diff options
author | Alex Auvolat <alex@adnab.me> | 2020-05-21 15:27:09 +0200 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2020-07-15 16:03:33 +0200 |
commit | a4f9aa2d9830e9fdc3504a6d2842359ee4ab38f0 (patch) | |
tree | 3be24e19f8b7a88f36d49870b13f220a178b8f9f /ansible/roles/network/tasks | |
parent | 1a16fc7f9e54760cc09f676f0176b71654e32117 (diff) | |
download | infrastructure-a4f9aa2d9830e9fdc3504a6d2842359ee4ab38f0.tar.gz infrastructure-a4f9aa2d9830e9fdc3504a6d2842359ee4ab38f0.zip |
Set up wireguard in dev cluster
Diffstat (limited to 'ansible/roles/network/tasks')
-rw-r--r-- | ansible/roles/network/tasks/main.yml | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/ansible/roles/network/tasks/main.yml b/ansible/roles/network/tasks/main.yml index 1443e0c..e8e059a 100644 --- a/ansible/roles/network/tasks/main.yml +++ b/ansible/roles/network/tasks/main.yml @@ -9,3 +9,49 @@ name: net.ipv4.ip_forward value: "1" sysctl_set: yes + +# Wireguard configuration +- name: "Enable backports repository" + apt_repository: + repo: deb http://deb.debian.org/debian buster-backports main + state: present + +- name: "Install wireguard" + apt: + name: + - wireguard + - wireguard-tools + - "linux-headers-{{ ansible_kernel }}" + state: present + +- name: "Create wireguard configuration direcetory" + file: path=/etc/wireguard/ state=directory + +- name: "Check if wireguard private key exists" + stat: path=/etc/wireguard/privkey + register: wireguard_privkey + +- name: "Create wireguard private key" + shell: wg genkey > /etc/wireguard/privkey + when: wireguard_privkey.stat.exists == false + notify: + - reload wireguard + +- name: "Secure wireguard private key" + file: path=/etc/wireguard/privkey mode=0600 + +- name: "Retrieve wireguard private key" + shell: cat /etc/wireguard/privkey + register: wireguard_privkey + +- name: "Retrieve wireguard public key" + shell: wg pubkey < /etc/wireguard/privkey + register: wireguard_pubkey + +- name: "Deploy wireguard configuration" + template: src=wireguard.conf.j2 dest=/etc/wireguard/wgdeuxfleurs.conf mode=0600 + notify: + - reload wireguard + +- name: "Enable Wireguard systemd service at boot" + service: name=wg-quick@wgdeuxfleurs state=started enabled=yes daemon_reload=yes |