taqi/homeserver
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update infra and portfolio deployment
All checks were successful
ci/woodpecker/push/demo-workflow Pipeline was successful
Details

Browse Source
This commit is contained in:
Taqi Tahmid
2025-08-23 09:25:23 +03:00
parent 7bad5121b0
commit d9b3ceff6b
10 changed files with 175 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

92
infra/ansible/roles/configure-wireguard/tasks/main.yaml Normal file
View File

@ -0,0 +1,92 @@
---
- name: Update apt cache
ansible.builtin.apt:
update_cache: yes
become: true
- name: Install necessary packages
ansible.builtin.apt:
name: "{{ apt_packages }}"
state: present
become: true
- name: Ensure WireGuard directory exists
ansible.builtin.file:
path: "{{ wireguard_path }}"
state: directory
mode: "0700"
owner: root
group: root
become: true
- name: Generate WireGuard server private key
ansible.builtin.command:
cmd: wg genkey
register: wg_private_key
become: true
- name: Save WireGuard server private key
ansible.builtin.copy:
content: "{{ wg_private_key.stdout | trim }}"
dest: "{{ wireguard_private_key_file }}"
mode: "0600"
owner: root
group: root
become: true
- name: Read WireGuard private key from file
ansible.builtin.slurp:
src: "{{ wireguard_private_key_file }}"
register: wg_private_key_file_content
become: true
- name: Decode WireGuard private key
ansible.builtin.set_fact:
wg_private_key_content: "{{ wg_private_key_file_content.content | b64decode | trim }}"
- name: Generate WireGuard server public key (if not exists)
ansible.builtin.stat:
path: "{{ wireguard_public_key_file }}"
register: public_key_stat
become: true
- name: Generate WireGuard server public key
ansible.builtin.shell:
cmd: "wg pubkey < {{ wireguard_private_key_file }}"
register: wg_public_key
become: true
- name: Save WireGuard server public key
ansible.builtin.copy:
content: "{{ wg_public_key.stdout | trim }}"
dest: "{{ wireguard_public_key_file }}"
mode: "0644"
owner: root
group: root
become: true
- name: Read WireGuard public key from file
ansible.builtin.slurp:
src: "{{ wireguard_public_key_file }}"
register: wg_public_key_file_content
become: true
- name: Decode WireGuard public key
ansible.builtin.set_fact:
wg_public_key_content: "{{ wg_public_key_file_content.content | trim }}"
- name: Create WireGuard configuration file
ansible.builtin.template:
src: "wg0.conf.j2"
dest: "{{ wireguard_path }}/wg0.conf"
owner: root
group: root
mode: "0600"
become: true
- name: Enable and start WireGuard service
ansible.builtin.service:
name: "wg-quick@{{ wireguard_interface }}"
state: started
enabled: yes
become: true

25
infra/ansible/roles/configure-wireguard/templates/wg0.conf.j2 Normal file
View File

@ -0,0 +1,25 @@
[Interface]
Address = {{ wg_address }}
ListenPort = {{ wg_port }}
PrivateKey = {{ wg_private_key_content }}
{% if wg_dns is defined %}
DNS = {{ wg_dns }}
{% endif %}
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
SaveConfig = true
{% for peer in wg_peers %}
[Peer]
PublicKey = {{ peer.public_key }}
{% if peer.preshared_key is defined %}
PresharedKey = {{ peer.preshared_key }}
{% endif %}
AllowedIPs = {{ peer.allowed_ips }}
{% if peer.endpoint is defined %}
Endpoint = {{ peer.endpoint }}
{% endif %}
{% if peer.persistent_keepalive is defined %}
PersistentKeepalive = {{ peer.persistent_keepalive }}
{% endif %}
{% endfor %}