Extract playbook actions to roles

2026-05-20 20:17:01 +01:00 · 2024-05-31 01:17:29 +03:00
parent 311d6ce925
commit 5ee8b48ff7
38 changed files with 414 additions and 463 deletions
@@ -0,0 +1,11 @@
+---
+wireguard:
+  private_key: <wireguard private key>
+  address: <hosts address inside vpn>
+  port: 21841
+  interface: wg0
+  peers:
+    - name: Gateway
+      public_key: <vpn gateway public key>
+      endpoint: <gateway ip>:21841
+      allowed_ips: 10.2.0.1/32
@@ -0,0 +1,30 @@
+---
+- name: Install wireguard
+  community.general.openbsd_pkg:
+    name:
+      - wireguard-tools
+    state: present
+
+- name: Ensures /etc/wireguard dir exists
+  file:
+    path: /etc/wireguard
+    state: directory
+
+- name: Create wireguard config
+  template:
+    src: templates/wireguard.conf.j2
+    dest: /etc/wireguard/{{ wireguard.interface }}.conf
+    owner: root
+    group: wheel
+    mode: "0600"
+  register: wg_config
+
+- name: Create wireguard interface
+  template:
+    src: "templates/wireguard.if.j2"
+    dest: "/etc/hostname.{{ wireguard.interface }}"
+  register: iface_config
+
+- name: Apply network configuration if changed
+  shell: sh /etc/netstart {{ wireguard.interface }}
+  when: wg_config.changed or iface_config.changed
@@ -0,0 +1,12 @@
+# {{ ansible_managed }}
+[Interface]
+PrivateKey = {{ wireguard.private_key }}
+ListenPort = {{ wireguard.port }}
+
+{% for peer in wireguard.peers %}
+[Peer]
+# {{ peer.name }}
+PublicKey = {{ peer.public_key }}
+Endpoint = {{ peer.endpoint }}
+AllowedIPs = {{ peer.allowed_ips }}
+{% endfor %}
@@ -0,0 +1,5 @@
+# {{ ansible_managed }}
+inet {{ wireguard.address }} 255.255.255.0 NONE
+up
+
+!/usr/local/bin/wg setconf {{ wireguard.interface }} /etc/wireguard/{{ wireguard.interface }}.conf