xoxys.wireguard/tasks/main.yml

---
- name: Ensure dependencies are installed
  ansible.builtin.package:
    name: "{{ item }}"
    state: present
  loop:
    - wireguard-tools

- name: Stat WireGuard config file
  ansible.builtin.stat:
    path: "/etc/wireguard/{{ wireguard_interface }}.conf"
  register: __wireguard_config_file

- when:
    - not __wireguard_config_file.stat.exists
    - wireguard_private_key is not defined
  block:
    - name: Generate WireGuard private key
      ansible.builtin.command: "wg genkey"
      register: __wireguard_private_key_gen
      changed_when: False

    - name: Set generated private key
      ansible.builtin.set_fact:
        wireguard_private_key: "{{ __wireguard_private_key_gen.stdout }}"

- when:
    - __wireguard_config_file.stat.exists
    - wireguard_private_key is not defined
  block:
    - name: Read WireGuard config file
      ansible.builtin.slurp:
        src: "/etc/wireguard/{{ wireguard_interface }}.conf"
      register: __wireguard_config

    - name: Set existing private key
      ansible.builtin.set_fact:
        wireguard_private_key: "{{ __wireguard_config['content'] | b64decode | regex_findall('PrivateKey = (.*)') | first }}"

- name: Derive WireGuard public key
  ansible.builtin.command: "wg pubkey"
  args:
    stdin: "{{ wireguard_private_key }}"
  register: __wireguard_public_key_gen
  changed_when: False

- name: Set public key fact
  ansible.builtin.set_fact:
    __wireguard_public_key: "{{ __wireguard_public_key_gen.stdout }}"

- name: Generate WireGuard configuration file
  ansible.builtin.template:
    src: etc/wireguard/wg.conf.j2
    dest: "/etc/wireguard/{{ wireguard_interface }}.conf"
    owner: root
    group: root
    mode: "0600"
  notify: __wireguard_restart

- name: Ensure legacy reload-module-on-update is absent
  ansible.builtin.file:
    dest: "/etc/wireguard/.reload-module-on-update"
    state: absent

- name: Ensure WireGuard service is up and running
  ansible.builtin.service:
    name: "wg-quick@{{ wireguard_interface }}"
    daemon_reload: True
    enabled: True
    state: started
initial commit 2022-10-11 09:32:13 +02:00			`---`
ci: migrate to woodpecker 2024-02-18 20:45:29 +01:00			`- name: Ensure dependencies are installed`
			`ansible.builtin.package:`
			`name: "{{ item }}"`
			`state: present`
			`loop:`
			`- wireguard-tools`
initial commit 2022-10-11 09:32:13 +02:00
ci: migrate to woodpecker 2024-02-18 20:45:29 +01:00			`- name: Stat WireGuard config file`
			`ansible.builtin.stat:`
			`path: "/etc/wireguard/{{ wireguard_interface }}.conf"`
			`register: __wireguard_config_file`
initial commit 2022-10-11 09:32:13 +02:00
ci: migrate to woodpecker 2024-02-18 20:45:29 +01:00			`- when:`
			`- not __wireguard_config_file.stat.exists`
			`- wireguard_private_key is not defined`
			`block:`
initial commit 2022-10-11 09:32:13 +02:00			`- name: Generate WireGuard private key`
ci: migrate to woodpecker 2024-02-18 20:45:29 +01:00			`ansible.builtin.command: "wg genkey"`
initial commit 2022-10-11 09:32:13 +02:00			`register: __wireguard_private_key_gen`
fix linting 2022-10-11 09:48:42 +02:00			`changed_when: False`
initial commit 2022-10-11 09:32:13 +02:00
fix linting 2022-10-11 09:48:42 +02:00			`- name: Set generated private key`
ci: migrate to woodpecker 2024-02-18 20:45:29 +01:00			`ansible.builtin.set_fact:`
initial commit 2022-10-11 09:32:13 +02:00			`wireguard_private_key: "{{ __wireguard_private_key_gen.stdout }}"`

ci: migrate to woodpecker 2024-02-18 20:45:29 +01:00			`- when:`
			`- __wireguard_config_file.stat.exists`
			`- wireguard_private_key is not defined`
			`block:`
initial commit 2022-10-11 09:32:13 +02:00			`- name: Read WireGuard config file`
ci: migrate to woodpecker 2024-02-18 20:45:29 +01:00			`ansible.builtin.slurp:`
initial commit 2022-10-11 09:32:13 +02:00			`src: "/etc/wireguard/{{ wireguard_interface }}.conf"`
			`register: __wireguard_config`

fix linting 2022-10-11 09:48:42 +02:00			`- name: Set existing private key`
ci: migrate to woodpecker 2024-02-18 20:45:29 +01:00			`ansible.builtin.set_fact:`
initial commit 2022-10-11 09:32:13 +02:00			`wireguard_private_key: "{{ __wireguard_config['content'] \| b64decode \| regex_findall('PrivateKey = (.*)') \| first }}"`

ci: migrate to woodpecker 2024-02-18 20:45:29 +01:00			`- name: Derive WireGuard public key`
			`ansible.builtin.command: "wg pubkey"`
			`args:`
			`stdin: "{{ wireguard_private_key }}"`
			`register: __wireguard_public_key_gen`
			`changed_when: False`
initial commit 2022-10-11 09:32:13 +02:00
ci: migrate to woodpecker 2024-02-18 20:45:29 +01:00			`- name: Set public key fact`
			`ansible.builtin.set_fact:`
			`__wireguard_public_key: "{{ __wireguard_public_key_gen.stdout }}"`
initial commit 2022-10-11 09:32:13 +02:00
ci: migrate to woodpecker 2024-02-18 20:45:29 +01:00			`- name: Generate WireGuard configuration file`
			`ansible.builtin.template:`
			`src: etc/wireguard/wg.conf.j2`
			`dest: "/etc/wireguard/{{ wireguard_interface }}.conf"`
			`owner: root`
			`group: root`
			`mode: "0600"`
			`notify: __wireguard_restart`
initial commit 2022-10-11 09:32:13 +02:00
ci: migrate to woodpecker 2024-02-18 20:45:29 +01:00			`- name: Ensure legacy reload-module-on-update is absent`
			`ansible.builtin.file:`
			`dest: "/etc/wireguard/.reload-module-on-update"`
			`state: absent`
initial commit 2022-10-11 09:32:13 +02:00
ci: migrate to woodpecker 2024-02-18 20:45:29 +01:00			`- name: Ensure WireGuard service is up and running`
			`ansible.builtin.service:`
			`name: "wg-quick@{{ wireguard_interface }}"`
			`daemon_reload: True`
			`enabled: True`
			`state: started`