71 lines
2.0 KiB
YAML
71 lines
2.0 KiB
YAML
---
|
|
- name: Ensure dependencies are installed
|
|
ansible.builtin.package:
|
|
name: "{{ item }}"
|
|
state: present
|
|
loop:
|
|
- wireguard-tools
|
|
|
|
- name: Stat WireGuard config file
|
|
ansible.builtin.stat:
|
|
path: "/etc/wireguard/{{ wireguard_interface }}.conf"
|
|
register: __wireguard_config_file
|
|
|
|
- when:
|
|
- not __wireguard_config_file.stat.exists
|
|
- wireguard_private_key is not defined
|
|
block:
|
|
- name: Generate WireGuard private key
|
|
ansible.builtin.command: "wg genkey"
|
|
register: __wireguard_private_key_gen
|
|
changed_when: False
|
|
|
|
- name: Set generated private key
|
|
ansible.builtin.set_fact:
|
|
wireguard_private_key: "{{ __wireguard_private_key_gen.stdout }}"
|
|
|
|
- when:
|
|
- __wireguard_config_file.stat.exists
|
|
- wireguard_private_key is not defined
|
|
block:
|
|
- name: Read WireGuard config file
|
|
ansible.builtin.slurp:
|
|
src: "/etc/wireguard/{{ wireguard_interface }}.conf"
|
|
register: __wireguard_config
|
|
|
|
- name: Set existing private key
|
|
ansible.builtin.set_fact:
|
|
wireguard_private_key: "{{ __wireguard_config['content'] | b64decode | regex_findall('PrivateKey = (.*)') | first }}"
|
|
|
|
- name: Derive WireGuard public key
|
|
ansible.builtin.command: "wg pubkey"
|
|
args:
|
|
stdin: "{{ wireguard_private_key }}"
|
|
register: __wireguard_public_key_gen
|
|
changed_when: False
|
|
|
|
- name: Set public key fact
|
|
ansible.builtin.set_fact:
|
|
__wireguard_public_key: "{{ __wireguard_public_key_gen.stdout }}"
|
|
|
|
- name: Generate WireGuard configuration file
|
|
ansible.builtin.template:
|
|
src: etc/wireguard/wg.conf.j2
|
|
dest: "/etc/wireguard/{{ wireguard_interface }}.conf"
|
|
owner: root
|
|
group: root
|
|
mode: "0600"
|
|
notify: __wireguard_restart
|
|
|
|
- name: Ensure legacy reload-module-on-update is absent
|
|
ansible.builtin.file:
|
|
dest: "/etc/wireguard/.reload-module-on-update"
|
|
state: absent
|
|
|
|
- name: Ensure WireGuard service is up and running
|
|
ansible.builtin.service:
|
|
name: "wg-quick@{{ wireguard_interface }}"
|
|
daemon_reload: True
|
|
enabled: True
|
|
state: started
|