infrastructure/ansible/roles/gateway/tasks/wireguard.yml

60 lines
1.3 KiB
YAML

- name: Add unstable apt repo
lineinfile:
path: /etc/apt/sources.list.d/unstable.list
state: present
line: deb http://deb.debian.org/debian/ unstable main
register: install_unstable_apt
become: true
- name: Limit unstable apt repo
copy:
src: limit-unstable.conf
dest: /etc/apt/preferences.d/limit-unstable
become: true
register: limit_unstable_apt
- name: Update apt repos
apt:
update_cache: true
become: true
when: install_unstable_apt.changed or limit_unstable_apt.changed
- name: Install Wireguard
apt:
name:
- wireguard
- wireguard-tools
become: true
- name: Wireguard server config
template:
src: files/wireguard-server.conf
dest: /etc/wireguard/wg0.conf
backup: yes
become: true
register: wireguard_conf
- name: Enable wireguard
service:
name: wg-quick@wg0
state: reloaded
enabled: true
when: wireguard_conf.changed
become: true
- name: Create wireguard client directory
file:
path: "{{ home }}/wireguard-clients"
state: directory
owner: "{{ user }}"
mode: 0700
- name: Wireguard client configuration
template:
src: files/wireguard-client.conf
dest: "{{ home }}/wireguard-clients/{{ item.key }}.conf"
owner: "{{ user }}"
mode: 0600
loop: "{{ wireguard.clients|dict2items }}"
loop_control:
label: "{{ item.key }}"