52 lines
1.5 KiB
YAML
52 lines
1.5 KiB
YAML
---
|
|
- name: "install wireguard"
|
|
ansible.builtin.apt:
|
|
name: "wireguard"
|
|
|
|
- name: "configure wireguard"
|
|
ansible.builtin.template:
|
|
src: "./{{ vpn_wireguard_role }}/IFACE.conf"
|
|
dest: "/etc/wireguard/{{ vpn_wireguard_iface }}.conf"
|
|
mode: 0600
|
|
register: vpn_wireguard_conf
|
|
|
|
- name: "post-up nftables inet script"
|
|
ansible.builtin.template:
|
|
src: "./post-up-IFACE-inet.nft"
|
|
dest: "/usr/local/sbin/post-up-{{ vpn_wireguard_iface }}-inet.nft"
|
|
mode: 0755
|
|
register: vpn_wireguard_post_up_iface_inet_nft
|
|
|
|
- name: "configure interface"
|
|
ansible.builtin.template:
|
|
src: "./{{ vpn_wireguard_role }}/IFACE"
|
|
dest: "/etc/network/interfaces.d/{{ vpn_wireguard_iface }}"
|
|
mode: 0644
|
|
validate: >
|
|
bash -c
|
|
'if ! diff %s /etc/network/interfaces.d/{{ vpn_wireguard_iface }} &&
|
|
ip link show dev {{ vpn_wireguard_iface }} ;
|
|
then
|
|
ifdown {{ vpn_wireguard_iface }} ;
|
|
fi'
|
|
register: vpn_wireguard_intf
|
|
|
|
- name: "restart interface"
|
|
ansible.builtin.shell: |
|
|
if ip link show dev {{ vpn_wireguard_iface }}
|
|
then
|
|
ifdown {{ vpn_wireguard_iface }} && ifup {{ vpn_wireguard_iface }}
|
|
else
|
|
ifup {{ vpn_wireguard_iface }}
|
|
fi
|
|
when:
|
|
vpn_wireguard_conf.changed or
|
|
vpn_wireguard_post_up_iface_inet_nft.changed or
|
|
vpn_wireguard_intf.changed
|
|
|
|
- name: "pre-down nftables inet script"
|
|
ansible.builtin.template:
|
|
src: "./pre-down-IFACE-inet.nft"
|
|
dest: "/usr/local/sbin/pre-down-{{ vpn_wireguard_iface }}-inet.nft"
|
|
mode: 0755
|