feat: Move from Debian to Fedora

tasks/container.yml

@@ -1,22 +0,0 @@
----
-# tasks file for wireguard
-
-- name: Tâches de gestion du module du noyau
-  block:
-    - name: Charger le module du noyau
-      community.general.modprobe:
-        name: wireguard
-        state: present
-  rescue:
-    - name: Installer le module du noyau sur l'hôte
-      ansible.builtin.apt:
-        update_cache: true
-        name: wireguard-dkms
-  become: true
-  delegate_to: "{{ wireguard_module_host | default(omit, true) }}"
-
-- name: Installer l'outil de configuration
-  ansible.builtin.apt:
-    update_cache: true
-    name: wireguard-tools
-  become: true

tasks/keys.yml

@@ -0,0 +1,40 @@
+---
+# tasks file for wireguard
+
+- name: Create and store keys in OpenBao
+  block:
+    - name: Get keys from OpenBao
+      community.hashi_vault.vault_kv2_get:
+        engine_mount_point: "{{ wireguard_openbao_mount }}"
+        path: "{{ inventory_hostname }}/{{ ansible_role_name }}/{{ peer }}"
+      when: wireguard_openbao_mount | length > 0
+      delegate_to: 127.0.0.1
+  rescue:
+    - name: Generate peers privatekey # noqa: no-changed-when
+      ansible.builtin.command:
+        argv:
+          - wg
+          - genkey
+      register: peer_privatekey
+
+    - name: Generate peers publickey # noqa: no-changed-when
+      ansible.builtin.command:
+        argv:
+          - wg
+          - pubkey
+        stdin: "{{ peer_privatekey.stdout }}"
+      register: peer_publickey
+
+    - name: Write keys to OpenBao
+      community.hashi_vault.vault_kv2_write:
+        engine_mount_point: "{{ wireguard_openbao_mount }}"
+        path: "{{ inventory_hostname }}/{{ ansible_role_name }}/{{ peer }}"
+        data:
+          privatekey: "{{ peer_privatekey.stdout }}"
+          publickey: "{{ peer_publickey.stdout }}"
+        read_before_write: true
+      when:
+        - wireguard_openbao_mount | length > 0
+        - peer_privatekey.stdout | default('') | length > 0
+        - peer_publickey.stdout | default('') | length > 0
+      delegate_to: 127.0.0.1

tasks/main.yml

@@ -1,33 +1,34 @@
 ---
 # tasks file for wireguard
 
-- name: Installer le paquet
-  ansible.builtin.apt:
-    update_cache: true
-    name: wireguard
-  when: wireguard_module_host | length == 0
+- name: Install packages
+  ansible.builtin.dnf:
+    name: wireguard-tools
   become: true
 
-- name: Importer les tâches spécifique aux conteneurs
-  ansible.builtin.import_tasks:
-    file: container.yml
-  when: wireguard_module_host | length > 0
+- name: Include tasks to generate keys for server
+  ansible.builtin.include_tasks:
+    file: keys.yml
+  when: wireguard_server
+  vars:
+    peer: "{{ inventory_hostname }}"
 
-- name: Déployer la configuration des interfaces
+- name: Include tasks to generate keys for peers
+  ansible.builtin.include_tasks:
+    file: keys.yml
+  when: wireguard_server
+  loop: "{{ wireguard_peers }}"
+  loop_control:
+    label: "{{ peer }}"
+  vars:
+    peer: "{{ item.name }}"
+
+- name: Deploy interface
   ansible.builtin.template:
     src: wgN.j2
-    dest: /etc/wireguard/{{ interface }}.conf
+    dest: /etc/wireguard/{{ wireguard_interface_name }}.conf
     owner: root
     group: root
     mode: u=rw,g=r,o=r
-  loop: "{{ wireguard_interfaces }}"
-  loop_control:
-    index_var: index
-    label: "{{ interface }}"
-  vars:
-    interface: wg{{ index }}
   become: true
-  register: deploy
-  notify:
-    - Activer les services
-    - Redémarrer les services
+  notify: Enable and restart service