diff options
| author | binary <me@rgoncalves.se> | 2020-11-12 14:29:49 +0100 |
|---|---|---|
| committer | binary <me@rgoncalves.se> | 2020-11-12 14:29:49 +0100 |
| commit | b419094cda74405eb4cbb8b7031b53cd2f347566 (patch) | |
| tree | e3e6de54517612ebc96a6d3804848637562103a4 /roles/wireguard/tasks/generate.yml | |
| parent | 9007e995ed14f92af8fe57fbe9ced0047d2a5634 (diff) | |
| download | infrastructure-b419094cda74405eb4cbb8b7031b53cd2f347566.tar.gz | |
Refactor and cleanup old roles
Diffstat (limited to 'roles/wireguard/tasks/generate.yml')
| -rw-r--r-- | roles/wireguard/tasks/generate.yml | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/roles/wireguard/tasks/generate.yml b/roles/wireguard/tasks/generate.yml new file mode 100644 index 0000000..e3264ef --- /dev/null +++ b/roles/wireguard/tasks/generate.yml @@ -0,0 +1,55 @@ + +# wireguard ~~ tasks/generate.yml + +- stat: + path: "{{ wg_host_keys }}" + register: stat_host_keys + delegate_to: localhost + +- name: Generate domain keys + shell: | + umask 077 + wg genkey | tee "{{ wg_host_keys }}" | wg pubkey >> "{{ wg_host_keys }}" + args: + chdir: "{{ wg_dir }}" + when: not stat_host_keys.stat.exists or force is defined and force + delegate_to: localhost + +- name: Create wireguard dir on remote host + file: + path: /etc/wireguard + owner: root + state: directory + mode: "0700" + ignore_unreachable: true + +- name: Generate client configuration + template: + src: templates/host.conf.j2 + dest: "{{ item.path }}" + mode: "0600" + when: ansible_host != _i.dcontroller + delegate_to: "{{ item.name }}" + loop: + - { name: "{{ ansible_host }}", path: /etc/wireguard/dcontroller.conf } + - { name: localhost, path: "{{ wg_dir }}/{{ ansible_host}}.conf" } + ignore_unreachable: true + failed_when: 1 == 2 + +- name: Generate server configuration + template: + src: templates/dcontroller.conf.j2 + dest: "{{ item.path }}" + mode: "0600" + when: ansible_host == _i.dcontroller + delegate_to: "{{ item.name }}" + loop: + - { name: "{{ ansible_host }}", path: /etc/wireguard/dcontroller.conf } + - { name: localhost, path: "{{ wg_dir }}/{{ ansible_host}}.conf" } + +- name: Generate server interface + template: + src: templates/hostname.tun0.j2 + dest: /etc/hostname.tun0 + when: ansible_host == _i.dcontroller + |