Layout refactor

Also included provisioning for htpc host
2025-10-12 15:33:37 +02:00 · 2025-10-12 15:33:37 +02:00 · 970f7489fb
commit 970f7489fb
parent f90702c7b8
103 changed files with 782 additions and 893 deletions
--- a/tasks/wireguard.yml
+++ b/tasks/wireguard.yml
@ -0,0 +1,71 @@
+- name: Include wireguard defaults
+  ansible.builtin.include_vars:
+    file: vars/wireguard.yml
+
+- name: Create Wireguard directories
+  become: true
+  ansible.builtin.file:
+    path: '{{ item }}'
+    owner: root
+    group: systemd-network
+    mode: '0750'
+    state: directory
+    recurse: true
+  loop:
+    - '{{ vpn_config_dir }}'
+    - '{{ wireguard_defaults.private_key_path | dirname }}'
+    - '{{ wireguard_defaults.public_key_path | dirname }}'
+  notify:
+    - restart systemd-networkd
+    - restart systemd-resolved
+
+- name: Copy Wireguard credentials
+  become: true
+  ansible.builtin.copy:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    owner: root
+    group: systemd-network
+    mode: '0640'
+  loop:
+    - dest: '{{ wireguard_defaults.public_key_path }}'
+      src: 'files/wireguard/{ ansible_hostname }}/fudiggity.pub'
+
+    - dest: '{{ wireguard_defaults.private_key_path }}'
+      src: 'files/wireguard/{{ ansible_hostname }}/fudiggity.key'
+  notify:
+    - restart systemd-networkd
+    - restart systemd-resolved
+
+- name: Copy Wireguard preshared keys
+  become: true
+  ansible.builtin.copy:
+    src: '{{ item.preshared_key_source_path }}'
+    dest: '{{ item.preshared_key_path }}'
+    owner: root
+    group: systemd-network
+    mode: '0640'
+  loop: '{{ wireguard_defaults.peers }}'
+  notify:
+    - restart systemd-networkd
+    - restart systemd-resolved
+
+- name: Setup network configuration
+  become: true
+  ansible.builtin.template:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    owner: root
+    group: systemd-network
+    mode: '0640'
+  loop:
+    - src: 'templates/{{ ansible_hostname }}/network/wg0.network.j2'
+      dest: '/etc/systemd/network/40-wg0.network'
+
+    - src: 'templates/{{ ansible_hostname }}/network/wg0.netdev.j2'
+      dest: '/etc/systemd/network/40-wg0.netdev'
+  notify:
+    - restart systemd-networkd
+    - restart systemd-resolved
+  vars:
+    wireguard: "{{ wireguard | ansible.builtin.combine(wireguard_defaults) }}"