62 lines
1.5 KiB
YAML
62 lines
1.5 KiB
YAML
- name: Install wireguard
|
|
apt:
|
|
name: [wireguard, qrencode]
|
|
state: present
|
|
update_cache: yes
|
|
|
|
- name: Ensure key dir
|
|
file: { path: /etc/wireguard/keys, state: directory, mode: '0700' }
|
|
|
|
- name: Generate private key if missing
|
|
shell: "[ -f /etc/wireguard/keys/privatekey ] || (umask 077 && wg genkey > /etc/wireguard/keys/privatekey)"
|
|
args: { creates: /etc/wireguard/keys/privatekey }
|
|
|
|
- name: Generate public key
|
|
shell: "wg pubkey < /etc/wireguard/keys/privatekey > /etc/wireguard/keys/publickey"
|
|
args: { creates: /etc/wireguard/keys/publickey }
|
|
|
|
- name: Read pubkey
|
|
slurp: { src: /etc/wireguard/keys/publickey }
|
|
register: pubkey_raw
|
|
|
|
- name: Read private key
|
|
slurp: { src: /etc/wireguard/keys/privatekey }
|
|
register: privkey_raw
|
|
|
|
- set_fact:
|
|
wg_public_key: "{{ pubkey_raw.content | b64decode | trim }}"
|
|
wg_private_key: "{{ privkey_raw.content | b64decode | trim }}"
|
|
|
|
- name: Gather facts from all hosts
|
|
setup:
|
|
delegate_to: "{{ item }}"
|
|
delegate_facts: true
|
|
loop: "{{ groups['k8s_nodes'] }}"
|
|
run_once: true
|
|
|
|
- name: Pretty print hostvars
|
|
debug:
|
|
msg: "{{ hostvars['hetzner-1']['wg_public_key'] }}"
|
|
|
|
- name: Render config
|
|
template:
|
|
src: wg0.conf.j2
|
|
dest: /etc/wireguard/wg0.conf
|
|
mode: '0600'
|
|
|
|
- name: Enable IP forward
|
|
sysctl:
|
|
name: net.ipv4.ip_forward
|
|
value: "1"
|
|
sysctl_set: yes
|
|
state: present
|
|
reload: yes
|
|
|
|
- name: Enable wg-quick
|
|
service:
|
|
name: wg-quick@wg0
|
|
enabled: yes
|
|
state: started
|
|
|
|
- debug:
|
|
var: wg_show.stdout |