aboutsummaryrefslogtreecommitdiffstats
path: root/roles/wireguard/tasks/main.yml
blob: b263e5d5b97377fbbcb5cabc3b35fd4358aa8384 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
---

- name: create wireguard directory
  ansible.builtin.file:
    path: "{{ wireguard__dir }}"
    owner: 0
    group: 0
    mode: "0700"
    state: directory

- name: include local tasks
  ansible.builtin.include_tasks: local.yml
  run_once: true
  args:
    apply:
      delegate_to: localhost

- name: copy wireguard configuration
  ansible.builtin.copy:
    src: "{{ wireguard__local_dir }}/{{ wireguard__local_configuration }}"
    dest: "{{ wireguard__dir }}/{{ wireguard__interface_name }}.conf"
    owner: 0
    group: 0
    mode: "0600"

- name: install wireguard
  ansible.builtin.package:
    name: wireguard-tools
    state: present

- name: enable wireguard interface
  ansible.builtin.lineinfile:
    path: /etc/rc.local
    regexp: "^/usr/local/bin/wg-quick up {{ wireguard__interface_name }}$"
    line: "/usr/local/bin/wg-quick up {{ wireguard__interface_name }}"
    owner: 0
    create: true
    mode: "0644"

- name: restart wireguard interface
  ansible.builtin.raw: |
    wg-quick down {{ wireguard__interface_name }}
    sleep {{ 10 | random(start=1) }}
    wg-quick up {{ wireguard__interface_name }}
  register: wireguard__result_status

- name: keepalive cronjob every minute
  ansible.builtin.cron:
    name: keepalive network traffic to domain controller
    user: nobody
    job: ping -c 1 {{ hostvars[wireguard__domain_controller].__ip.external }}

- name: show wireguard output
  ansible.builtin.debug:
    var: wireguard__result_status.stdout
remember that computers suck.