72 lines
2 KiB
YAML
72 lines
2 KiB
YAML
---
|
|
- name: Include wireguard media defaults
|
|
ansible.builtin.include_vars:
|
|
file: vars/wireguard-media.yml
|
|
|
|
- name: Create Wireguard directories
|
|
become: true
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
owner: root
|
|
group: systemd-network
|
|
mode: "0750"
|
|
state: directory
|
|
recurse: true
|
|
loop:
|
|
- "{{ vpn_config_dir }}"
|
|
- "{{ wireguard_media_defaults.private_key_path | dirname }}"
|
|
- "{{ wireguard_media_defaults.public_key_path | dirname }}"
|
|
notify:
|
|
- restart systemd-networkd
|
|
- restart systemd-resolved
|
|
|
|
- name: Copy Wireguard credentials
|
|
become: true
|
|
ansible.builtin.copy:
|
|
src: "{{ item.src }}"
|
|
dest: "{{ item.dest }}"
|
|
owner: root
|
|
group: systemd-network
|
|
mode: "0640"
|
|
loop:
|
|
- dest: "{{ wireguard_media_defaults.public_key_path }}"
|
|
src: "files/wireguard-media/{{ ansible_hostname }}/fudiggity.pub"
|
|
|
|
- dest: "{{ wireguard_media_defaults.private_key_path }}"
|
|
src: "files/wireguard-media/{{ ansible_hostname }}/fudiggity.key"
|
|
notify:
|
|
- restart systemd-networkd
|
|
- restart systemd-resolved
|
|
|
|
- name: Copy Wireguard preshared keys
|
|
become: true
|
|
ansible.builtin.copy:
|
|
src: "{{ item.preshared_key_source_path }}"
|
|
dest: "{{ item.preshared_key_path }}"
|
|
owner: root
|
|
group: systemd-network
|
|
mode: "0640"
|
|
loop: "{{ wireguard_media_defaults.peers }}"
|
|
notify:
|
|
- restart systemd-networkd
|
|
- restart systemd-resolved
|
|
|
|
- name: Setup network configuration
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: "{{ item.src }}"
|
|
dest: "{{ item.dest }}"
|
|
owner: root
|
|
group: systemd-network
|
|
mode: "0640"
|
|
loop:
|
|
- src: "templates/{{ ansible_hostname }}/network/wg1.network.j2"
|
|
dest: "/etc/systemd/network/40-wg1.network"
|
|
|
|
- src: "templates/{{ ansible_hostname }}/network/wg1.netdev.j2"
|
|
dest: "/etc/systemd/network/40-wg1.netdev"
|
|
notify:
|
|
- restart systemd-networkd
|
|
- restart systemd-resolved
|
|
vars:
|
|
wireguard: "{{ wireguard_media | ansible.builtin.combine(wireguard_media_defaults) }}"
|