52 lines
1.8 KiB
YAML
52 lines
1.8 KiB
YAML
- name: Create client configs directories
|
|
ansible.builtin.file:
|
|
path: "{{ wireguard_clients_dir }}/{{ item.FriendlyName }}"
|
|
mode: 0755
|
|
state: directory
|
|
register: existing_client_config
|
|
|
|
- name: Wireguard client keys block
|
|
block:
|
|
|
|
- name: Generate WireGuard client private and public keys
|
|
ansible.builtin.shell: |
|
|
set -o pipefail
|
|
umask 077 && wg genkey | tee pk | wg pubkey > pubk
|
|
args:
|
|
executable: /bin/bash
|
|
chdir: "{{ wireguard_clients_dir }}/{{ item.FriendlyName }}"
|
|
|
|
- name: Read publickey
|
|
ansible.builtin.slurp:
|
|
src: "{{ wireguard_clients_dir }}/{{ item.FriendlyName }}/pubk"
|
|
register: _client_pubkey_value
|
|
|
|
- name: Read privatekey
|
|
ansible.builtin.slurp:
|
|
src: "{{ wireguard_clients_dir }}/{{ item.FriendlyName }}/pk"
|
|
register: _privkey_value
|
|
|
|
- name: Create client config
|
|
ansible.builtin.template:
|
|
src: "clients.conf.j2"
|
|
dest: "{{ wireguard_clients_dir }}/{{ item.FriendlyName }}/{{ item.FriendlyName }}.conf"
|
|
mode: 0644
|
|
vars:
|
|
server_public_key: "{{ _pubkey_value['content'] | b64decode | trim }}"
|
|
preshared_key: "{{ _pskkey_value['content'] | b64decode | trim }}"
|
|
|
|
- name: Download client configs
|
|
ansible.builtin.fetch:
|
|
src: "{{ wireguard_clients_dir }}/{{ item.FriendlyName }}.conf"
|
|
dest: "{{ wireguard_clients_download_dir }}/{{ inventory_hostname }}/"
|
|
flat: true
|
|
when: wireguard_download_clients | bool
|
|
|
|
- name: Append peer to server config
|
|
ansible.builtin.blockinfile:
|
|
dest: "{{ wireguard_dir }}/{{ wireguard_interface }}.conf"
|
|
block: "{{ lookup('template', 'templates/peer.j2') }}"
|
|
marker: "### {mark} ANSIBLE MANAGED BLOCK FOR {{ item.FriendlyName }} ###"
|
|
|
|
when: existing_client_config.changed == true
|