75 lines
2.2 KiB
YAML
75 lines
2.2 KiB
YAML
|
- name: Wireguard keys block
|
||
|
block:
|
||
|
- name: Test if private key is already present
|
||
|
ansible.builtin.stat:
|
||
|
path: "{{ wireguard_privatekey_path }}"
|
||
|
register: _priv_key
|
||
|
|
||
|
- name: Generate WireGuard server private and public keys
|
||
|
ansible.builtin.shell: |
|
||
|
set -o pipefail
|
||
|
umask 077 && wg genkey | tee {{ wireguard_privatekey_path }} | wg pubkey > {{ wireguard_publickey_path }}
|
||
|
args:
|
||
|
executable: /bin/bash
|
||
|
when:
|
||
|
- not _priv_key.stat.exists
|
||
|
- wireguard_restore_serverkeys_dir | length == 0
|
||
|
|
||
|
- name: Restore WireGuard private, public and preshared keys
|
||
|
ansible.builtin.copy:
|
||
|
src: "{{ wireguard_restore_serverkeys_dir }}"
|
||
|
dest: "{{ wireguard_dir }}"
|
||
|
mode: '0644'
|
||
|
when:
|
||
|
- not _priv_key.stat.exists
|
||
|
- wireguard_restore_serverkeys_dir | length > 0
|
||
|
|
||
|
- name: Read publickey
|
||
|
ansible.builtin.slurp:
|
||
|
src: "{{ wireguard_publickey_path }}"
|
||
|
register: _pubkey_value
|
||
|
|
||
|
- name: Read privatekey
|
||
|
ansible.builtin.slurp:
|
||
|
src: "{{ wireguard_privatekey_path }}"
|
||
|
register: _privkey_value
|
||
|
|
||
|
- name: Test if preshared key is already present
|
||
|
ansible.builtin.stat:
|
||
|
path: "{{ wireguard_presharedkey_path }}"
|
||
|
register: _psk_key
|
||
|
|
||
|
- name: Generate WireGuard preshared key
|
||
|
ansible.builtin.shell: |
|
||
|
set -o pipefail
|
||
|
umask 077 && wg genpsk | tee {{ wireguard_presharedkey_path }}
|
||
|
args:
|
||
|
executable: /bin/bash
|
||
|
when: not _psk_key.stat.exists
|
||
|
|
||
|
- name: Read presharedkey
|
||
|
ansible.builtin.slurp:
|
||
|
src: "{{ wireguard_presharedkey_path }}"
|
||
|
register: _pskkey_value
|
||
|
|
||
|
- name: Create server config
|
||
|
ansible.builtin.template:
|
||
|
src: server.conf.j2
|
||
|
dest: "{{ wireguard_dir }}/{{ wireguard_interface }}.conf"
|
||
|
mode: 0700
|
||
|
force: no
|
||
|
|
||
|
- name: Create peers variable from template
|
||
|
ansible.builtin.set_fact:
|
||
|
peers: "{{ lookup('template', 'templates/peers.j2') | from_yaml }}"
|
||
|
|
||
|
- name: Download server private key
|
||
|
ansible.builtin.fetch:
|
||
|
src: "{{ item }}"
|
||
|
dest: "{{ wireguard_serverkeys_download_dir }}/{{ inventory_hostname }}/"
|
||
|
flat: true
|
||
|
loop:
|
||
|
- "{{ wireguard_privatekey_path }}"
|
||
|
- "{{ wireguard_publickey_path }}"
|
||
|
- "{{ wireguard_presharedkey_path }}"
|
||
|
when: wireguard_download_serverkeys | bool
|