiles/roles/wg/tasks/main.yml
Matej Focko bc2d4a291e
chore(wg): factor out the wireguard role
Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-07-12 19:53:09 +02:00

58 lines
1.6 KiB
YAML

---
- name: Packages
ansible.builtin.include_tasks: install.yml
tags: install
- name: Generate private key
ansible.builtin.shell:
cmd: |
set -e -o pipefail
umask 077
wg genkey | tee private.key | wg pubkey > public.key
chdir: /etc/wireguard
creates: /etc/wireguard/private.key
when: wg_generate_keypair
- name: Get public key
ansible.builtin.command: cat /etc/wireguard/public.key
register: public_key
changed_when: False
- name: Set public key fact
ansible.builtin.set_fact:
public_key: "{{ public_key.stdout }}"
- name: Set dns_command for co-openSUSE
ansible.builtin.set_fact:
wg_dns_command: "resolvectl dns %i {{ wg_gateway }}; resolvectl domain %i ~{{ wg_domain }}"
when: '"openSUSE" not in ansible_distribution'
- name: Set dns_command for openSUSE
ansible.builtin.set_fact:
wg_dns_command: "nmcli con mod %i ipv4.dns {{ wg_gateway }}; nmcli con mod %i ipv4.dns-search ~{{ wg_domain }}"
when: '"openSUSE" in ansible_distribution'
- name: Create the config
vars:
address: "{{ wg_address }}"
dns_command: "{{ wg_dns_command }}"
domain: "{{ wg_domain }}"
gateway: "{{ wg_gateway }}"
peers: "{{ wg_peers }}"
ansible.builtin.template:
src: "{{ wg_ifname }}.conf"
dest: "/etc/wireguard/{{ wg_ifname }}.conf"
owner: root
group: root
mode: "0600"
- name: Set up the DNS on AlmaLinux
ansible.builtin.include_tasks: "dns_{{ ansible_distribution }}.yml"
when: domain and ansible_distribution == "AlmaLinux"
- name: Enable and start the wireguard connection
ansible.builtin.service:
name: "wg-quick@{{ wg_ifname }}"
enabled: yes
state: started