-
Notifications
You must be signed in to change notification settings - Fork 1
/
setupWireGuard.yaml
60 lines (51 loc) · 1.51 KB
/
setupWireGuard.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
---
- name: setup WireGuard for dn42
hosts: routers
become: root
tasks:
# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/apt_module.html
# - name: install WireGuard package
# apt:
# name: wireguard
# state: present
# update_cache: yes
- name: Find out what the remote machine's WireGuard privkey is
ansible.builtin.slurp:
src: /etc/wireguard/privatekey
register: server_privkey
- name: Find out what the remote machine's WireGuard pubkey is
ansible.builtin.slurp:
src: /etc/wireguard/publickey
register: server_pubkey
# https://docs.ansible.com/ansible/latest/collections/ansible/posix/sysctl_module.html
- name: enable and persist ip forwarding
sysctl:
name: net.ipv4.ip_forward
value: "1"
state: present
sysctl_set: yes
reload: yes
- include_vars:
file: "{{file}}"
name: wg_peers
- name: Create config files for WireGuard
template:
dest: /etc/wireguard/{{ item.name }}.conf
src: dn42.conf.j2
owner: root
group: root
mode: '0600'
loop: "{{ wg_peers.wg_peers }}"
register: wg_tunnel_tmpl
- name: Start and enable dn42 peers
systemd:
name: wg-quick@{{ item.name }}
enabled: yes
state: started
loop: "{{ wg_peers.wg_peers }}"
- name: "Restart changed WireGuard interfaces"
systemd:
name: wg-quick@{{ item.item.name }}
state: restarted
loop: "{{ (wg_tunnel_tmpl.results)
| selectattr('changed', 'true')}}"