6 files changed, 73 insertions, 89 deletions

diff --git a/roles/wireguard/tasks/configuration.yml b/roles/wireguard/tasks/configuration.yml
deleted file mode 100644
index 0a2009e..0000000
--- a/roles/wireguard/tasks/configuration.yml
+++ /dev/null
@@ -1,20 +0,0 @@
----
-
-- name: generate wireguard configuration
-  ansible.builtin.template:
-    src: wireguard.conf.j2
-    dest: "{{ wireguard_local_dir }}/{{ item }}.conf"
-    mode: "0600"
-  vars:
-    host: "{{ hostvars[item] }}"
-  run_once: true
-  delegate_to: localhost
-  loop: "{{ groups.all }}"
-
-- name: copy wireguard configuration
-  ansible.builtin.copy:
-    src: "{{ wireguard_local_dir }}/{{ wireguard_local_configuration }}"
-    dest: "{{ wireguard_dir }}/{{ wireguard_domain_controller }}.conf"
-    owner: 0
-    group: 0
-    mode: "0600"
diff --git a/roles/wireguard/tasks/cron.yml b/roles/wireguard/tasks/cron.yml
index dd70e5c..9194648 100644
--- a/roles/wireguard/tasks/cron.yml
+++ b/roles/wireguard/tasks/cron.yml
@@ -4,4 +4,4 @@
   ansible.builtin.cron:
     name: keepalive network traffic to domain controller
     user: nobody
-    job: ping -c 1 {{ hostvars[wireguard_domain_controller].__ip.external }}
+    job: ping -c 1 {{ hostvars[wireguard__domain_controller].__ip.external }}
diff --git a/roles/wireguard/tasks/keys.yml b/roles/wireguard/tasks/keys.yml
deleted file mode 100644
index ee42408..0000000
--- a/roles/wireguard/tasks/keys.yml
+++ /dev/null
@@ -1,19 +0,0 @@
----
-
-- name: generate hosts keys
-  ansible.builtin.shell: |
-    set -o pipefail
-    ls "{{ wireguard_local_dir }}/{{ item }}.keys" && exit 0
-    umask 077
-    wg genkey | \
-    tee "{{ item }}.keys" | \
-    wg pubkey >> "{{ item }}.keys"
-    exit 2
-  args:
-    chdir: "{{ wireguard_local_dir }}"
-  loop: "{{ groups.all }}"
-  run_once: true
-  delegate_to: localhost
-  register: result
-  changed_when: result.rc == 2
-  failed_when: result.rc not in [0, 2]
diff --git a/roles/wireguard/tasks/local.yml b/roles/wireguard/tasks/local.yml
new file mode 100644
index 0000000..3eed984
--- /dev/null
+++ b/roles/wireguard/tasks/local.yml
@@ -0,0 +1,32 @@
+---
+
+- name: create local wireguard directory
+  ansible.builtin.file:
+    path: "{{ wireguard__local_dir }}"
+    state: directory
+    mode: "0700"
+
+- name: generate hosts keys
+  ansible.builtin.shell: |
+    set -o pipefail
+    ls "{{ wireguard__local_dir }}/{{ item }}.keys" && exit 0
+    umask 077
+    wg genkey | \
+    tee "{{ item }}.keys" | \
+    wg pubkey >> "{{ item }}.keys"
+    exit 2
+  args:
+    chdir: "{{ wireguard__local_dir }}"
+  loop: "{{ groups.all }}"
+  register: result
+  changed_when: result.rc == 2
+  failed_when: result.rc not in [0, 2]
+
+- name: generate wireguard configuration
+  ansible.builtin.template:
+    src: wireguard.conf.j2
+    dest: "{{ wireguard__local_dir }}/{{ item }}.conf"
+    mode: "0600"
+  vars:
+    host: "{{ hostvars[item] }}"
+  loop: "{{ groups.all }}"
diff --git a/roles/wireguard/tasks/main.yml b/roles/wireguard/tasks/main.yml
index 31b3655..b263e5d 100644
--- a/roles/wireguard/tasks/main.yml
+++ b/roles/wireguard/tasks/main.yml
@@ -1,41 +1,55 @@
 ---
 
