aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
authorEgor Tensin <Egor.Tensin@gmail.com>2023-08-04 14:02:00 +0200
committerEgor Tensin <Egor.Tensin@gmail.com>2023-08-04 14:02:00 +0200
commit495f6999e8a85fb59ecc19caacdb87d52e3eb228 (patch)
tree6e1a76dc959029219aa1220cef61a4347b1fd91b
parentimport a couple more roles (diff)
downloadinfra-ansible-495f6999e8a85fb59ecc19caacdb87d52e3eb228.tar.gz
infra-ansible-495f6999e8a85fb59ecc19caacdb87d52e3eb228.zip
add wireguard role
-rw-r--r--roles/wireguard/defaults/main.yml2
-rw-r--r--roles/wireguard/tasks/main.yml23
-rw-r--r--roles/wireguard/templates/wg0.conf15
3 files changed, 40 insertions, 0 deletions
diff --git a/roles/wireguard/defaults/main.yml b/roles/wireguard/defaults/main.yml
new file mode 100644
index 0000000..67964a5
--- /dev/null
+++ b/roles/wireguard/defaults/main.yml
@@ -0,0 +1,2 @@
+wg_name: wg0
+wg_listen_port: 51280
diff --git a/roles/wireguard/tasks/main.yml b/roles/wireguard/tasks/main.yml
new file mode 100644
index 0000000..2512b59
--- /dev/null
+++ b/roles/wireguard/tasks/main.yml
@@ -0,0 +1,23 @@
+- name: Set up Wireguard
+ become: true
+ block:
+ - name: Install wireguard-tools
+ ansible.builtin.apt:
+ install_recommends: false
+ name: wireguard-tools
+ state: present
+
+ - name: Config file
+ ansible.builtin.template:
+ src: wg0.conf
+ dest: '/etc/wireguard/{{ wg_name }}.conf'
+ owner: root
+ group: root
+ mode: '600'
+ register: config
+
+ - name: Restart wg-quick service
+ ansible.builtin.systemd_service:
+ name: 'wg-quick@{{ wg_name }}'
+ state: restarted
+ when: config.changed
diff --git a/roles/wireguard/templates/wg0.conf b/roles/wireguard/templates/wg0.conf
new file mode 100644
index 0000000..9e6f4c6
--- /dev/null
+++ b/roles/wireguard/templates/wg0.conf
@@ -0,0 +1,15 @@
+[Interface]
+PrivateKey = {{ wg_private_key }}
+Address = {{ wg_addr4 }}, {{ wg_addr6 }}
+ListenPort = {{ wg_listen_port }}
+{% if wg_peers is defined %}
+{% for peer in wg_peers %}
+
+[Peer]
+PublicKey = {{ peer.public_key }}
+{% if peer.preshared_key is defined %}
+PresharedKey = {{ peer.preshared_key }}
+{% endif %}
+AllowedIPs = {{ peer.addr4 }}/32, {{ peer.addr6 }}/128
+{% endfor %}
+{% endif %}