53 lines
1.2 KiB
YAML
53 lines
1.2 KiB
YAML
|
- name: Install wireguard
|
||
|
|
apt:
|
||
|
|
name:
|
||
|
|
- wireguard
|
||
|
|
- wireguard-tools
|
||
|
|
|
||
|
|
- name: Create wireguard configuration directory
|
||
|
|
file:
|
||
|
|
path: /etc/wireguard
|
||
|
|
state: directory
|
||
|
|
mode: '700'
|
||
|
|
|
||
|
|
|
||
|
|
- name: Check if public key exists
|
||
|
|
stat:
|
||
|
|
path: /etc/wireguard/public.key
|
||
|
|
register: public_key_stats
|
||
|
|
|
||
|
|
- name: Generate private key
|
||
|
|
shell: wg genkey >/etc/wireguard/private.key
|
||
|
|
args:
|
||
|
|
creates: /etc/wireguard/private.key
|
||
|
|
register: private_key_gen
|
||
|
|
|
||
|
|
- name: Fetch private key
|
||
|
|
command: cat /etc/wireguard/private.key
|
||
|
|
register: private_key
|
||
|
|
|
||
|
|
- name: Generate public key
|
||
|
|
shell: cat /etc/wireguard/private.key | wg pubkey >/etc/wireguard/public.key
|
||
|
|
when: not public_key_stats.stat.exists or private_key_gen.changed
|
||
|
|
|
||
|
|
- name: Fetch public key
|
||
|
|
command: cat /etc/wireguard/public.key
|
||
|
|
register: public_key
|
||
|
|
|
||
|
|
- name: Print public key
|
||
|
|
debug:
|
||
|
|
msg: '{{public_key.stdout}}'
|
||
|
|
|
||
|
|
- name: Install wireguard configuration
|
||
|
|
template:
|
||
|
|
src: wg0.conf
|
||
|
|
dest: /etc/wireguard/wg0.conf
|
||
|
|
notify: Restart wg0
|
||
|
|
|
||
|
|
- name: Enable ipv4 packet forwarding
|
||
|
|
lineinfile:
|
||
|
|
path: /etc/sysctl.conf
|
||
|
|
regexp: '^#?net.ipv4.ip_forward='
|
||
|
|
line: net.ipv4.ip_forward=1
|
||
|
|
notify: Reboot
|