aboutsummaryrefslogtreecommitdiffstats
path: root/roles/wireguard
diff options
context:
space:
mode:
Diffstat (limited to 'roles/wireguard')
-rw-r--r--roles/wireguard/tasks/generate.yml5
-rw-r--r--roles/wireguard/tasks/main.yml52
-rw-r--r--roles/wireguard/templates/dcontroller.conf.j22
-rw-r--r--roles/wireguard/templates/host.conf.j22
-rw-r--r--roles/wireguard/templates/hostname.j2 (renamed from roles/wireguard/templates/hostname.tun0.j2)0
5 files changed, 54 insertions, 7 deletions
diff --git a/roles/wireguard/tasks/generate.yml b/roles/wireguard/tasks/generate.yml
index e3264ef..6e60a92 100644
--- a/roles/wireguard/tasks/generate.yml
+++ b/roles/wireguard/tasks/generate.yml
@@ -34,7 +34,6 @@
- { name: "{{ ansible_host }}", path: /etc/wireguard/dcontroller.conf }
- { name: localhost, path: "{{ wg_dir }}/{{ ansible_host}}.conf" }
ignore_unreachable: true
- failed_when: 1 == 2
- name: Generate server configuration
template:
@@ -49,7 +48,7 @@
- name: Generate server interface
template:
- src: templates/hostname.tun0.j2
+ src: templates/hostname.j2
dest: /etc/hostname.tun0
when: ansible_host == _i.dcontroller
-
+
diff --git a/roles/wireguard/tasks/main.yml b/roles/wireguard/tasks/main.yml
index be9e57c..9e23fa7 100644
--- a/roles/wireguard/tasks/main.yml
+++ b/roles/wireguard/tasks/main.yml
@@ -1,9 +1,57 @@
-
# wireguard ~~ tasks/main.yml
---
- include: set_facts.yml
-- include: generate.yml
+- stat:
+ path: "{{ wg_host_keys }}"
+ register: stat_host_keys
+ delegate_to: localhost
+
+- name: Generate domain keys
+ shell: |
+ umask 077
+ wg genkey | tee "{{ wg_host_keys }}" | wg pubkey >> "{{ wg_host_keys }}"
+ args:
+ chdir: "{{ wg_dir }}"
+ when: not stat_host_keys.stat.exists or force is defined and force
+ delegate_to: localhost
+
+- name: Create wireguard dir on remote host
+ file:
+ path: /etc/wireguard
+ owner: root
+ state: directory
+ mode: "0700"
+ ignore_unreachable: true
+
+- name: Generate client configuration
+ template:
+ src: templates/host.conf.j2
+ dest: "{{ item.path }}"
+ mode: "0600"
+ when: ansible_host != _i.dcontroller
+ delegate_to: "{{ item.name }}"
+ loop:
+ - { name: "{{ ansible_host }}", path: /etc/wireguard/dcontroller.conf }
+ - { name: localhost, path: "{{ wg_dir }}/{{ ansible_host}}.conf" }
+ ignore_unreachable: true
+
+- name: Generate server configuration
+ template:
+ src: templates/dcontroller.conf.j2
+ dest: "{{ item.path }}"
+ mode: "0600"
+ when: ansible_host == _i.dcontroller
+ delegate_to: "{{ item.name }}"
+ loop:
+ - { name: "{{ ansible_host }}", path: /etc/wireguard/dcontroller.conf }
+ - { name: localhost, path: "{{ wg_dir }}/{{ ansible_host}}.conf" }
+
+- name: Generate server interface
+ template:
+ src: templates/hostname.j2
+ dest: /etc/hostname.tun0
+ when: ansible_host == _i.dcontroller
diff --git a/roles/wireguard/templates/dcontroller.conf.j2 b/roles/wireguard/templates/dcontroller.conf.j2
index c1fd887..5771ef6 100644
--- a/roles/wireguard/templates/dcontroller.conf.j2
+++ b/roles/wireguard/templates/dcontroller.conf.j2
@@ -1,5 +1,5 @@
-# wireguard client configuration ~~ /etc/wireguard/*.conf
+# wireguard dcontroller configuration ~~ /etc/wireguard/*.conf
# managed by Ansible
{% set dcontroller_keys = lookup("file", wg_dcontroller_keys).splitlines() %}
diff --git a/roles/wireguard/templates/host.conf.j2 b/roles/wireguard/templates/host.conf.j2
index c25d937..2a5acc5 100644
--- a/roles/wireguard/templates/host.conf.j2
+++ b/roles/wireguard/templates/host.conf.j2
@@ -5,7 +5,7 @@
{% set dcontroller_keys = lookup("file", wg_dcontroller_keys).splitlines() %}
[Interface]
-Address = {{ ip.in }}
+Address = {{ ip.in }}, fd00:10:10::{{ ip.in.split(".")[3] }}
PrivateKey = {{ host_keys[0] }}
[Peer]
diff --git a/roles/wireguard/templates/hostname.tun0.j2 b/roles/wireguard/templates/hostname.j2
index 3903ccb..3903ccb 100644
--- a/roles/wireguard/templates/hostname.tun0.j2
+++ b/roles/wireguard/templates/hostname.j2
remember that computers suck.