diff options
Diffstat (limited to 'roles/wireguard/tasks/main.yml')
| -rw-r--r-- | roles/wireguard/tasks/main.yml | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/roles/wireguard/tasks/main.yml b/roles/wireguard/tasks/main.yml new file mode 100644 index 0000000..8351797 --- /dev/null +++ b/roles/wireguard/tasks/main.yml @@ -0,0 +1,57 @@ +--- + +- name: Install WireGuard + package: + name: "{{ item }}" + state: present + with_items: + - wireguard-lts + - wireguard-tools + +- name: Ensure /etc/wireguard exists + file: + path: "/etc/wireguard" + state: directory + owner: root + group: root + mode: 0700 + +- name: Generate private key(s) + shell: 'wg genkey' + register: wireguard_keys + when: item.privateKey is not defined + no_log: true + with_items: "{{ wireguard }}" + +- name: Set private key(s) + set_fact: + wireguard: "{{ [wireguard|combine( + item|combine({'privateKey': wireguard_keys.results[index].stdout}) + )] }}" + when: item.privateKey is not defined + no_log: true + loop: "{{ wireguard }}" + loop_control: + index_var: index + +- name: Install configuration files + template: + src: wg.conf.j2 + dest: "/etc/wireguard/{{ item.name }}.conf" + owner: root + group: root + mode: 0600 + with_items: "{{ wireguard }}" + register: wireguard_changed + no_log: true + notify: + - restart wireguard + +- name: Start and enable wireguard service + systemd: + name: "wg-quick@{{ item.name }}.service" + daemon-reload: yes + state: started + enabled: True + no_log: true + with_items: "{{ wireguard }}" |