60 lines
1.6 KiB
YAML
60 lines
1.6 KiB
YAML
---
|
|
# WireGuard Installation Tasks
|
|
|
|
- name: Install WireGuard
|
|
ansible.builtin.apt:
|
|
name:
|
|
- wireguard
|
|
- wireguard-tools
|
|
- qrencode
|
|
state: present
|
|
update_cache: yes
|
|
|
|
- name: Create WireGuard directories
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: '0700'
|
|
loop:
|
|
- "{{ wg_config_dir }}"
|
|
- "{{ wg_keys_dir }}"
|
|
- "{{ wg_client_configs_dir }}"
|
|
|
|
- name: Check if server private key exists
|
|
ansible.builtin.stat:
|
|
path: "{{ wg_keys_dir }}/server_private.key"
|
|
register: server_private_key
|
|
|
|
- name: Generate server private key
|
|
ansible.builtin.shell: wg genkey > {{ wg_keys_dir }}/server_private.key
|
|
when: not server_private_key.stat.exists
|
|
|
|
- name: Set server private key permissions
|
|
ansible.builtin.file:
|
|
path: "{{ wg_keys_dir }}/server_private.key"
|
|
owner: root
|
|
group: root
|
|
mode: '0600'
|
|
|
|
- name: Generate server public key
|
|
ansible.builtin.shell: cat {{ wg_keys_dir }}/server_private.key | wg pubkey > {{ wg_keys_dir }}/server_public.key
|
|
args:
|
|
creates: "{{ wg_keys_dir }}/server_public.key"
|
|
|
|
- name: Read server private key
|
|
ansible.builtin.slurp:
|
|
src: "{{ wg_keys_dir }}/server_private.key"
|
|
register: server_private_key_content
|
|
|
|
- name: Read server public key
|
|
ansible.builtin.slurp:
|
|
src: "{{ wg_keys_dir }}/server_public.key"
|
|
register: server_public_key_content
|
|
|
|
- name: Set server keys as facts
|
|
ansible.builtin.set_fact:
|
|
wg_server_private_key: "{{ server_private_key_content['content'] | b64decode | trim }}"
|
|
wg_server_public_key: "{{ server_public_key_content['content'] | b64decode | trim }}"
|