diff --git a/tasks/wireguard.yml b/tasks/wireguard.yml index 91fcc16..a187b69 100644 --- a/tasks/wireguard.yml +++ b/tasks/wireguard.yml @@ -16,14 +16,16 @@ - name: Create Wireguard directories become: true ansible.builtin.file: - path: '{{ item | dirname }}' + path: '{{ item }}' owner: root group: systemd-network mode: '0640' state: directory recurse: true loop: - - '{{ vpn_key_directory }}' + - '{{ vpn_config_dir }}' + - '{{ vpn_media_server_public_key_path | dirname }}' + - '{{ vpn_media_server_key_path | dirname }}' - name: Copy Wireguard server credentials become: true @@ -50,9 +52,9 @@ mode: '0640' loop: - src: 'files/wireguard/default/mobile.pub' - dest: '{{ vpn_key_directory }}/public/mobile.pub' + dest: '{{ vpn_config_dir }}/keys/public/mobile.pub' - src: 'files/wireguard/default/mobile.key' - dest: '{{ vpn_key_directory }}/private/mobile.key' + dest: '{{ vpn_config_dir }}/keys/private/mobile.key' notify: restart systemd-networkd - name: Copy Wireguard preshared keys diff --git a/tasks/wireguard_media.yml b/tasks/wireguard_media.yml index 8ad3968..24039ae 100644 --- a/tasks/wireguard_media.yml +++ b/tasks/wireguard_media.yml @@ -23,7 +23,9 @@ state: directory recurse: true loop: - - '{{ vpn_media_key_directory }}' + - '{{ vpn_config_dir }}' + - '{{ vpn_server_public_key_path | dirname }}' + - '{{ vpn_server_private_key_path | dirname }}' - name: Copy Wireguard server media credentials become: true @@ -49,17 +51,17 @@ mode: '0640' loop: - src: 'files/wireguard/media/mobile-1.pub' - dest: '{{ vpn_media_key_directory }}/public/mobile_1.pub' + dest: '{{ vpn_config_dir }}/keys/public/mobile_1.pub' - src: 'files/wireguard/media/mobile-1.key' - dest: '{{ vpn_media_key_directory }}/private/mobile_1.key' + dest: '{{ vpn_config_dir }}/keys/private/mobile_1.key' - src: 'files/wireguard/media/mobile-2.pub' - dest: '{{ vpn_media_key_directory }}/public/mobile_2.pub' + dest: '{{ vpn_config_dir }}/keys/public/mobile_2.pub' - src: 'files/wireguard/media/mobile-2.key' - dest: '{{ vpn_media_key_directory }}/private/mobile_2.key' + dest: '{{ vpn_config_dir }}/keys/private/mobile_2.key' - src: 'files/wireguard/media/tv.pub' - dest: '{{ vpn_media_key_directory }}/public/tv.pub' + dest: '{{ vpn_config_dir }}/keys/public/tv.pub' - src: 'files/wireguard/media/tv.key' - dest: '{{ vpn_media_key_directory }}/private/tv.key' + dest: '{{ vpn_config_dir }}/keys/private/tv.key' - name: Copy wireguard media preshared keys become: true diff --git a/templates/network/wireguard/media/tv.wireguard.j2 b/templates/network/wireguard/media/tv.wireguard.j2 index 0b08b87..3506780 100644 --- a/templates/network/wireguard/media/tv.wireguard.j2 +++ b/templates/network/wireguard/media/tv.wireguard.j2 @@ -6,6 +6,6 @@ PrivateKey={{ lookup('file', vpn_media_peers.tv.private_key_source_path) }} [Peer] PublicKey={{ lookup('file', vpn_media_server_public_key_source_path) }} -PresharedKey={{ lookup("file", vpn_media_peers.tv.preshared_key_source_path) }} +PresharedKey={{ lookup('file', vpn_media_peers.tv.preshared_key_source_path) }} AllowedIPs={{ vpn_media_listen_address }}/32 Endpoint={{ domain_name }}:{{ vpn_media_port }} diff --git a/vars/main.yml b/vars/main.yml index 4426b8e..455a55f 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -11,3 +11,5 @@ packages: - radeontop - certbot - unattended-upgrades + +vpn_config_dir: '/etc/wireguard/keys' diff --git a/vars/vpn.yml b/vars/vpn.yml index 0e863ee..2ac4ae4 100644 --- a/vars/vpn.yml +++ b/vars/vpn.yml @@ -6,10 +6,9 @@ vpn_interface: 'wg0' vpn_source_range: '10.0.0.0/24' vpn_destination_range: '10.0.0.1/32' -vpn_key_directory: '/etc/wireguard/keys' -vpn_server_public_key_path: '{{ vpn_key_directory }}/public/server.pub' +vpn_server_public_key_path: '{{ vpn_config_dir }}/keys/public/server.pub' vpn_server_public_key_source_path: 'files/wireguard/default/server.pub' -vpn_server_key_path: '{{ vpn_key_directory }}/private/server.key' +vpn_server_key_path: '{{ vpn_config_dir }}/keys/private/server.key' copy_vpn_configurations: false @@ -17,16 +16,16 @@ vpn_peers: laptop: ip: '10.0.0.2' public_key: 'EbWLf2+7x/RymeeiVuX72nZOBqPvdhu2V9pYhszpQEw=' - preshared_key_path: '{{ vpn_key_directory }}/private/preshared-laptop.psk' + preshared_key_path: '{{ vpn_config_dir }}/keys/private/preshared-laptop.psk' preshared_key_source_path: 'files/wireguard/default/preshared-laptop.psk' desktop: ip: '10.0.0.3' public_key: 'izHzmRwh2yzICps6pFI2Bg3TnmTD66/8uH4loJpkuD4=' - preshared_key_path: '{{ vpn_key_directory }}/private/preshared-desktop.psk' + preshared_key_path: '{{ vpn_config_dir }}/keys/private/preshared-desktop.psk' preshared_key_source_path: 'files/wireguard/default/preshared-desktop.psk' mobile: ip: '10.0.0.4' public_key: '4aBHRiglCOE7qEDLqeFgQ5PMMsKczpPoL4bx4jyAEDY=' - preshared_key_path: '{{ vpn_key_directory }}/private/preshared-mobile.psk' + preshared_key_path: '{{ vpn_config_dir }}/keys/private/preshared-mobile.psk' preshared_key_source_path: 'files/wireguard/default/preshared-mobile.psk' private_key_source_path: 'files/wireguard/default/mobile.key' diff --git a/vars/vpn_media.yml b/vars/vpn_media.yml index 534874f..6631508 100644 --- a/vars/vpn_media.yml +++ b/vars/vpn_media.yml @@ -6,11 +6,9 @@ vpn_media_interface: 'wg1' vpn_media_source_range: '10.0.1.0/24' vpn_media_destination_range: '10.0.1.1/32' -vpn_media_key_directory: '/etc/wireguard/keys' - -vpn_media_server_public_key_path: '{{ vpn_media_key_directory }}/public/media_server.pub' +vpn_media_server_public_key_path: '{{ vpn_config_dir }}/keys/public/media_server.pub' vpn_media_server_public_key_source_path: 'files/wireguard/media/server.pub' -vpn_media_server_key_path: '{{ vpn_media_key_directory }}/private/media_server.key' +vpn_media_server_key_path: '{{ vpn_config_dir }}/keys/private/media_server.key' copy_vpn_media_configurations: false @@ -18,28 +16,28 @@ vpn_media_peers: laptop: ip: '10.0.1.2' public_key: 'hI4rqlv2afs4RJkt5xR+dYxQODSd6lR0OqWJRlnQdjM=' - preshared_key_path: '{{ vpn_media_key_directory }}/private/preshared-media-laptop.psk' + preshared_key_path: '{{ vpn_config_dir }}/keys/private/preshared-media-laptop.psk' preshared_key_source_path: 'files/wireguard/media/preshared-laptop.psk' desktop: ip: '10.0.1.3' public_key: 'YDH5lZcxUHM4AU2ZxQrFqjDIV2Z7PSUQKMcYXLExV0E=' - preshared_key_path: '{{ vpn_media_key_directory }}/private/preshared-media-desktop.psk' + preshared_key_path: '{{ vpn_config_dir }}/keys/private/preshared-media-desktop.psk' preshared_key_source_path: 'files/wireguard/media/preshared-desktop.psk' mobile_peer_1: ip: '10.0.1.4' public_key: '6fj8FXvzT0IUlZLJjQ/+FhwwRDsJeQsUFHqKQcyXdwQ=' - preshared_key_path: '{{ vpn_media_key_directory }}/private/preshared-media-mobile-1.psk' + preshared_key_path: '{{ vpn_config_dir }}/keys/private/preshared-media-mobile-1.psk' preshared_key_source_path: 'files/wireguard/media/preshared-mobile-1.psk' private_key_source_path: 'files/wireguard/media/mobile-1.key' mobile_peer_2: ip: '10.0.1.5' public_key: 'w/pswNrAYFdEUoaLk3zSqOu4gg2s41BBCN02E//ai1c=' - preshared_key_path: '{{ vpn_media_key_directory }}/private/preshared-media-mobile-2.psk' + preshared_key_path: '{{ vpn_config_dir }}/keys/private/preshared-media-mobile-2.psk' preshared_key_source_path: 'files/wireguard/media/preshared-mobile-2.psk' private_key_source_path: 'files/wireguard/media/mobile-2.key' tv: ip: '10.0.1.6' public_key: '5+yz9C9PhaLhsvAZ1e3mDsTQpMZVrPZnSQa6ERJIKU0=' - preshared_key_path: '{{ vpn_media_key_directory }}/private/preshared-media-tv.psk' + preshared_key_path: '{{ vpn_config_dir }}/keys/private/preshared-media-tv.psk' preshared_key_source_path: 'files/wireguard/media/preshared-tv.psk' private_key_source_path: 'files/wireguard/media/tv.key'