Make wireguard unreachables/failures free

author: binary <me@rgoncalves.se> 2021-03-17 20:53:31 +0100
committer: binary <me@rgoncalves.se> 2021-03-17 20:53:31 +0100
commit: edfeb6401af135348ddd38518a27be3e8ec51f6a (patch)
tree: a179029da1de48d7a8edf7e4a4c7902324f9e751 /roles/wireguard/tasks/generate.yml
parent: 3e8b7f77311d32fd11e05d6f11d454aa40ed0aec (diff)
download: infrastructure-edfeb6401af135348ddd38518a27be3e8ec51f6a.tar.gz
1 files changed, 29 insertions, 0 deletions
diff --git a/roles/wireguard/tasks/generate.yml b/roles/wireguard/tasks/generate.yml
new file mode 100644
index 0000000..6b91fb2
--- /dev/null
+++ b/roles/wireguard/tasks/generate.yml
@@ -0,0 +1,29 @@
+
+# wireguard ~~ roles/wireguard/tasks/generate.yml
+# generate client configuration
+
+---
+
+- name: check keys on local disk
+  stat:
+    path: "{{ wg_host_keys }}"
+  register: stat_host_keys
+  delegate_to: localhost
+
+- name: generate host keys on local machine
+  shell: |
+    umask 077
+    wg genkey | tee "{{ wg_host_keys }}" | wg pubkey >> "{{ wg_host_keys }}"
+  args:
+    chdir: "{{ wg_dir }}"
+  when: not stat_host_keys.stat.exists or wg_force is defined and wg_force
+  delegate_to: localhost
+
+- name: generate client configuration
+  template:
+    src: host.conf.j2
+    dest: "{{ wg_dir }}/{{ ansible_host }}.conf"
+    mode: "0600"
+  when: ansible_host != global.dcontroller
+  delegate_to: localhost
+
author	binary <me@rgoncalves.se>	2021-03-17 20:53:31 +0100
committer	binary <me@rgoncalves.se>	2021-03-17 20:53:31 +0100
commit	edfeb6401af135348ddd38518a27be3e8ec51f6a (patch)
tree	a179029da1de48d7a8edf7e4a4c7902324f9e751 /roles/wireguard/tasks/generate.yml
parent	3e8b7f77311d32fd11e05d6f11d454aa40ed0aec (diff)
download	infrastructure-edfeb6401af135348ddd38518a27be3e8ec51f6a.tar.gz