aboutsummaryrefslogtreecommitdiffstats
path: root/roles/wireguard/tasks/local.yml
diff options
context:
space:
mode:
Diffstat (limited to 'roles/wireguard/tasks/local.yml')
-rw-r--r--roles/wireguard/tasks/local.yml32
1 files changed, 32 insertions, 0 deletions
diff --git a/roles/wireguard/tasks/local.yml b/roles/wireguard/tasks/local.yml
new file mode 100644
index 0000000..3eed984
--- /dev/null
+++ b/roles/wireguard/tasks/local.yml
@@ -0,0 +1,32 @@
+---
+
+- name: create local wireguard directory
+ ansible.builtin.file:
+ path: "{{ wireguard__local_dir }}"
+ state: directory
+ mode: "0700"
+
+- name: generate hosts keys
+ ansible.builtin.shell: |
+ set -o pipefail
+ ls "{{ wireguard__local_dir }}/{{ item }}.keys" && exit 0
+ umask 077
+ wg genkey | \
+ tee "{{ item }}.keys" | \
+ wg pubkey >> "{{ item }}.keys"
+ exit 2
+ args:
+ chdir: "{{ wireguard__local_dir }}"
+ loop: "{{ groups.all }}"
+ register: result
+ changed_when: result.rc == 2
+ failed_when: result.rc not in [0, 2]
+
+- name: generate wireguard configuration
+ ansible.builtin.template:
+ src: wireguard.conf.j2
+ dest: "{{ wireguard__local_dir }}/{{ item }}.conf"
+ mode: "0600"
+ vars:
+ host: "{{ hostvars[item] }}"
+ loop: "{{ groups.all }}"
remember that computers suck.