From 03a7972f55f97c2872ea499bca1a41cd31795f52 Mon Sep 17 00:00:00 2001
From: Jocelyn Jaubert <jocelyn.jaubert@gmail.com>
Date: Sat, 24 Aug 2024 20:26:25 +0200
Subject: [PATCH] wireguard: Correctif divers
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- ajout génération clés wireguard
- activation NAT sur serveur
- activation service systemd wireguard sur serveur aussi
---
 roles/wireguard/tasks/main.yml | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/roles/wireguard/tasks/main.yml b/roles/wireguard/tasks/main.yml
index 73b7bba8..f6b62a9e 100644
--- a/roles/wireguard/tasks/main.yml
+++ b/roles/wireguard/tasks/main.yml
@@ -3,6 +3,28 @@
     pkg:
       - wireguard
 
+- name: Generate the client keys
+  local_action:
+    module: shell
+    _raw_params: "wg genkey | tee credentials/wireguard/{{ inventory_hostname }}.private.key | wg pubkey > credentials/wireguard/{{ inventory_hostname }}.public.key"
+    creates: "credentials/wireguard/{{ inventory_hostname }}.private.key"
+  become: no
+
+- name: Get client IP
+  local_action:
+    module: copy
+    content: "{{ wireguard_address }}\n"
+    dest: "credentials/wireguard/{{ inventory_hostname }}.address"
+  become: no
+
+- name: Enable NAT on server
+  sysctl:
+    name: net.ipv4.ip_forward
+    value: '1'
+    sysctl_set: true
+    state: present
+  when: wireguard_config is defined and wireguard_config == "server"
+
 - name: configure wireguard
   template:
     dest="/etc/wireguard/wg0.conf"
@@ -35,4 +57,3 @@
     enabled: true
     masked: false
     state: started
-  when: wireguard_config is not defined or wireguard_config == "client"