ansible-edda/plays/vpn/roles/wireguard/tasks/main.yml

64 lines
1.6 KiB
YAML
Raw Normal View History

- name: "install wireguard"
ansible.builtin.apt:
name: "wireguard"
- name: "configure wireguard"
2022-12-09 01:16:00 +01:00
ansible.builtin.template:
src: "./wg0.conf.j2"
2022-12-09 01:16:00 +01:00
dest: "/etc/wireguard/wg0.conf"
mode: 0600
register: vpn_wireguard_conf
2022-12-09 01:16:00 +01:00
- name: "post-up nftables inet script"
2022-12-09 01:16:00 +01:00
ansible.builtin.template:
src: "./post-up-wg0-inet.nft.j2"
2022-12-09 01:16:00 +01:00
dest: "/usr/local/sbin/post-up-wg0-inet.nft"
mode: 0755
register: vpn_wireguard_post_up_wg0_inet_nft
2022-12-09 01:16:00 +01:00
- name: "post-up nftables ipv4 script"
2022-12-09 01:16:00 +01:00
ansible.builtin.template:
src: "./post-up-wg0-ipv4.nft.j2"
2022-12-09 01:16:00 +01:00
dest: "/usr/local/sbin/post-up-wg0-ipv4.nft"
mode: 0755
register: vpn_wireguard_post_up_wg0_ipv4_nft
2022-12-09 01:16:00 +01:00
- name: "configure interface"
2022-12-09 01:16:00 +01:00
ansible.builtin.template:
src: "./wg0.j2"
2022-12-09 01:16:00 +01:00
dest: "/etc/network/interfaces.d/wg0"
mode: 0644
validate: >
bash -c
'if ! diff %s /etc/network/interfaces.d/wg0 && ip link show dev wg0 ;
then
ifdown wg0 ;
fi'
register: vpn_wireguard_intf
2022-12-09 01:16:00 +01:00
- name: "restart interface"
2022-12-09 01:16:00 +01:00
ansible.builtin.shell: |
if ip link show dev wg0
then
ifdown wg0 && ifup wg0
else
ifup wg0
fi
when:
vpn_wireguard_conf.changed or
vpn_wireguard_post_up_wg0_inet_nft.changed or
vpn_wireguard_post_up_wg0_ipv4_nft.changed or
vpn_wireguard_intf.changed
2022-12-09 01:16:00 +01:00
- name: "pre-down nftables inet script"
2022-12-09 01:16:00 +01:00
ansible.builtin.copy:
src: "./pre-down-wg0-inet.nft"
2022-12-09 01:16:00 +01:00
dest: "/usr/local/sbin/pre-down-wg0-inet.nft"
mode: 0755
- name: "pre-down nftables ipv4 script"
2022-12-09 01:16:00 +01:00
ansible.builtin.copy:
src: "./pre-down-wg0-ipv4.nft"
2022-12-09 01:16:00 +01:00
dest: "/usr/local/sbin/pre-down-wg0-ipv4.nft"
mode: 0755