aboutsummaryrefslogtreecommitdiffstats
path: root/roles/wireguard/tasks/main.yml
diff options
context:
space:
mode:
Diffstat (limited to 'roles/wireguard/tasks/main.yml')
-rw-r--r--roles/wireguard/tasks/main.yml66
1 files changed, 40 insertions, 26 deletions
diff --git a/roles/wireguard/tasks/main.yml b/roles/wireguard/tasks/main.yml
index 31b3655..b263e5d 100644
--- a/roles/wireguard/tasks/main.yml
+++ b/roles/wireguard/tasks/main.yml
@@ -1,41 +1,55 @@
---
-- name: create local wireguard directory
- ansible.builtin.file:
- path: "{{ wireguard_local_dir }}"
- state: directory
- mode: "0700"
- run_once: true
- delegate_to: localhost
-
- name: create wireguard directory
ansible.builtin.file:
- path: "{{ wireguard_dir }}"
+ path: "{{ wireguard__dir }}"
owner: 0
group: 0
mode: "0700"
state: directory
-- name: include key generation
- ansible.builtin.include_tasks: keys.yml
+- name: include local tasks
+ ansible.builtin.include_tasks: local.yml
+ run_once: true
+ args:
+ apply:
+ delegate_to: localhost
-- name: include configuration generation
- ansible.builtin.include_tasks: configuration.yml
+- name: copy wireguard configuration
+ ansible.builtin.copy:
+ src: "{{ wireguard__local_dir }}/{{ wireguard__local_configuration }}"
+ dest: "{{ wireguard__dir }}/{{ wireguard__interface_name }}.conf"
+ owner: 0
+ group: 0
+ mode: "0600"
-- name: install wireguard on remote host
+- name: install wireguard
ansible.builtin.package:
name: wireguard-tools
state: present
-- name: include service configuration for hosts
- ansible.builtin.include_tasks: service.yml
- when: inventory_hostname == wireguard_domain_controller
-
-- name: include service configuration for server
- ansible.builtin.include_tasks: "{{ task }}"
- when: inventory_hostname != wireguard_domain_controller
- loop_control:
- loop_var: task
- loop:
- - service.yml
- - cron.yml
+- name: enable wireguard interface
+ ansible.builtin.lineinfile:
+ path: /etc/rc.local
+ regexp: "^/usr/local/bin/wg-quick up {{ wireguard__interface_name }}$"
+ line: "/usr/local/bin/wg-quick up {{ wireguard__interface_name }}"
+ owner: 0
+ create: true
+ mode: "0644"
+
+- name: restart wireguard interface
+ ansible.builtin.raw: |
+ wg-quick down {{ wireguard__interface_name }}
+ sleep {{ 10 | random(start=1) }}
+ wg-quick up {{ wireguard__interface_name }}
+ register: wireguard__result_status
+
+- name: keepalive cronjob every minute
+ ansible.builtin.cron:
+ name: keepalive network traffic to domain controller
+ user: nobody
+ job: ping -c 1 {{ hostvars[wireguard__domain_controller].__ip.external }}
+
+- name: show wireguard output
+ ansible.builtin.debug:
+ var: wireguard__result_status.stdout
remember that computers suck.