74 lines
2.4 KiB
YAML
74 lines
2.4 KiB
YAML
---
|
|
# WireGuard User Management Tasks
|
|
|
|
- name: Auto-allocate IPs if enabled
|
|
ansible.builtin.set_fact:
|
|
wg_peers_with_ips: "{{ wg_peers_with_ips | default([]) + [item | combine({'ip': wg_network | ansible.utils.ipaddr(wg_ip_start + idx) | ansible.utils.ipaddr('address')})] }}"
|
|
loop: "{{ wg_peers }}"
|
|
loop_control:
|
|
index_var: idx
|
|
when:
|
|
- wg_auto_allocate_ips | bool
|
|
- item.ip is not defined
|
|
|
|
- name: Use provided IPs if auto-allocation disabled
|
|
ansible.builtin.set_fact:
|
|
wg_peers_with_ips: "{{ wg_peers }}"
|
|
when: not (wg_auto_allocate_ips | bool)
|
|
|
|
- name: Generate client private keys
|
|
ansible.builtin.shell: wg genkey > {{ wg_keys_dir }}/{{ item.name }}_private.key
|
|
args:
|
|
creates: "{{ wg_keys_dir }}/{{ item.name }}_private.key"
|
|
loop: "{{ wg_peers_with_ips }}"
|
|
|
|
- name: Set client private key permissions
|
|
ansible.builtin.file:
|
|
path: "{{ wg_keys_dir }}/{{ item.name }}_private.key"
|
|
owner: root
|
|
group: root
|
|
mode: '0600'
|
|
loop: "{{ wg_peers_with_ips }}"
|
|
|
|
- name: Generate client public keys
|
|
ansible.builtin.shell: cat {{ wg_keys_dir }}/{{ item.name }}_private.key | wg pubkey > {{ wg_keys_dir }}/{{ item.name }}_public.key
|
|
args:
|
|
creates: "{{ wg_keys_dir }}/{{ item.name }}_public.key"
|
|
loop: "{{ wg_peers_with_ips }}"
|
|
|
|
- name: Read client keys
|
|
ansible.builtin.shell: |
|
|
echo "private=$(cat {{ wg_keys_dir }}/{{ item.name }}_private.key)"
|
|
echo "public=$(cat {{ wg_keys_dir }}/{{ item.name }}_public.key)"
|
|
register: client_keys
|
|
loop: "{{ wg_peers_with_ips }}"
|
|
changed_when: false
|
|
|
|
- name: Generate client configurations
|
|
ansible.builtin.template:
|
|
src: client.conf.j2
|
|
dest: "{{ wg_client_configs_dir }}/{{ item.item.name }}.conf"
|
|
owner: root
|
|
group: root
|
|
mode: '0600'
|
|
loop: "{{ client_keys.results }}"
|
|
vars:
|
|
client_name: "{{ item.item.name }}"
|
|
client_ip: "{{ item.item.ip }}"
|
|
client_private_key: "{{ item.stdout_lines[0].split('=')[1] }}"
|
|
client_public_key: "{{ item.stdout_lines[1].split('=')[1] }}"
|
|
|
|
- name: Generate QR codes for mobile clients
|
|
ansible.builtin.shell: qrencode -t ansiutf8 < {{ wg_client_configs_dir }}/{{ item.name }}.conf > {{ wg_client_configs_dir }}/{{ item.name }}_qr.txt
|
|
args:
|
|
creates: "{{ wg_client_configs_dir }}/{{ item.name }}_qr.txt"
|
|
loop: "{{ wg_peers_with_ips }}"
|
|
|
|
- name: Create summary file
|
|
ansible.builtin.template:
|
|
src: summary.md.j2
|
|
dest: "{{ wg_client_configs_dir }}/README.md"
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|