-- name: create local wireguard directory
-  ansible.builtin.file:
-    path: "{{ wireguard_local_dir }}"
-    state: directory
-    mode: "0700"
-  run_once: true
-  delegate_to: localhost
-
 - name: create wireguard directory
   ansible.builtin.file:
-    path: "{{ wireguard_dir }}"
+    path: "{{ wireguard__dir }}"
     owner: 0
     group: 0
     mode: "0700"
     state: directory
 
-- name: include key generation
-  ansible.builtin.include_tasks: keys.yml
+- name: include local tasks
+  ansible.builtin.include_tasks: local.yml
+  run_once: true
+  args:
+    apply:
+      delegate_to: localhost
 
-- name: include configuration generation
-  ansible.builtin.include_tasks: configuration.yml
+- name: copy wireguard configuration
+  ansible.builtin.copy:
+    src: "{{ wireguard__local_dir }}/{{ wireguard__local_configuration }}"
+    dest: "{{ wireguard__dir }}/{{ wireguard__interface_name }}.conf"
+    owner: 0
+    group: 0
+    mode: "0600"
 
-- name: install wireguard on remote host
+- name: install wireguard
   ansible.builtin.package:
     name: wireguard-tools
     state: present
 
-- name: include service configuration for hosts
-  ansible.builtin.include_tasks: service.yml
-  when: inventory_hostname == wireguard_domain_controller
-
-- name: include service configuration for server
-  ansible.builtin.include_tasks: "{{ task }}"
-  when: inventory_hostname != wireguard_domain_controller
-  loop_control:
-    loop_var: task
-  loop:
-    - service.yml
-    - cron.yml
+- name: enable wireguard interface
+  ansible.builtin.lineinfile:
+    path: /etc/rc.local
+    regexp: "^/usr/local/bin/wg-quick up {{ wireguard__interface_name }}$"
+    line: "/usr/local/bin/wg-quick up {{ wireguard__interface_name }}"
+    owner: 0
+    create: true
+    mode: "0644"
+
+- name: restart wireguard interface
+  ansible.builtin.raw: |
+    wg-quick down {{ wireguard__interface_name }}
+    sleep {{ 10 | random(start=1) }}
+    wg-quick up {{ wireguard__interface_name }}
+  register: wireguard__result_status
+
+- name: keepalive cronjob every minute
+  ansible.builtin.cron:
+    name: keepalive network traffic to domain controller
+    user: nobody
+    job: ping -c 1 {{ hostvars[wireguard__domain_controller].__ip.external }}
+
+- name: show wireguard output
+  ansible.builtin.debug:
+    var: wireguard__result_status.stdout
diff --git a/roles/wireguard/tasks/service.yml b/roles/wireguard/tasks/service.yml
deleted file mode 100644
index 85849ee..0000000
--- a/roles/wireguard/tasks/service.yml
+++ /dev/null
@@ -1,23 +0,0 @@
----
-
-- name: enable wireguard interface for OpenBSD
-  ansible.builtin.lineinfile:
-    path: /etc/rc.local
-    regexp: "^/usr/local/bin/wg-quick up {{ wireguard_domain_controller }}$"
-    line: "/usr/local/bin/wg-quick up {{ wireguard_domain_controller }}"
-    owner: 0
-    create: true
-    mode: "0644"
-  when: ansible_distribution == "OpenBSD"
-
-- name: restart wireguard interface
-  ansible.builtin.raw: |
-    wg-quick down {{ wireguard_domain_controller }}
-    sleep {{ 10 | random(start=1) }}
-    wg-quick up {{ wireguard_domain_controller }}
-  when: ansible_distribution == "OpenBSD"
-  register: result
-
-- name: show wireguard output
-  ansible.builtin.debug:
-    var: result