Add wireguard configuration

2021-12-28 11:27:12 +01:00 · 2021-12-28 11:27:12 +01:00 · a043bae576
commit a043bae576
parent ce46689f57
16 changed files with 155 additions and 13 deletions
--- a/tasks/network.yml
+++ b/tasks/network.yml
@ -0,0 +1,68 @@
+- name: copy network configuration files
+  become: true
+  template:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    mode: '0640'
+  loop:
+    - {
+        src: 'templates/network/br0.netdev.j2',
+        dest: '/etc/systemd/network/br0.netdev',
+      }
+    - {
+        src: 'templates/network/br0.network.j2',
+        dest: '/etc/systemd/network/br0.network',
+      }
+    - {
+        src: 'templates/network/enp5s0.network.j2',
+        dest: '/etc/systemd/network/enp5s0.network',
+      }
+    - {
+        src: 'templates/network/wg0.netdev.j2',
+        dest: '/etc/systemd/network/wg0.netdev',
+      }
+    - {
+        src: 'templates/network/wg0.network.j2',
+        dest: '/etc/systemd/network/wg0.network',
+      }
+
+- name: create wireguard directories
+  become: true
+  file:
+    path: '{{ item | dirname }}'
+    owner: root
+    group: systemd-network
+    mode: '0640'
+    state: directory
+  loop:
+    - '{{ vpn_server_key_path }}'
+    - '{{ vpn_server_public_key_path }}'
+
+- name: copy wireguard credentials
+  become: true
+  copy:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    owner: root
+    group: systemd-network
+    mode: '0640'
+  loop:
+    - {
+        src: 'files/wireguard/server.pub',
+        dest: '{{ vpn_server_public_key_path }}',
+      }
+    - {
+        src: 'files/wireguard/server.key',
+        dest: '{{ vpn_server_key_path }}',
+      }
+    - {
+        src: 'files/wireguard/preshared.key',
+        dest: '{{ vpn_preshared_path }}',
+      }
+
+- name: restart systemd-networkd
+  become: true
+  systemd:
+    name: systemd-networkd
+    state: restarted
+    enabled: true