From c110f9a103c2f676917e3fe5e33f4eaedfed070c Mon Sep 17 00:00:00 2001 From: binary Date: Fri, 20 Nov 2020 19:20:55 +0100 Subject: Refactor wireguard role with new host declaration. --- roles/wireguard/tasks/main.yml | 41 +++++++++++++++++++++++------------------ 1 file changed, 23 insertions(+), 18 deletions(-) (limited to 'roles/wireguard/tasks/main.yml') diff --git a/roles/wireguard/tasks/main.yml b/roles/wireguard/tasks/main.yml index 9e23fa7..51b97c0 100644 --- a/roles/wireguard/tasks/main.yml +++ b/roles/wireguard/tasks/main.yml @@ -1,15 +1,19 @@ -# wireguard ~~ tasks/main.yml + +# wireguard ~~ roles/wireguard/tasks/main.yml +# create keys and configuration for wireguard hosts --- -- include: set_facts.yml +- name: generate dynamic facts + include: set_facts.yml -- stat: +- name: check keys on local disk + stat: path: "{{ wg_host_keys }}" register: stat_host_keys delegate_to: localhost -- name: Generate domain keys +- name: generate host keys shell: | umask 077 wg genkey | tee "{{ wg_host_keys }}" | wg pubkey >> "{{ wg_host_keys }}" @@ -18,40 +22,41 @@ when: not stat_host_keys.stat.exists or force is defined and force delegate_to: localhost -- name: Create wireguard dir on remote host +- name: create wireguard dir on remote host file: path: /etc/wireguard - owner: root + owner: "{{ user_root }}" + group: "{{ group_root }}" + mode: 0700 state: directory - mode: "0700" ignore_unreachable: true -- name: Generate client configuration +- name: generate client configuration template: - src: templates/host.conf.j2 + src: host.conf.j2 dest: "{{ item.path }}" - mode: "0600" - when: ansible_host != _i.dcontroller + mode: 0600 + when: ansible_host != global.dcontroller delegate_to: "{{ item.name }}" loop: - { name: "{{ ansible_host }}", path: /etc/wireguard/dcontroller.conf } - - { name: localhost, path: "{{ wg_dir }}/{{ ansible_host}}.conf" } + - { name: localhost, path: "{{ wg_dir }}/{{ ansible_host }}.conf" } ignore_unreachable: true -- name: Generate server configuration +- name: generate server configuration template: - src: templates/dcontroller.conf.j2 + src: dcontroller.conf.j2 dest: "{{ item.path }}" mode: "0600" - when: ansible_host == _i.dcontroller + when: ansible_host == global.dcontroller delegate_to: "{{ item.name }}" loop: - { name: "{{ ansible_host }}", path: /etc/wireguard/dcontroller.conf } - - { name: localhost, path: "{{ wg_dir }}/{{ ansible_host}}.conf" } + - { name: localhost, path: "{{ wg_dir }}/{{ ansible_host }}.conf" } -- name: Generate server interface +- name: generate server interface template: src: templates/hostname.j2 dest: /etc/hostname.tun0 - when: ansible_host == _i.dcontroller + when: ansible_host == global.dcontroller -- cgit v1.2.3