From a4f9aa2d9830e9fdc3504a6d2842359ee4ab38f0 Mon Sep 17 00:00:00 2001
From: Alex Auvolat <alex@adnab.me>
Date: Thu, 21 May 2020 15:27:09 +0200
Subject: Set up wireguard in dev cluster

---
 ansible/roles/network/tasks/main.yml | 46 ++++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)

(limited to 'ansible/roles/network/tasks/main.yml')

diff --git a/ansible/roles/network/tasks/main.yml b/ansible/roles/network/tasks/main.yml
index 1443e0c..e8e059a 100644
--- a/ansible/roles/network/tasks/main.yml
+++ b/ansible/roles/network/tasks/main.yml
@@ -9,3 +9,49 @@
     name: net.ipv4.ip_forward
     value: "1"
     sysctl_set: yes
+
+# Wireguard configuration
+- name: "Enable backports repository"
+  apt_repository:
+    repo: deb http://deb.debian.org/debian buster-backports main
+    state: present
+
+- name: "Install wireguard"
+  apt:
+    name:
+      - wireguard
+      - wireguard-tools
+      - "linux-headers-{{ ansible_kernel }}"
+    state: present
+
+- name: "Create wireguard configuration direcetory"
+  file: path=/etc/wireguard/ state=directory
+
+- name: "Check if wireguard private key exists"
+  stat: path=/etc/wireguard/privkey
+  register: wireguard_privkey
+
+- name: "Create wireguard private key"
+  shell: wg genkey > /etc/wireguard/privkey
+  when: wireguard_privkey.stat.exists == false
+  notify:
+    - reload wireguard
+
+- name: "Secure wireguard private key"
+  file: path=/etc/wireguard/privkey mode=0600
+
+- name: "Retrieve wireguard private key"
+  shell: cat /etc/wireguard/privkey
+  register: wireguard_privkey
+
+- name: "Retrieve wireguard public key"
+  shell: wg pubkey < /etc/wireguard/privkey
+  register: wireguard_pubkey
+
+- name: "Deploy wireguard configuration"
+  template: src=wireguard.conf.j2 dest=/etc/wireguard/wgdeuxfleurs.conf mode=0600
+  notify:
+    - reload wireguard
+
+- name: "Enable Wireguard systemd service at boot"
+  service: name=wg-quick@wgdeuxfleurs state=started enabled=yes daemon_reload=yes
-- 
cgit v1.2.3