57 lines
1.7 KiB
YAML
57 lines
1.7 KiB
YAML
---
|
|
- name: Packages
|
|
ansible.builtin.include_tasks: install.yml
|
|
tags: install
|
|
|
|
- name: Generate private key
|
|
ansible.builtin.shell:
|
|
cmd: |
|
|
set -e -o pipefail
|
|
umask 077
|
|
wg genkey | tee private.key | wg pubkey > public.key
|
|
|
|
chdir: /etc/wireguard
|
|
creates: /etc/wireguard/private.key
|
|
|
|
- name: Get public key
|
|
ansible.builtin.command: cat /etc/wireguard/public.key
|
|
register: public_key
|
|
changed_when: False
|
|
|
|
- name: Set public key fact
|
|
ansible.builtin.set_fact:
|
|
public_key: "{{ public_key.stdout }}"
|
|
|
|
- name: Set dns_command for co-openSUSE
|
|
ansible.builtin.set_fact:
|
|
wg_dns_command: "resolvectl dns %i {{ system_wg_admin_gateway }}; resolvectl domain %i ~{{ system_wg_admin_domain }}"
|
|
when: '"openSUSE" not in ansible_distribution'
|
|
|
|
- name: Set dns_command for openSUSE
|
|
ansible.builtin.set_fact:
|
|
wg_dns_command: "nmcli con mod %i ipv4.dns {{ system_wg_admin_gateway }}; nmcli con mod %i ipv4.dns-search ~{{ system_wg_admin_domain }}"
|
|
when: '"openSUSE" in ansible_distribution'
|
|
|
|
- name: Create the config
|
|
vars:
|
|
address: "{{ system_wg_admin_address }}"
|
|
dns_command: "{{ wg_dns_command }}"
|
|
domain: "{{ system_wg_admin_domain }}"
|
|
gateway: "{{ system_wg_admin_gateway }}"
|
|
peers: "{{ systemg_wg_admin_peers }}"
|
|
ansible.builtin.template:
|
|
src: "{{ system_wg_admin_ifname }}.conf"
|
|
dest: "/etc/wireguard/{{ system_wg_admin_ifname }}.conf"
|
|
owner: root
|
|
group: root
|
|
mode: "0600"
|
|
|
|
- name: Set up the DNS on AlmaLinux
|
|
ansible.builtin.include_tasks: "dns_{{ ansible_distribution }}.yml"
|
|
when: ansible_distribution == "AlmaLinux"
|
|
|
|
- name: Enable and start the wireguard connection
|
|
ansible.builtin.service:
|
|
name: "wg-quick@{{ system_wg_admin_ifname }}"
|
|
enabled: yes
|
|
state: started
|