From 251fe11113693e5c8f9b7286c65ae819fa5d7345 Mon Sep 17 00:00:00 2001 From: Jake Howard Date: Sun, 19 Jan 2020 16:43:51 +0000 Subject: [PATCH] Output wireguard client config files --- .../roles/gateway/files/wireguard-client.conf | 10 +++++++++ .../{wireguard.conf => wireguard-server.conf} | 0 ansible/roles/gateway/tasks/wireguard.yml | 21 ++++++++++++++++++- 3 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 ansible/roles/gateway/files/wireguard-client.conf rename ansible/roles/gateway/files/{wireguard.conf => wireguard-server.conf} (100%) diff --git a/ansible/roles/gateway/files/wireguard-client.conf b/ansible/roles/gateway/files/wireguard-client.conf new file mode 100644 index 0000000..ce39227 --- /dev/null +++ b/ansible/roles/gateway/files/wireguard-client.conf @@ -0,0 +1,10 @@ +[Interface] +Address = {{ item.value.ip }} +PrivateKey = {{ item.value.private_key }} + +[Peer] +PublicKey = {{ wireguard.server.public_key }} +Endpoint = {{ wireguard.public_ip }}:{{ wireguard.port }} +AllowedIPs = {{ item.value.ip }}/32 + +PersistentKeepalive = 25 diff --git a/ansible/roles/gateway/files/wireguard.conf b/ansible/roles/gateway/files/wireguard-server.conf similarity index 100% rename from ansible/roles/gateway/files/wireguard.conf rename to ansible/roles/gateway/files/wireguard-server.conf diff --git a/ansible/roles/gateway/tasks/wireguard.yml b/ansible/roles/gateway/tasks/wireguard.yml index 450698e..fb75f1f 100644 --- a/ansible/roles/gateway/tasks/wireguard.yml +++ b/ansible/roles/gateway/tasks/wireguard.yml @@ -32,7 +32,7 @@ - name: Wireguard server config template: - src: files/wireguard.conf + src: files/wireguard-server.conf dest: /etc/wireguard/wg0.conf backup: yes become: true @@ -47,3 +47,22 @@ when: wireguard_conf.changed become: true become_user: root + + +- name: Create wireguard client directory + file: + path: /etc/wireguard/clients + state: directory + become: true + become_user: root + +- name: Wireguard client configuration + template: + src: files/wireguard-client.conf + dest: /etc/wireguard/clients/{{ item.key }}.conf + backup: yes + become: true + become_user: root + loop: "{{ wireguard.clients|dict2items }}" + loop_control: + label: "{{ item.key }}"