diff options
Diffstat (limited to 'ansible/roles/network/tasks')
-rw-r--r-- | ansible/roles/network/tasks/main.yml | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/ansible/roles/network/tasks/main.yml b/ansible/roles/network/tasks/main.yml index 1443e0c..e8e059a 100644 --- a/ansible/roles/network/tasks/main.yml +++ b/ansible/roles/network/tasks/main.yml @@ -9,3 +9,49 @@ name: net.ipv4.ip_forward value: "1" sysctl_set: yes + +# Wireguard configuration +- name: "Enable backports repository" + apt_repository: + repo: deb http://deb.debian.org/debian buster-backports main + state: present + +- name: "Install wireguard" + apt: + name: + - wireguard + - wireguard-tools + - "linux-headers-{{ ansible_kernel }}" + state: present + +- name: "Create wireguard configuration direcetory" + file: path=/etc/wireguard/ state=directory + +- name: "Check if wireguard private key exists" + stat: path=/etc/wireguard/privkey + register: wireguard_privkey + +- name: "Create wireguard private key" + shell: wg genkey > /etc/wireguard/privkey + when: wireguard_privkey.stat.exists == false + notify: + - reload wireguard + +- name: "Secure wireguard private key" + file: path=/etc/wireguard/privkey mode=0600 + +- name: "Retrieve wireguard private key" + shell: cat /etc/wireguard/privkey + register: wireguard_privkey + +- name: "Retrieve wireguard public key" + shell: wg pubkey < /etc/wireguard/privkey + register: wireguard_pubkey + +- name: "Deploy wireguard configuration" + template: src=wireguard.conf.j2 dest=/etc/wireguard/wgdeuxfleurs.conf mode=0600 + notify: + - reload wireguard + +- name: "Enable Wireguard systemd service at boot" + service: name=wg-quick@wgdeuxfleurs state=started enabled=yes daemon_reload=yes |