You've already forked role_wireguard
feat: Move from Debian to Fedora
This commit is contained in:
@@ -1,22 +0,0 @@
|
||||
---
|
||||
# tasks file for wireguard
|
||||
|
||||
- name: Tâches de gestion du module du noyau
|
||||
block:
|
||||
- name: Charger le module du noyau
|
||||
community.general.modprobe:
|
||||
name: wireguard
|
||||
state: present
|
||||
rescue:
|
||||
- name: Installer le module du noyau sur l'hôte
|
||||
ansible.builtin.apt:
|
||||
update_cache: true
|
||||
name: wireguard-dkms
|
||||
become: true
|
||||
delegate_to: "{{ wireguard_module_host | default(omit, true) }}"
|
||||
|
||||
- name: Installer l'outil de configuration
|
||||
ansible.builtin.apt:
|
||||
update_cache: true
|
||||
name: wireguard-tools
|
||||
become: true
|
||||
40
tasks/keys.yml
Normal file
40
tasks/keys.yml
Normal file
@@ -0,0 +1,40 @@
|
||||
---
|
||||
# tasks file for wireguard
|
||||
|
||||
- name: Create and store keys in OpenBao
|
||||
block:
|
||||
- name: Get keys from OpenBao
|
||||
community.hashi_vault.vault_kv2_get:
|
||||
engine_mount_point: "{{ wireguard_openbao_mount }}"
|
||||
path: "{{ inventory_hostname }}/{{ ansible_role_name }}/{{ peer }}"
|
||||
when: wireguard_openbao_mount | length > 0
|
||||
delegate_to: 127.0.0.1
|
||||
rescue:
|
||||
- name: Generate peers privatekey # noqa: no-changed-when
|
||||
ansible.builtin.command:
|
||||
argv:
|
||||
- wg
|
||||
- genkey
|
||||
register: peer_privatekey
|
||||
|
||||
- name: Generate peers publickey # noqa: no-changed-when
|
||||
ansible.builtin.command:
|
||||
argv:
|
||||
- wg
|
||||
- pubkey
|
||||
stdin: "{{ peer_privatekey.stdout }}"
|
||||
register: peer_publickey
|
||||
|
||||
- name: Write keys to OpenBao
|
||||
community.hashi_vault.vault_kv2_write:
|
||||
engine_mount_point: "{{ wireguard_openbao_mount }}"
|
||||
path: "{{ inventory_hostname }}/{{ ansible_role_name }}/{{ peer }}"
|
||||
data:
|
||||
privatekey: "{{ peer_privatekey.stdout }}"
|
||||
publickey: "{{ peer_publickey.stdout }}"
|
||||
read_before_write: true
|
||||
when:
|
||||
- wireguard_openbao_mount | length > 0
|
||||
- peer_privatekey.stdout | default('') | length > 0
|
||||
- peer_publickey.stdout | default('') | length > 0
|
||||
delegate_to: 127.0.0.1
|
||||
@@ -1,33 +1,34 @@
|
||||
---
|
||||
# tasks file for wireguard
|
||||
|
||||
- name: Installer le paquet
|
||||
ansible.builtin.apt:
|
||||
update_cache: true
|
||||
name: wireguard
|
||||
when: wireguard_module_host | length == 0
|
||||
- name: Install packages
|
||||
ansible.builtin.dnf:
|
||||
name: wireguard-tools
|
||||
become: true
|
||||
|
||||
- name: Importer les tâches spécifique aux conteneurs
|
||||
ansible.builtin.import_tasks:
|
||||
file: container.yml
|
||||
when: wireguard_module_host | length > 0
|
||||
- name: Include tasks to generate keys for server
|
||||
ansible.builtin.include_tasks:
|
||||
file: keys.yml
|
||||
when: wireguard_server
|
||||
vars:
|
||||
peer: "{{ inventory_hostname }}"
|
||||
|
||||
- name: Déployer la configuration des interfaces
|
||||
- name: Include tasks to generate keys for peers
|
||||
ansible.builtin.include_tasks:
|
||||
file: keys.yml
|
||||
when: wireguard_server
|
||||
loop: "{{ wireguard_peers }}"
|
||||
loop_control:
|
||||
label: "{{ peer }}"
|
||||
vars:
|
||||
peer: "{{ item.name }}"
|
||||
|
||||
- name: Deploy interface
|
||||
ansible.builtin.template:
|
||||
src: wgN.j2
|
||||
dest: /etc/wireguard/{{ interface }}.conf
|
||||
dest: /etc/wireguard/{{ wireguard_interface_name }}.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: u=rw,g=r,o=r
|
||||
loop: "{{ wireguard_interfaces }}"
|
||||
loop_control:
|
||||
index_var: index
|
||||
label: "{{ interface }}"
|
||||
vars:
|
||||
interface: wg{{ index }}
|
||||
become: true
|
||||
register: deploy
|
||||
notify:
|
||||
- Activer les services
|
||||
- Redémarrer les services
|
||||
notify: Enable and restart service
|
||||
|
||||
Reference in New Issue
Block a user