Install wireguard server

2019-12-08 20:16:42 +00:00 · 2019-12-08 20:16:42 +00:00 · 730246e67f
commit 730246e67f
parent db941391ca
4 changed files with 67 additions and 28 deletions
--- a/ansible/roles/gateway/files/limit-unstable.conf
+++ b/ansible/roles/gateway/files/limit-unstable.conf
@ -0,0 +1,3 @@
+Package: *
+Pin: release a=unstable
+Pin-Priority: 90
--- a/ansible/roles/gateway/tasks/haproxy.yml
+++ b/ansible/roles/gateway/tasks/haproxy.yml
@ -0,0 +1,29 @@
+- name: Install Haproxy
+  apt:
+    name: haproxy
+  become: true
+  become_user: root
+
+- name: Import vault
+  include_vars:
+    file: vault.yml
+
+- name: Define context
+  set_fact:
+    upstream: 10.23.0.2
+
+- name: Haproxy config
+  template:
+    src: files/haproxy.cfg
+    dest: /etc/haproxy/haproxy.cfg
+    validate: /usr/sbin/haproxy -c -- %s
+    backup: yes
+  become: true
+  become_user: root
+  register: haproxy_config
+
+- name: Restart Haproxy
+  service:
+    name: haproxy
+    state: reloaded
+  when: haproxy_config.changed
--- a/ansible/roles/gateway/tasks/main.yml
+++ b/ansible/roles/gateway/tasks/main.yml
@ -1,29 +1,5 @@
- name: Install Haproxy
-  apt:
-    name: haproxy
-  become: true
-  become_user: root
+- name: Configure HAproxy
+  include: haproxy.yml

- name: Import vault
-  include_vars:
-    file: vault.yml
-
- name: Define context
-  set_fact:
-    upstream: 10.23.0.2
-
- name: Haproxy config
-  template:
-    src: files/haproxy.cfg
-    dest: /etc/haproxy/haproxy.cfg
-    validate: /usr/sbin/haproxy -c -- %s
-    backup: yes
-  become: true
-  become_user: root
-  register: haproxy_config
-
- name: Restart Haproxy
-  service:
-    name: haproxy
-    state: reloaded
-  when: haproxy_config.changed
+- name: Configure wireguard
+  include: wireguard.yml
--- a/ansible/roles/gateway/tasks/wireguard.yml
+++ b/ansible/roles/gateway/tasks/wireguard.yml
@ -0,0 +1,31 @@
+- name: Add unstable apt repo
+  lineinfile:
+    path: /etc/apt/sources.list.d/unstable.list
+    state: present
+    line: 'deb http://deb.debian.org/debian/ unstable main'
+  register: install_unstable_apt
+  become: true
+  become_user: root
+
+- name: Limit unstable apt repo
+  copy:
+    src: limit-unstable.conf
+    dest: /etc/apt/preferences.d/limit-unstable
+  become: true
+  become_user: root
+  register: limit_unstable_apt
+
+- name: Update apt repos
+  apt:
+    update_cache: true
+  become: true
+  become_user: root
+  when: install_unstable_apt.changed or limit_unstable_apt.changed
+
+- name: Install Wireguard
+  apt:
+    name:
+      - wireguard
+      - wireguard-tools
+  become: true
+  become_user: root