Infra_mgmt/roles/wireguard/tasks/server.yml

75 lines
2.2 KiB
YAML
Raw Permalink Normal View History

2023-03-01 22:52:00 +01:00
- name: Wireguard keys block
block:
- name: Test if private key is already present
ansible.builtin.stat:
path: "{{ wireguard_privatekey_path }}"
register: _priv_key
- name: Generate WireGuard server private and public keys
ansible.builtin.shell: |
set -o pipefail
umask 077 && wg genkey | tee {{ wireguard_privatekey_path }} | wg pubkey > {{ wireguard_publickey_path }}
args:
executable: /bin/bash
when:
- not _priv_key.stat.exists
- wireguard_restore_serverkeys_dir | length == 0
- name: Restore WireGuard private, public and preshared keys
ansible.builtin.copy:
src: "{{ wireguard_restore_serverkeys_dir }}"
dest: "{{ wireguard_dir }}"
mode: '0644'
when:
- not _priv_key.stat.exists
- wireguard_restore_serverkeys_dir | length > 0
- name: Read publickey
ansible.builtin.slurp:
src: "{{ wireguard_publickey_path }}"
register: _pubkey_value
- name: Read privatekey
ansible.builtin.slurp:
src: "{{ wireguard_privatekey_path }}"
register: _privkey_value
- name: Test if preshared key is already present
ansible.builtin.stat:
path: "{{ wireguard_presharedkey_path }}"
register: _psk_key
- name: Generate WireGuard preshared key
ansible.builtin.shell: |
set -o pipefail
umask 077 && wg genpsk | tee {{ wireguard_presharedkey_path }}
args:
executable: /bin/bash
when: not _psk_key.stat.exists
- name: Read presharedkey
ansible.builtin.slurp:
src: "{{ wireguard_presharedkey_path }}"
register: _pskkey_value
- name: Create server config
ansible.builtin.template:
src: server.conf.j2
dest: "{{ wireguard_dir }}/{{ wireguard_interface }}.conf"
mode: 0700
force: no
- name: Create peers variable from template
ansible.builtin.set_fact:
peers: "{{ lookup('template', 'templates/peers.j2') | from_yaml }}"
- name: Download server private key
ansible.builtin.fetch:
src: "{{ item }}"
dest: "{{ wireguard_serverkeys_download_dir }}/{{ inventory_hostname }}/"
flat: true
loop:
- "{{ wireguard_privatekey_path }}"
- "{{ wireguard_publickey_path }}"
- "{{ wireguard_presharedkey_path }}"
when: wireguard_download_serverkeys | bool