diff --git a/ansible.cfg b/ansible.cfg index 4c41b64..d3d000d 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,5 +1,6 @@ [defaults] roles_path = ./roles +ask_vault_pass = True [privilege_escalation] become_ask_pass = True diff --git a/playbook.yml b/playbook.yml index 9e0b8ee..bf4b85d 100644 --- a/playbook.yml +++ b/playbook.yml @@ -1,24 +1,56 @@ -- hosts: localhost +- name: Provision debian server + hosts: localhost pre_tasks: - - name: install shared packages + - name: Install shared packages become: true - apt: + ansible.builtin.apt: name: '{{ packages }}' roles: - common tasks: - - import_tasks: 'tasks/setup.yml' - - import_tasks: 'tasks/network.yml' - - import_tasks: 'tasks/wireguard.yml' - - import_tasks: 'tasks/wireguard_media.yml' - - import_tasks: 'tasks/docker.yml' - - import_tasks: 'tasks/radicale.yml' - - import_tasks: 'tasks/syncthing.yml' - - import_tasks: 'tasks/transmission.yml' - - import_tasks: 'tasks/mpd.yml' - - import_tasks: 'tasks/nginx.yml' + - name: Generic provisioning + ansible.builtin.import_tasks: 'tasks/setup.yml' + tags: setup + + - name: Network provisioning + ansible.builtin.import_tasks: 'tasks/network.yml' + tags: network + + - name: Wireguard provisioning + ansible.builtin.import_tasks: 'tasks/wireguard.yml' + tags: wireguard + + - name: Wireguard media provisioning + ansible.builtin.import_tasks: 'tasks/wireguard_media.yml' + tags: wireguard-media + + - name: Docker provisioning + ansible.builtin.import_tasks: 'tasks/docker.yml' + tags: docker + + - name: Radicale provisioning + ansible.builtin.import_tasks: 'tasks/radicale.yml' + tags: radicale + + - name: Syncthing provisioning + ansible.builtin.import_tasks: 'tasks/syncthing.yml' + tags: syncthing + + - name: Transmission provisioning + ansible.builtin.import_tasks: 'tasks/transmission.yml' + tags: transmission + + - name: MPD provisioning + ansible.builtin.import_tasks: 'tasks/mpd.yml' + tags: mpd + + - name: NGINX provisioning + ansible.builtin.import_tasks: 'tasks/nginx.yml' + tags: nginx + handlers: - - import_tasks: 'handlers.yml' + - name: Import handlers + ansible.builtin.import_tasks: 'handlers.yml' vars_files: - 'vars/main.yml' - 'vars/nginx.yml' diff --git a/session b/session deleted file mode 100644 index e3104ef..0000000 --- a/session +++ /dev/null @@ -1,130 +0,0 @@ -let SessionLoad = 1 -let s:so_save = &g:so | let s:siso_save = &g:siso | setg so=0 siso=0 | setl so=-1 siso=-1 -let v:this_session=expand(":p") -silent only -silent tabonly -cd ~/development/ansible/debian-setup -if expand('%') == '' && !&modified && line('$') <= 1 && getline(1) == '' - let s:wipebuf = bufnr('%') -endif -let s:shortmess_save = &shortmess -if &shortmess =~ 'A' - set shortmess=aoOA -else - set shortmess=aoO -endif -badd +15 playbook.yml -badd +35 ~/development/ansible/debian-setup/tasks/setup.yml -badd +0 templates/apt.j2 -badd +13 vars/main.yml -argglobal -%argdel -$argadd playbook.yml -edit ~/development/ansible/debian-setup/tasks/setup.yml -let s:save_splitbelow = &splitbelow -let s:save_splitright = &splitright -set splitbelow splitright -wincmd _ | wincmd | -vsplit -1wincmd h -wincmd w -wincmd _ | wincmd | -split -1wincmd k -wincmd w -let &splitbelow = s:save_splitbelow -let &splitright = s:save_splitright -wincmd t -let s:save_winminheight = &winminheight -let s:save_winminwidth = &winminwidth -set winminheight=0 -set winheight=1 -set winminwidth=0 -set winwidth=1 -exe 'vert 1resize ' . ((&columns * 30 + 82) / 164) -exe '2resize ' . ((&lines * 42 + 43) / 87) -exe 'vert 2resize ' . ((&columns * 133 + 82) / 164) -exe '3resize ' . ((&lines * 42 + 43) / 87) -exe 'vert 3resize ' . ((&columns * 133 + 82) / 164) -argglobal -enew -file NvimTree_1 -balt playbook.yml -setlocal fdm=manual -setlocal fde=v:lua.vim.treesitter.foldexpr() -setlocal fmr={{{,}}} -setlocal fdi=# -setlocal fdl=99 -setlocal fml=1 -setlocal fdn=20 -setlocal nofen -wincmd w -argglobal -balt vars/main.yml -setlocal fdm=expr -setlocal fde=v:lua.vim.treesitter.foldexpr() -setlocal fmr={{{,}}} -setlocal fdi=# -setlocal fdl=99 -setlocal fml=1 -setlocal fdn=20 -setlocal fen -1 -normal! zo -11 -normal! zo -21 -normal! zo -let s:l = 32 - ((31 * winheight(0) + 21) / 42) -if s:l < 1 | let s:l = 1 | endif -keepjumps exe s:l -normal! zt -keepjumps 32 -normal! 0 -wincmd w -argglobal -if bufexists(fnamemodify("templates/apt.j2", ":p")) | buffer templates/apt.j2 | else | edit templates/apt.j2 | endif -if &buftype ==# 'terminal' - silent file templates/apt.j2 -endif -balt playbook.yml -setlocal fdm=expr -setlocal fde=v:lua.vim.treesitter.foldexpr() -setlocal fmr={{{,}}} -setlocal fdi=# -setlocal fdl=99 -setlocal fml=1 -setlocal fdn=20 -setlocal fen -let s:l = 50 - ((41 * winheight(0) + 21) / 42) -if s:l < 1 | let s:l = 1 | endif -keepjumps exe s:l -normal! zt -keepjumps 50 -normal! 0 -wincmd w -2wincmd w -exe 'vert 1resize ' . ((&columns * 30 + 82) / 164) -exe '2resize ' . ((&lines * 42 + 43) / 87) -exe 'vert 2resize ' . ((&columns * 133 + 82) / 164) -exe '3resize ' . ((&lines * 42 + 43) / 87) -exe 'vert 3resize ' . ((&columns * 133 + 82) / 164) -tabnext 1 -if exists('s:wipebuf') && len(win_findbuf(s:wipebuf)) == 0 && getbufvar(s:wipebuf, '&buftype') isnot# 'terminal' - silent exe 'bwipe ' . s:wipebuf -endif -unlet! s:wipebuf -set winheight=1 winwidth=20 -let &shortmess = s:shortmess_save -let &winminheight = s:save_winminheight -let &winminwidth = s:save_winminwidth -let s:sx = expand(":p:r")."x.vim" -if filereadable(s:sx) - exe "source " . fnameescape(s:sx) -endif -let &g:so = s:so_save | let &g:siso = s:siso_save -set hlsearch -nohlsearch -doautoall SessionLoadPost -unlet SessionLoad -" vim: set ft=vim : diff --git a/tasks/wireguard.yml b/tasks/wireguard.yml index 1ae862b..91fcc16 100644 --- a/tasks/wireguard.yml +++ b/tasks/wireguard.yml @@ -1,90 +1,76 @@ -- name: load private key into var - set_fact: - vpn_server_key: '{{ lookup("file", "files/wireguard/default/server.key" ) }}' - -- name: load public key into var - set_fact: - vpn_server_public_key: '{{ lookup("file", "files/wireguard/default/server.pub" ) }}' - -# this should eventually be replaced with using the -# PrivateKeyFile/PresharedKeyFile options -- name: load preshared keys into variables - set_fact: - vpn_peers: '{{ vpn_peers | combine({item.key: item.value|combine({"preshared_key": lookup("file", item.value.preshared_key_source_path )})})}}' - with_dict: '{{ vpn_peers }}' - -- name: load mobile private_key - set_fact: - vpn_peers: '{{ vpn_peers | combine({item.key: item.value|combine({"private_key": lookup("file", item.value.private_key_source_path )})})}}' - with_dict: '{{ vpn_peers }}' - when: item.key == "mobile" - -- name: copy wireguard configuration files +- name: Copy Wireguard configuration files become: true - template: + ansible.builtin.template: src: '{{ item.src }}' dest: '{{ item.dest }}' owner: root group: systemd-network mode: '0640' loop: - - { src: 'templates/network/wireguard/default/wg0.netdev.j2', dest: '/etc/systemd/network/wg0.netdev' } - - { - src: 'templates/network/wireguard/default/wg0.network.j2', - dest: '/etc/systemd/network/wg0.network', - } + - src: 'templates/network/wireguard/default/wg0.netdev.j2' + dest: '/etc/systemd/network/wg0.netdev' + - src: 'templates/network/wireguard/default/wg0.network.j2' + dest: '/etc/systemd/network/wg0.network' notify: restart systemd-networkd -- name: copy mobile configuration - template: - src: 'templates/network/wireguard/default/mobile.wireguard.j2' - dest: '/tmp/mobile.conf' - mode: '0600' - when: copy_vpn_configurations - -- name: create wireguard directories +- name: Create Wireguard directories become: true - file: + ansible.builtin.file: path: '{{ item | dirname }}' owner: root group: systemd-network mode: '0640' state: directory + recurse: true loop: - - '{{ vpn_server_key_path }}' - - '{{ vpn_server_public_key_path }}' + - '{{ vpn_key_directory }}' -- name: copy wireguard credentials +- name: Copy Wireguard server credentials become: true - copy: + ansible.builtin.copy: src: '{{ item.src }}' dest: '{{ item.dest }}' owner: root group: systemd-network mode: '0640' loop: - - { src: 'files/wireguard/default/server.pub', dest: '{{ vpn_server_public_key_path }}' } - - { src: 'files/wireguard/default/server.key', dest: '{{ vpn_server_key_path }}' } + - src: 'files/wireguard/default/server.pub' + dest: '{{ vpn_server_public_key_path }}' + - src: 'files/wireguard/default/server.key' + dest: '{{ vpn_server_key_path }}' + notify: restart systemd-networkd -- name: copy mobile wireguard credentials +- name: Copy Wireguard mobile credentials become: true - copy: + ansible.builtin.copy: src: '{{ item.src }}' dest: '{{ item.dest }}' owner: root group: systemd-network mode: '0640' loop: - - { src: 'files/wireguard/default/mobile.pub', dest: '{{ vpn_server_public_key_path|dirname }}/mobile.pub' } - - { src: 'files/wireguard/default/mobile.key', dest: '{{ vpn_server_key_path|dirname }}/mobile.key' } + - src: 'files/wireguard/default/mobile.pub' + dest: '{{ vpn_key_directory }}/public/mobile.pub' + - src: 'files/wireguard/default/mobile.key' + dest: '{{ vpn_key_directory }}/private/mobile.key' + notify: restart systemd-networkd -- name: copy wireguard preshared keys +- name: Copy Wireguard preshared keys become: true - copy: + ansible.builtin.copy: src: '{{ item.value.preshared_key_source_path }}' dest: '{{ item.value.preshared_key_path }}' owner: root group: systemd-network mode: '0640' with_dict: '{{ vpn_peers }}' + notify: restart systemd-networkd +- name: Copy Wireguard mobile configuration + become: true + ansible.builtin.template: + src: 'templates/network/wireguard/default/mobile.wireguard.j2' + dest: '/tmp/mobile.conf' + mode: '0600' + owner: '{{ ansible_user_id }}' + when: copy_vpn_configurations diff --git a/tasks/wireguard_media.yml b/tasks/wireguard_media.yml index ae525ed..8ad3968 100644 --- a/tasks/wireguard_media.yml +++ b/tasks/wireguard_media.yml @@ -1,97 +1,88 @@ -- name: load media private key into var - set_fact: - vpn_media_server_key: '{{ lookup("file", "files/wireguard/media/server.key" ) }}' - -- name: load media public key into var - set_fact: - vpn_media_server_public_key: '{{ lookup("file", "files/wireguard/media/server.pub" ) }}' - -# this should eventually be replaced with using the -# PrivateKeyFile/PresharedKeyFile options -- name: load preshared media keys into variables - set_fact: - vpn_media_peers: '{{ vpn_media_peers | combine({item.key: item.value|combine({"preshared_key": lookup("file", item.value.preshared_key_source_path )})})}}' - with_dict: '{{ vpn_media_peers }}' - -- name: load external media private_keys - set_fact: - vpn_media_peers: '{{ vpn_media_peers | combine({item.key: item.value|combine({"private_key": lookup("file", item.value.private_key_source_path )})})}}' - with_dict: '{{ vpn_media_peers }}' - when: item.key in ['mobile_peer_1', 'mobile_peer_2', 'tv'] - -- name: copy wireguard media configuration files +- name: Copy Wireguard media configuration files become: true - template: + ansible.builtin.template: src: '{{ item.src }}' dest: '{{ item.dest }}' owner: root group: systemd-network mode: '0640' loop: - - { src: 'templates/network/wireguard/media/wg1.netdev.j2', dest: '/etc/systemd/network/wg1.netdev' } - - { - src: 'templates/network/wireguard/media/wg1.network.j2', - dest: '/etc/systemd/network/wg1.network', - } + - src: 'templates/network/wireguard/media/wg1.netdev.j2' + dest: '/etc/systemd/network/wg1.netdev' + - src: 'templates/network/wireguard/media/wg1.network.j2' + dest: '/etc/systemd/network/wg1.network' notify: restart systemd-networkd -- name: copy external media configurations - template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - mode: '0600' - loop: - - { src: 'templates/network/wireguard/media/mobile_1.wireguard.j2', dest: '/tmp/mobile_1.conf' } - - { src: 'templates/network/wireguard/media/mobile_2.wireguard.j2', dest: '/tmp/mobile_2.conf' } - - { src: 'templates/network/wireguard/media/tv.wireguard.j2', dest: '/tmp/tv.conf' } - when: copy_vpn_media_configurations - -- name: create wireguard media directories +- name: Create Wireguard media directories become: true - file: - path: '{{ item | dirname }}' + ansible.builtin.file: + path: '{{ item }}' owner: root group: systemd-network mode: '0640' state: directory + recurse: true loop: - - '{{ vpn_media_server_key_path }}' - - '{{ vpn_media_server_public_key_path }}' + - '{{ vpn_media_key_directory }}' -- name: copy wireguard media credentials +- name: Copy Wireguard server media credentials become: true - copy: + ansible.builtin.copy: src: '{{ item.src }}' dest: '{{ item.dest }}' owner: root group: systemd-network mode: '0640' loop: - - { src: 'files/wireguard/media/server.pub', dest: '{{ vpn_media_server_public_key_path }}' } - - { src: 'files/wireguard/media/server.key', dest: '{{ vpn_media_server_key_path }}' } + - src: 'files/wireguard/media/server.pub' + dest: '{{ vpn_media_server_public_key_path }}' + - src: 'files/wireguard/media/server.key' + dest: '{{ vpn_media_server_key_path }}' -- name: copy mobile media wireguard credentials +- name: Copy Wireguard mobile media credentials become: true - copy: + ansible.builtin.copy: src: '{{ item.src }}' dest: '{{ item.dest }}' owner: root group: systemd-network mode: '0640' loop: - - { src: 'files/wireguard/media/mobile-1.pub', dest: '{{ vpn_media_server_public_key_path|dirname }}/mobile_1.pub' } - - { src: 'files/wireguard/media/mobile-1.key', dest: '{{ vpn_media_server_key_path|dirname }}/mobile_1.key' } - - { src: 'files/wireguard/media/mobile-2.pub', dest: '{{ vpn_media_server_public_key_path|dirname }}/mobile_2.pub' } - - { src: 'files/wireguard/media/mobile-2.key', dest: '{{ vpn_media_server_key_path|dirname }}/mobile_2.key' } - - { src: 'files/wireguard/media/tv.pub', dest: '{{ vpn_media_server_public_key_path|dirname }}/tv.pub' } - - { src: 'files/wireguard/media/tv.key', dest: '{{ vpn_media_server_key_path|dirname }}/tv.key' } + - src: 'files/wireguard/media/mobile-1.pub' + dest: '{{ vpn_media_key_directory }}/public/mobile_1.pub' + - src: 'files/wireguard/media/mobile-1.key' + dest: '{{ vpn_media_key_directory }}/private/mobile_1.key' + - src: 