Use systemd file option wherever applicable

2025-03-02 16:05:07 +01:00 · 2025-03-02 16:05:07 +01:00 · b2c395b3b7
commit b2c395b3b7
parent a44c76344b
9 changed files with 94 additions and 146 deletions
--- a/tasks/network.yml
+++ b/tasks/network.yml
@ -3,21 +3,26 @@
 # using `wg set wg0 peer izHzmRwh2yzICps6pFI2Bg3TnmTD66/8uH4loJpkuD4= endpoint <NEW-IP>:<PORT>`
 # for example.

- name: Create wireguard directories
+- name: Create Wireguard directories
  become: true
  ansible.builtin.file:
-    path: '{{ item | dirname }}'
+    path: '{{ item }}'
    owner: root
    group: systemd-network
-    mode: '0644'
+    mode: '0750'
    state: directory
+    recurse: true
  loop:
-    - '{{ vpn_default.private_key_path }}'
-    - '{{ vpn_default.public_key_path }}'
-    - '{{ vpn_media.private_key_path }}'
-    - '{{ vpn_media.public_key_path }}'
+    - '{{ vpn_config_dir }}'
+    - '{{ vpn_default.private_key_path | dirname }}'
+    - '{{ vpn_default.public_key_path | dirname }}'
+    - '{{ vpn_media.private_key_path | dirname }}'
+    - '{{ vpn_media.public_key_path | dirname }}'
+  notify:
+    - restart systemd-networkd
+    - restart systemd-resolved

- name: Copy wireguard credentials
+- name: Copy Wireguard credentials
  become: true
  ansible.builtin.copy:
    src: '{{ item.src }}'
@ -37,8 +42,11 @@

    - dest: '{{ vpn_media.private_key_path }}'
      src: 'files/{{ platform }}/wireguard/media/{{ platform }}.key'
+  notify:
+    - restart systemd-networkd
+    - restart systemd-resolved

- name: Copy wireguard preshared keys
+- name: Copy Wireguard preshared keys
  become: true
  ansible.builtin.copy:
    src: '{{ item.preshared_key_source_path }}'
@ -47,6 +55,9 @@
    group: systemd-network
    mode: '0640'
  loop: '{{ vpn_default.peers + vpn_media.peers }}'
+  notify:
+    - restart systemd-networkd
+    - restart systemd-resolved

 - name: Desktop configuration
  notify:
--- a/tasks/platform.yml
+++ b/tasks/platform.yml
@ -1,22 +1,22 @@
- name: detect platform
-  command: laptop-detect
+- name: Detect platform
+  ansible.builtin.command: laptop-detect
  register: is_laptop
  failed_when: is_laptop.rc == 2

- name: set platform (desktop)
-  set_fact:
+- name: Set platform (desktop)
+  ansible.builtin.set_fact:
    platform: 'desktop'
  when: is_laptop.rc == 1

- name: set platform (laptop)
-  set_fact:
+- name: Set platform (laptop)
+  ansible.builtin.set_fact:
    platform: 'laptop'
  when: is_laptop.rc == 0

- name: load desktop specific vars
-  include_vars: 'vars/desktop.yml'
+- name: Load desktop specific vars
+  ansible.builtin.include_vars: 'vars/desktop.yml'
  when: platform == "desktop"

- name: load laptop specific vars
-  include_vars: 'vars/laptop.yml'
+- name: Load laptop specific vars
+  ansible.builtin.include_vars: 'vars/laptop.yml'
  when: platform == "laptop"