diff options
Diffstat (limited to 'roles/wireguard')
-rw-r--r-- | roles/wireguard/tasks/main.yml | 29 | ||||
-rw-r--r-- | roles/wireguard/tasks/server.yml | 28 | ||||
-rw-r--r-- | roles/wireguard/tasks/service.yml | 17 | ||||
-rw-r--r-- | roles/wireguard/templates/dcontroller.conf.j2 | 2 | ||||
-rw-r--r-- | roles/wireguard/templates/hostname.j2 | 3 |
5 files changed, 30 insertions, 49 deletions
diff --git a/roles/wireguard/tasks/main.yml b/roles/wireguard/tasks/main.yml index 5b48998..3b8f8ae 100644 --- a/roles/wireguard/tasks/main.yml +++ b/roles/wireguard/tasks/main.yml @@ -15,35 +15,14 @@ wg_host_conf: "{{ wg_dir }}/{{ ansible_host }}.conf" wg_host_keys: "{{ wg_dir }}/{{ ansible_host }}.keys" -- name: include configuration generation +- name: include generation configuratin include_tasks: generate.yml -- name: include configuration synchronization +- name: include synchronization configuration include_tasks: synchronize.yml -- name: enable wireguard for freebsd - lineinfile: - path: /etc/rc.conf - regexp: "^wireguard_enable" - line: wireguard_enable="YES" - when: ansible_distribution == "FreeBSD" - -- name: enable interface for freebsd - lineinfile: - path: /etc/rc.conf - regexp: "^wireguard_interfaces" - line: wireguard_interfaces="{{ global.dcontroller }}" - when: ansible_distribution == "FreeBSd" - -- name: generate and enable init script - include_role: name=rc - vars: - rc_cmd: "{{ path_wgquick }}" - rc_args: "up {{ global.dcontroller }}" - rc_name: wireguard - rc_user: "{{ user_root }}" - ignore_errors: true - when: ansible_distribution != "FreeBSD" +- name: include service configuration + include_tasks: service.yml - name: include server setup include_tasks: server.yml diff --git a/roles/wireguard/tasks/server.yml b/roles/wireguard/tasks/server.yml index 32d52fc..9a8d67c 100644 --- a/roles/wireguard/tasks/server.yml +++ b/roles/wireguard/tasks/server.yml @@ -12,27 +12,13 @@ when: ansible_host == global.dcontroller delegate_to: localhost -- name: generate server interface - template: - src: templates/hostname.j2 - dest: /etc/hostname.tun0 +- name: enable wireguard interface + lineinfile: + path: /etc/rc.local + regexp: "^wg-quick up {{ ansible_host }}$" + line: "wg-quick up {{ ansible_host }}" -# NOTE: interface destruction and creation exists in the same tasks, -# to avoid being kicked out of the ssh sessions if this one exists -# within the current VPN. - name: restart wireguard interface shell: | - ifconfig tun0 destroy - sleep 2 - sh /etc/netstart tun0 - register: result - -- name: show debug output - debug: - msg: | - {% for line in result.stdout_lines %} - "{{ line }}" - {% endfor %} - {% for line in result.stderr_lines %} - "{{ line }}" - {% endfor %} + wg-quick down "{{ ansible_host }}" + wg-quick up "{{ ansible_host }}" diff --git a/roles/wireguard/tasks/service.yml b/roles/wireguard/tasks/service.yml new file mode 100644 index 0000000..86d6420 --- /dev/null +++ b/roles/wireguard/tasks/service.yml @@ -0,0 +1,17 @@ +- name: enable wireguard for FreeBSD + service: + name: wireguard + state: restarted + enabled: true + args: "{{ global.dcontroller }}" + when: ansible_distribution == "FreeBSD" + +- name: generate and enable init script + include_role: name=rc + vars: + rc_cmd: "{{ path_wgquick }}" + rc_args: "up {{ global.dcontroller }}" + rc_name: wireguard + rc_user: "{{ user_root }}" + ignore_errors: true + when: ansible_distribution != "FreeBSD" diff --git a/roles/wireguard/templates/dcontroller.conf.j2 b/roles/wireguard/templates/dcontroller.conf.j2 index a8e6292..75da219 100644 --- a/roles/wireguard/templates/dcontroller.conf.j2 +++ b/roles/wireguard/templates/dcontroller.conf.j2 @@ -4,7 +4,7 @@ {% set dcontroller_keys = lookup("file", wg_dcontroller_keys).splitlines() %} [Interface] -#Address = {{ ip.in }}, fd00::1/128 +Address = {{ ip.in }}/24, fd00::1/128 ListenPort = 53 PrivateKey = {{ dcontroller_keys[0] }} diff --git a/roles/wireguard/templates/hostname.j2 b/roles/wireguard/templates/hostname.j2 index 8938320..aca3b03 100644 --- a/roles/wireguard/templates/hostname.j2 +++ b/roles/wireguard/templates/hostname.j2 @@ -1,7 +1,6 @@ inet 10.10.0.1 255.255.255.0 inet6 fd00:10:10::1 -!/usr/local/bin/wireguard-go -f tun0 & -!/bin/sleep 2 +#!/usr/local/bin/wireguard-go -f tun0 & !/usr/local/bin/wg setconf tun0 /etc/wireguard/{{ global.dcontroller }}.conf !/bin/sleep 2 !/sbin/route add -inet 10.10.0.0/24 10.10.0.1 |