ansible-roles/vpn/wireguard/tasks/main.yml

89 lines
2.6 KiB
YAML
Raw Normal View History

2022-12-20 19:47:11 +01:00
---
- name: "install wireguard"
ansible.builtin.apt:
name: "wireguard"
2023-08-13 23:47:03 +02:00
- name: "create interface directory hierarchy"
ansible.builtin.file:
path: "{{ system_etc_root_directory }}/network/interfaces/{{ item }}"
state: "directory"
mode: 0755
loop:
- "{{ vpn_wireguard_iface }}"
- "{{ vpn_wireguard_iface }}/ifup.d"
- "{{ vpn_wireguard_iface }}/ifdown.d"
- "{{ vpn_wireguard_iface }}/nftables"
- "{{ vpn_wireguard_iface }}/wireguard"
- name: "wireguard configuration"
2022-12-20 19:47:11 +01:00
ansible.builtin.template:
2023-08-13 23:47:03 +02:00
src: "./wireguard/wireguard-{{ vpn_wireguard_role }}.conf"
dest: "\
{{ system_etc_root_directory }}/network/interfaces/\
{{ vpn_wireguard_iface }}/wireguard/wireguard-{{ vpn_wireguard_role }}.conf"
2022-12-20 19:47:11 +01:00
mode: 0600
2023-08-13 23:47:03 +02:00
register: vpn_wireguard_configuration
- name: "nftables up script"
ansible.builtin.template:
src: "./nftables/up.nft"
dest: "\
{{ system_etc_root_directory }}/network/interfaces/\
{{ vpn_wireguard_iface }}/nftables/up.nft"
mode: 0644
register: vpn_wireguard_nftables_up
2022-12-20 19:47:11 +01:00
2023-08-13 23:47:03 +02:00
- name: "interface up scripts"
2022-12-20 19:47:11 +01:00
ansible.builtin.template:
2023-08-13 23:47:03 +02:00
src: "./ifupdown.d/{{ item }}"
dest: "\
{{ system_etc_root_directory }}/network/interfaces/\
{{ vpn_wireguard_iface }}/ifup.d/{{ item }}"
2022-12-20 19:47:11 +01:00
mode: 0755
2023-08-13 23:47:03 +02:00
loop:
- "00-interface"
- "10-nftables"
- "20-routes-{{ vpn_wireguard_role }}"
register: vpn_wireguard_interface_up
2022-12-20 19:47:11 +01:00
- name: "configure interface"
ansible.builtin.template:
2023-08-13 23:47:03 +02:00
src: "./interface"
2023-07-20 20:27:37 +02:00
dest: "/etc/network/interfaces.d/{{ vpn_wireguard_iface }}"
2022-12-20 19:47:11 +01:00
mode: 0644
2023-08-13 23:47:03 +02:00
register: vpn_wireguard_interface_file
2022-12-20 19:47:11 +01:00
- name: "restart interface"
ansible.builtin.shell: |
2023-07-20 20:27:37 +02:00
if ip link show dev {{ vpn_wireguard_iface }}
2022-12-20 19:47:11 +01:00
then
2023-07-20 20:27:37 +02:00
ifdown {{ vpn_wireguard_iface }} && ifup {{ vpn_wireguard_iface }}
2022-12-20 19:47:11 +01:00
else
2023-07-20 20:27:37 +02:00
ifup {{ vpn_wireguard_iface }}
2022-12-20 19:47:11 +01:00
fi
when:
2023-08-13 23:47:03 +02:00
vpn_wireguard_configuration.changed or
vpn_wireguard_nftables_up.changed or
vpn_wireguard_interface_up.changed or
vpn_wireguard_interface_file.changed
- name: "nftables down script"
ansible.builtin.template:
src: "./nftables/down.nft"
dest: "\
{{ system_etc_root_directory }}/network/interfaces/\
{{ vpn_wireguard_iface }}/nftables/down.nft"
mode: 0644
2022-12-20 19:47:11 +01:00
2023-08-13 23:47:03 +02:00
- name: "interface down scripts"
2023-07-20 20:27:37 +02:00
ansible.builtin.template:
2023-08-13 23:47:03 +02:00
src: "./ifupdown.d/{{ item }}"
dest: "\
{{ system_etc_root_directory }}/network/interfaces/\
{{ vpn_wireguard_iface }}/ifdown.d/{{ item }}"
2022-12-20 19:47:11 +01:00
mode: 0755
2023-08-13 23:47:03 +02:00
loop:
- "00-interface"
- "10-nftables"
- "20-routes-{{ vpn_wireguard_role }}"