'files/wireguard/media/mobile-2.pub' + dest: '{{ vpn_media_key_directory }}/public/mobile_2.pub' + - src: 'files/wireguard/media/mobile-2.key' + dest: '{{ vpn_media_key_directory }}/private/mobile_2.key' + - src: 'files/wireguard/media/tv.pub' + dest: '{{ vpn_media_key_directory }}/public/tv.pub' + - src: 'files/wireguard/media/tv.key' + dest: '{{ vpn_media_key_directory }}/private/tv.key' -- name: copy wireguard media preshared keys +- name: Copy wireguard media preshared keys become: true - copy: + ansible.builtin.copy: src: '{{ item.value.preshared_key_source_path }}' dest: '{{ item.value.preshared_key_path }}' owner: root group: systemd-network mode: '0640' with_dict: '{{ vpn_media_peers }}' + +- name: Copy Wireguard external media configurations + become: true + ansible.builtin.template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + mode: '0600' + owner: '{{ ansible_user_id }}' + loop: + - src: 'templates/network/wireguard/media/mobile_1.wireguard.j2' + dest: '/tmp/mobile_1.conf' + - src: 'templates/network/wireguard/media/mobile_2.wireguard.j2' + dest: '/tmp/mobile_2.conf' + - src: 'templates/network/wireguard/media/tv.wireguard.j2' + dest: '/tmp/tv.conf' + when: copy_vpn_media_configurations diff --git a/templates/network/link1.network.j2 b/templates/network/link1.network.j2 index 517a687..efbfdff 100644 --- a/templates/network/link1.network.j2 +++ b/templates/network/link1.network.j2 @@ -4,7 +4,7 @@ Name={{ network_interface }} [Network] -DHCP=ipv4 Address={{ lan_ip }}/24 Gateway={{ lan_gateway }} DNS={{ lan_dns }} +IgnoreCarrierLoss=true diff --git a/templates/network/wireguard/default/mobile.wireguard.j2 b/templates/network/wireguard/default/mobile.wireguard.j2 index a0fd7b9..2f9773b 100644 --- a/templates/network/wireguard/default/mobile.wireguard.j2 +++ b/templates/network/wireguard/default/mobile.wireguard.j2 @@ -2,10 +2,10 @@ [Interface] Address={{ vpn_peers.mobile.ip }}/24 -PrivateKey={{ vpn_peers.mobile.private_key }} +PrivateKey={{ lookup("file", vpn_peers.mobile.private_key_source_path) }} [Peer] -PublicKey={{ vpn_server_public_key }} -PresharedKey={{ vpn_peers.mobile.preshared_key }} +PublicKey={{ lookup("file", vpn_server_public_key_source_path) }} +PresharedKey={{ lookup("file", vpn_peers.mobile.preshared_key_source_path) }} AllowedIPs={{ vpn_listen_address }}/32 Endpoint={{ domain_name }}:{{ vpn_port }} diff --git a/templates/network/wireguard/default/wg0.netdev.j2 b/templates/network/wireguard/default/wg0.netdev.j2 index 24021fb..39b0ec4 100644 --- a/templates/network/wireguard/default/wg0.netdev.j2 +++ b/templates/network/wireguard/default/wg0.netdev.j2 @@ -7,12 +7,12 @@ Description=WireGuard tunnel wg0 [WireGuard] ListenPort={{ vpn_port }} -PrivateKey={{ vpn_server_key }} +PrivateKeyFile={{ vpn_server_key_path }} {% for peer, properties in vpn_peers.items() %} [WireGuardPeer] PublicKey={{ properties.public_key }} -PresharedKey={{ properties.preshared_key }} +PresharedKeyFile={{ properties.preshared_key_path }} AllowedIPs={{ properties.ip }}/32 {% if not loop.last %} diff --git a/templates/network/wireguard/media/mobile_1.wireguard.j2 b/templates/network/wireguard/media/mobile_1.wireguard.j2 index 027949f..f0bbc55 100644 --- a/templates/network/wireguard/media/mobile_1.wireguard.j2 +++ b/templates/network/wireguard/media/mobile_1.wireguard.j2 @@ -2,10 +2,10 @@ [Interface] Address={{ vpn_media_peers.mobile_peer_1.ip }}/24 -PrivateKey={{ vpn_media_peers.mobile_peer_1.private_key }} +PrivateKey={{ lookup('file', vpn_media_peers.mobile_peer_1.private_key_source_path) }} [Peer] -PublicKey={{ vpn_media_server_public_key }} -PresharedKey={{ vpn_media_peers.mobile_peer_1.preshared_key }} +PublicKey={{ lookup('file', vpn_media_server_public_key_source_path) }} +PresharedKey={{ lookup('file', vpn_media_peers.mobile_peer_1.preshared_key_source_path) }} AllowedIPs={{ vpn_media_listen_address }}/32 Endpoint={{ domain_name }}:{{ vpn_media_port }} diff --git a/templates/network/wireguard/media/mobile_2.wireguard.j2 b/templates/network/wireguard/media/mobile_2.wireguard.j2 index a8a9c3b..4550c5c 100644 --- a/templates/network/wireguard/media/mobile_2.wireguard.j2 +++ b/templates/network/wireguard/media/mobile_2.wireguard.j2 @@ -2,10 +2,10 @@ [Interface] Address={{ vpn_media_peers.mobile_peer_2.ip }}/24 -PrivateKey={{ vpn_media_peers.mobile_peer_2.private_key }} +PrivateKey={{ lookup('file', vpn_media_peers.mobile_peer_2.private_key_source_path) }} [Peer] -PublicKey={{ vpn_media_server_public_key }} -PresharedKey={{ vpn_media_peers.mobile_peer_2.preshared_key }} +PublicKey={{ lookup('file', vpn_media_server_public_key_source_path) }} +PresharedKey={{ lookup('file', vpn_media_peers.mobile_peer_2.preshared_key_source_path) }} AllowedIPs={{ vpn_media_listen_address }}/32 Endpoint={{ domain_name }}:{{ vpn_media_port }} diff --git a/templates/network/wireguard/media/tv.wireguard.j2 b/templates/network/wireguard/media/tv.wireguard.j2 index a9ed256..0b08b87 100644 --- a/templates/network/wireguard/media/tv.wireguard.j2 +++ b/templates/network/wireguard/media/tv.wireguard.j2 @@ -2,10 +2,10 @@ [Interface] Address={{ vpn_media_peers.tv.ip }}/24 -PrivateKey={{ vpn_media_peers.tv.private_key }} +PrivateKey={{ lookup('file', vpn_media_peers.tv.private_key_source_path) }} [Peer] -PublicKey={{ vpn_media_server_public_key }} -PresharedKey={{ vpn_media_peers.tv.preshared_key }} +PublicKey={{ lookup('file', vpn_media_server_public_key_source_path) }} +PresharedKey={{ lookup("file", vpn_media_peers.tv.preshared_key_source_path) }} AllowedIPs={{ vpn_media_listen_address }}/32 Endpoint={{ domain_name }}:{{ vpn_media_port }} diff --git a/templates/network/wireguard/media/wg1.netdev.j2 b/templates/network/wireguard/media/wg1.netdev.j2 index 9323295..8e5a55f 100644 --- a/templates/network/wireguard/media/wg1.netdev.j2 +++ b/templates/network/wireguard/media/wg1.netdev.j2 @@ -7,12 +7,12 @@ Description=WireGuard tunnel wg1 [WireGuard] ListenPort={{ vpn_media_port }} -PrivateKey={{ vpn_media_server_key }} +PrivateKeyFile={{ vpn_media_server_key_path }} {% for peer, properties in vpn_media_peers.items() %} [WireGuardPeer] PublicKey={{ properties.public_key }} -PresharedKey={{ properties.preshared_key }} +PresharedKeyFile={{ properties.preshared_key_path }} AllowedIPs={{ properties.ip }}/32 {% if not loop.last %} diff --git a/vars/vpn.yml b/vars/vpn.yml index 900a641..0e863ee 100644 --- a/vars/vpn.yml +++ b/vars/vpn.yml @@ -6,8 +6,10 @@ vpn_interface: 'wg0' vpn_source_range: '10.0.0.0/24' vpn_destination_range: '10.0.0.1/32' -vpn_server_public_key_path: '/etc/wireguard/keys/public/server.pub' -vpn_server_key_path: '/etc/wireguard/keys/private/server.key' +vpn_key_directory: '/etc/wireguard/keys' +vpn_server_public_key_path: '{{ vpn_key_directory }}/public/server.pub' +vpn_server_public_key_source_path: 'files/wireguard/default/server.pub' +vpn_server_key_path: '{{ vpn_key_directory }}/private/server.key' copy_vpn_configurations: false @@ -15,16 +17,16 @@ vpn_peers: laptop: ip: '10.0.0.2' public_key: 'EbWLf2+7x/RymeeiVuX72nZOBqPvdhu2V9pYhszpQEw=' - preshared_key_path: '/etc/wireguard/keys/private/preshared-laptop.psk' + preshared_key_path: '{{ vpn_key_directory }}/private/preshared-laptop.psk' preshared_key_source_path: 'files/wireguard/default/preshared-laptop.psk' desktop: ip: '10.0.0.3' public_key: 'izHzmRwh2yzICps6pFI2Bg3TnmTD66/8uH4loJpkuD4=' - preshared_key_path: '/etc/wireguard/keys/private/preshared-desktop.psk' + preshared_key_path: '{{ vpn_key_directory }}/private/preshared-desktop.psk' preshared_key_source_path: 'files/wireguard/default/preshared-desktop.psk' mobile: ip: '10.0.0.4' public_key: '4aBHRiglCOE7qEDLqeFgQ5PMMsKczpPoL4bx4jyAEDY=' - preshared_key_path: '/etc/wireguard/keys/private/preshared-mobile.psk' + preshared_key_path: '{{ vpn_key_directory }}/private/preshared-mobile.psk' preshared_key_source_path: 'files/wireguard/default/preshared-mobile.psk' private_key_source_path: 'files/wireguard/default/mobile.key' diff --git a/vars/vpn_media.yml b/vars/vpn_media.yml index 5c16a0e..ccbeba6 100644 --- a/vars/vpn_media.yml +++ b/vars/vpn_media.yml @@ -6,40 +6,42 @@ vpn_media_interface: 'wg1' vpn_media_source_range: '10.0.1.0/24' vpn_media_destination_range: '10.0.1.1/32' -vpn_media_server_public_key_path: '/etc/wireguard/keys/public/media_server.pub' -vpn_media_server_key_path: '/etc/wireguard/keys/private/media_server.key' +vpn_media_key_directory: '/etc/wireguard/keys' + +vpn_media_server_public_key_path: '{{ vpn_media_key_directory }}/public/media_server.pub' +vpn_media_server_public_key_source_path: 'files/wireguard/media/server.pub' +vpn_media_server_key_path: '{{ vpn_media_key_directory }}/private/media_server.key' copy_vpn_media_configurations: false -# TODO: move keys in /etc/wireguard/keys to seperate folders # TODO: use simliar task layout as in arch-setup repo vpn_media_peers: laptop: ip: '10.0.1.2' public_key: 'hI4rqlv2afs4RJkt5xR+dYxQODSd6lR0OqWJRlnQdjM=' - preshared_key_path: '/etc/wireguard/keys/private/preshared-media-laptop.psk' + preshared_key_path: '{{ vpn_media_key_directory }}/private/preshared-media-laptop.psk' preshared_key_source_path: 'files/wireguard/media/preshared-laptop.psk' desktop: ip: '10.0.1.3' public_key: 'YDH5lZcxUHM4AU2ZxQrFqjDIV2Z7PSUQKMcYXLExV0E=' - preshared_key_path: '/etc/wireguard/keys/private/preshared-media-desktop.psk' + preshared_key_path: '{{ vpn_media_key_directory }}/private/preshared-media-desktop.psk' preshared_key_source_path: 'files/wireguard/media/preshared-desktop.psk' mobile_peer_1: ip: '10.0.1.4' public_key: '6fj8FXvzT0IUlZLJjQ/+FhwwRDsJeQsUFHqKQcyXdwQ=' - preshared_key_path: '/etc/wireguard/keys/private/preshared-media-mobile-1.psk' + preshared_key_path: '{{ vpn_media_key_directory }}/private/preshared-media-mobile-1.psk' preshared_key_source_path: 'files/wireguard/media/preshared-mobile-1.psk' private_key_source_path: 'files/wireguard/media/mobile-1.key' mobile_peer_2: ip: '10.0.1.5' public_key: 'w/pswNrAYFdEUoaLk3zSqOu4gg2s41BBCN02E//ai1c=' - preshared_key_path: '/etc/wireguard/keys/private/preshared-media-mobile-2.psk' + preshared_key_path: '{{ vpn_media_key_directory }}/private/preshared-media-mobile-2.psk' preshared_key_source_path: 'files/wireguard/media/preshared-mobile-2.psk' private_key_source_path: 'files/wireguard/media/mobile-2.key' tv: ip: '10.0.1.6' public_key: '5+yz9C9PhaLhsvAZ1e3mDsTQpMZVrPZnSQa6ERJIKU0=' - preshared_key_path: '/etc/wireguard/keys/private/preshared-media-tv.psk' + preshared_key_path: '{{ vpn_media_key_directory }}/private/preshared-media-tv.psk' preshared_key_source_path: 'files/wireguard/media/preshared-tv.psk' private_key_source_path: 'files/wireguard/media/tv.key'