ansible-edda/playbooks/tasks/vpn/wireguard.yml

58 lines
1.8 KiB
YAML
Raw Normal View History

2022-09-24 00:15:46 +02:00
- name: Install WireGuard
apt:
name: wireguard
- name: WireGuard interface configuration
template:
src: ./filesystem/{{ ansible_hostname }}/etc/wireguard/wg0.conf.j2
dest: /etc/wireguard/wg0.conf
mode: 0600
register: wg_intf_conf
2022-09-25 16:00:40 +02:00
- name: WireGuard interface post-up nftables inet script
2022-09-24 00:15:46 +02:00
template:
2022-09-25 16:00:40 +02:00
src: ./filesystem/{{ ansible_hostname }}/usr/local/sbin/post-up-wg0-inet.nft.j2
dest: /usr/local/sbin/post-up-wg0-inet.nft
2022-09-24 00:15:46 +02:00
mode: 0755
2022-09-25 16:00:40 +02:00
register: wg_intf_post_up_inet
- name: WireGuard interface post-up nftables ipv4 script
template:
src: ./filesystem/{{ ansible_hostname }}/usr/local/sbin/post-up-wg0-ipv4.nft.j2
dest: /usr/local/sbin/post-up-wg0-ipv4.nft
mode: 0755
register: wg_intf_post_up_ipv4
2022-09-24 00:15:46 +02:00
- name: Create WireGuard interface
template:
src: ./filesystem/{{ ansible_hostname }}/etc/network/interfaces.d/wg0.j2
dest: /etc/network/interfaces.d/wg0
mode: 0644
validate: >
bash -c
'if ! diff %s /etc/network/interfaces.d/wg0 && ip link show dev wg0 ;
then
ifdown wg0 ;
fi'
2022-09-24 00:15:46 +02:00
register: wg_intf
- name: Restart WireGuard interface
2022-09-25 16:00:40 +02:00
shell: if ip link show dev wg0 ; then ifdown wg0 && ifup wg0 ; else ifup wg0 ; fi
2022-09-24 00:15:46 +02:00
when:
wg_intf_conf is changed or
2022-09-25 16:00:40 +02:00
wg_intf_post_up_inet is changed or
wg_intf_post_up_ipv4 is changed or
2022-09-24 00:15:46 +02:00
wg_intf is changed
2022-09-25 16:00:40 +02:00
- name: WireGuard interface pre-down nftables inet script
template:
src: ./filesystem/{{ ansible_hostname }}/usr/local/sbin/pre-down-wg0-inet.nft.j2
dest: /usr/local/sbin/pre-down-wg0-inet.nft
mode: 0755
- name: WireGuard interface pre-down nftables ipv4 script
2022-09-24 00:15:46 +02:00
template:
2022-09-25 16:00:40 +02:00
src: ./filesystem/{{ ansible_hostname }}/usr/local/sbin/pre-down-wg0-ipv4.nft.j2
dest: /usr/local/sbin/pre-down-wg0-ipv4.nft
2022-09-24 00:15:46 +02:00
mode: 0755