# wireguard ~~ roles/wireguard/tasks/main.yml # create keys and configuration for wireguard hosts --- - name: generate dynamic facts include: set_facts.yml - name: check keys on local disk stat: path: "{{ wg_host_keys }}" register: stat_host_keys delegate_to: localhost - name: generate host keys shell: | umask 077 wg genkey | tee "{{ wg_host_keys }}" | wg pubkey >> "{{ wg_host_keys }}" args: chdir: "{{ wg_dir }}" when: not stat_host_keys.stat.exists or force is defined and force delegate_to: localhost - name: create wireguard dir on remote host file: path: /etc/wireguard owner: "{{ user_root }}" group: "{{ group_root }}" mode: 0700 state: directory ignore_unreachable: true - name: generate client configuration template: src: host.conf.j2 dest: "{{ item.path }}" mode: 0600 when: ansible_host != global.dcontroller delegate_to: "{{ item.name }}" loop: - { name: "{{ ansible_host }}", path: /etc/wireguard/dcontroller.conf } - { name: localhost, path: "{{ wg_dir }}/{{ ansible_host }}.conf" } ignore_unreachable: true - name: generate server configuration template: src: dcontroller.conf.j2 dest: "{{ item.path }}" mode: "0600" when: ansible_host == global.dcontroller delegate_to: "{{ item.name }}" loop: - { name: "{{ ansible_host }}", path: /etc/wireguard/dcontroller.conf } - { name: localhost, path: "{{ wg_dir }}/{{ ansible_host }}.conf" } - name: enable wireguard for freebsd lineinfile: path: /etc/rc.conf regexp: "^wireguard_enable" line: wireguard_enable="YES" when: os_distribution == "freebsd" - name: enable interface for freebsd lineinfile: path: /etc/rc.conf regexp: "^wireguard_interfaces" line: wireguard_interfaces="{{ global.dcontroller }}" when: os_distribution == "freebsd" - name: generate and enable init script include_role: name=rc vars: rc_cmd: "{{ path_wgquick }}" rc_args: "up {{ global.dcontroller }}" rc_name: wireguard rc_user: "{{ user_root }}" ignore_errors: true when: os_distribution != "freebsd" - name: generate server interface template: src: templates/hostname.j2 dest: /etc/hostname.tun0 when: ansible_host == global.dcontroller