- name: Wireguard keys block block: - name: Test if private key is already present ansible.builtin.stat: path: "{{ wireguard_privatekey_path }}" register: _priv_key - name: Generate WireGuard server private and public keys ansible.builtin.shell: | set -o pipefail umask 077 && wg genkey | tee {{ wireguard_privatekey_path }} | wg pubkey > {{ wireguard_publickey_path }} args: executable: /bin/bash when: - not _priv_key.stat.exists - wireguard_restore_serverkeys_dir | length == 0 - name: Restore WireGuard private, public and preshared keys ansible.builtin.copy: src: "{{ wireguard_restore_serverkeys_dir }}" dest: "{{ wireguard_dir }}" mode: '0644' when: - not _priv_key.stat.exists - wireguard_restore_serverkeys_dir | length > 0 - name: Read publickey ansible.builtin.slurp: src: "{{ wireguard_publickey_path }}" register: _pubkey_value - name: Read privatekey ansible.builtin.slurp: src: "{{ wireguard_privatekey_path }}" register: _privkey_value - name: Test if preshared key is already present ansible.builtin.stat: path: "{{ wireguard_presharedkey_path }}" register: _psk_key - name: Generate WireGuard preshared key ansible.builtin.shell: | set -o pipefail umask 077 && wg genpsk | tee {{ wireguard_presharedkey_path }} args: executable: /bin/bash when: not _psk_key.stat.exists - name: Read presharedkey ansible.builtin.slurp: src: "{{ wireguard_presharedkey_path }}" register: _pskkey_value - name: Create server config ansible.builtin.template: src: server.conf.j2 dest: "{{ wireguard_dir }}/{{ wireguard_interface }}.conf" mode: 0700 force: no - name: Create peers variable from template ansible.builtin.set_fact: peers: "{{ lookup('template', 'templates/peers.j2') | from_yaml }}" - name: Download server private key ansible.builtin.fetch: src: "{{ item }}" dest: "{{ wireguard_serverkeys_download_dir }}/{{ inventory_hostname }}/" flat: true loop: - "{{ wireguard_privatekey_path }}" - "{{ wireguard_publickey_path }}" - "{{ wireguard_presharedkey_path }}" when: wireguard_download_serverkeys | bool