aboutsummaryrefslogtreecommitdiff
path: root/ansible/roles/network/tasks
diff options
context:
space:
mode:
Diffstat (limited to 'ansible/roles/network/tasks')
-rw-r--r--ansible/roles/network/tasks/main.yml46
1 files changed, 46 insertions, 0 deletions
diff --git a/ansible/roles/network/tasks/main.yml b/ansible/roles/network/tasks/main.yml
index 1443e0c..e8e059a 100644
--- a/ansible/roles/network/tasks/main.yml
+++ b/ansible/roles/network/tasks/main.yml
@@ -9,3 +9,49 @@
name: net.ipv4.ip_forward
value: "1"
sysctl_set: yes
+
+# Wireguard configuration
+- name: "Enable backports repository"
+ apt_repository:
+ repo: deb http://deb.debian.org/debian buster-backports main
+ state: present
+
+- name: "Install wireguard"
+ apt:
+ name:
+ - wireguard
+ - wireguard-tools
+ - "linux-headers-{{ ansible_kernel }}"
+ state: present
+
+- name: "Create wireguard configuration direcetory"
+ file: path=/etc/wireguard/ state=directory
+
+- name: "Check if wireguard private key exists"
+ stat: path=/etc/wireguard/privkey
+ register: wireguard_privkey
+
+- name: "Create wireguard private key"
+ shell: wg genkey > /etc/wireguard/privkey
+ when: wireguard_privkey.stat.exists == false
+ notify:
+ - reload wireguard
+
+- name: "Secure wireguard private key"
+ file: path=/etc/wireguard/privkey mode=0600
+
+- name: "Retrieve wireguard private key"
+ shell: cat /etc/wireguard/privkey
+ register: wireguard_privkey
+
+- name: "Retrieve wireguard public key"
+ shell: wg pubkey < /etc/wireguard/privkey
+ register: wireguard_pubkey
+
+- name: "Deploy wireguard configuration"
+ template: src=wireguard.conf.j2 dest=/etc/wireguard/wgdeuxfleurs.conf mode=0600
+ notify:
+ - reload wireguard
+
+- name: "Enable Wireguard systemd service at boot"
+ service: name=wg-quick@wgdeuxfleurs state=started enabled=yes daemon_reload=yes