homelab/roles/base/tasks/wireguard.yml

40 lines
945 B
YAML
Raw Permalink Normal View History

2021-05-07 04:24:52 +00:00
- name: Install WireGuard
2023-05-04 03:42:55 +00:00
ansible.builtin.apt:
2021-05-07 04:24:52 +00:00
name: wireguard
state: present
update_cache: true
- name: Generate WireGuard keys
2023-05-04 05:44:18 +00:00
ansible.builtin.shell: |
set -o pipefail
wg genkey | tee privatekey | wg pubkey > publickey
2021-05-07 04:24:52 +00:00
args:
chdir: /etc/wireguard/
creates: /etc/wireguard/privatekey
executable: /usr/bin/bash
2021-05-07 04:24:52 +00:00
- name: Grab WireGuard private key for configuration
2023-05-04 03:42:55 +00:00
ansible.builtin.slurp:
2021-05-07 04:24:52 +00:00
src: /etc/wireguard/privatekey
register: wgkey
- name: Install WireGuard configuration
2023-05-04 03:42:55 +00:00
ansible.builtin.template:
2021-05-07 04:24:52 +00:00
src: wireguard.j2
dest: /etc/wireguard/wg0.conf
2023-10-21 01:30:25 +00:00
mode: "400"
2023-05-04 05:44:18 +00:00
notify: restart_wireguard
2021-05-07 04:24:52 +00:00
- name: Start WireGuard interface
2023-05-04 03:42:55 +00:00
ansible.builtin.service:
2021-05-07 04:24:52 +00:00
name: wg-quick@wg0
state: started
enabled: true
2022-08-13 04:19:24 +00:00
- name: Add WireGuard firewall rule
2023-05-04 03:42:55 +00:00
community.general.ufw:
2022-08-13 04:19:24 +00:00
rule: allow
port: "{{ wireguard.listenport }}"
2023-06-15 07:09:13 +00:00
proto: udp
2022-08-13 04:19:24 +00:00
when: wireguard.listenport is defined