update infra and portfolio deployment
All checks were successful
ci/woodpecker/push/demo-workflow Pipeline was successful
All checks were successful
ci/woodpecker/push/demo-workflow Pipeline was successful
This commit is contained in:
92
infra/ansible/roles/configure-wireguard/tasks/main.yaml
Normal file
92
infra/ansible/roles/configure-wireguard/tasks/main.yaml
Normal file
@ -0,0 +1,92 @@
|
||||
---
|
||||
- name: Update apt cache
|
||||
ansible.builtin.apt:
|
||||
update_cache: yes
|
||||
become: true
|
||||
|
||||
- name: Install necessary packages
|
||||
ansible.builtin.apt:
|
||||
name: "{{ apt_packages }}"
|
||||
state: present
|
||||
become: true
|
||||
|
||||
- name: Ensure WireGuard directory exists
|
||||
ansible.builtin.file:
|
||||
path: "{{ wireguard_path }}"
|
||||
state: directory
|
||||
mode: "0700"
|
||||
owner: root
|
||||
group: root
|
||||
become: true
|
||||
|
||||
- name: Generate WireGuard server private key
|
||||
ansible.builtin.command:
|
||||
cmd: wg genkey
|
||||
register: wg_private_key
|
||||
become: true
|
||||
|
||||
- name: Save WireGuard server private key
|
||||
ansible.builtin.copy:
|
||||
content: "{{ wg_private_key.stdout | trim }}"
|
||||
dest: "{{ wireguard_private_key_file }}"
|
||||
mode: "0600"
|
||||
owner: root
|
||||
group: root
|
||||
become: true
|
||||
|
||||
- name: Read WireGuard private key from file
|
||||
ansible.builtin.slurp:
|
||||
src: "{{ wireguard_private_key_file }}"
|
||||
register: wg_private_key_file_content
|
||||
become: true
|
||||
|
||||
- name: Decode WireGuard private key
|
||||
ansible.builtin.set_fact:
|
||||
wg_private_key_content: "{{ wg_private_key_file_content.content | b64decode | trim }}"
|
||||
|
||||
- name: Generate WireGuard server public key (if not exists)
|
||||
ansible.builtin.stat:
|
||||
path: "{{ wireguard_public_key_file }}"
|
||||
register: public_key_stat
|
||||
become: true
|
||||
|
||||
- name: Generate WireGuard server public key
|
||||
ansible.builtin.shell:
|
||||
cmd: "wg pubkey < {{ wireguard_private_key_file }}"
|
||||
register: wg_public_key
|
||||
become: true
|
||||
|
||||
- name: Save WireGuard server public key
|
||||
ansible.builtin.copy:
|
||||
content: "{{ wg_public_key.stdout | trim }}"
|
||||
dest: "{{ wireguard_public_key_file }}"
|
||||
mode: "0644"
|
||||
owner: root
|
||||
group: root
|
||||
become: true
|
||||
|
||||
- name: Read WireGuard public key from file
|
||||
ansible.builtin.slurp:
|
||||
src: "{{ wireguard_public_key_file }}"
|
||||
register: wg_public_key_file_content
|
||||
become: true
|
||||
|
||||
- name: Decode WireGuard public key
|
||||
ansible.builtin.set_fact:
|
||||
wg_public_key_content: "{{ wg_public_key_file_content.content | trim }}"
|
||||
|
||||
- name: Create WireGuard configuration file
|
||||
ansible.builtin.template:
|
||||
src: "wg0.conf.j2"
|
||||
dest: "{{ wireguard_path }}/wg0.conf"
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0600"
|
||||
become: true
|
||||
|
||||
- name: Enable and start WireGuard service
|
||||
ansible.builtin.service:
|
||||
name: "wg-quick@{{ wireguard_interface }}"
|
||||
state: started
|
||||
enabled: yes
|
||||
become: true
|
||||
Reference in New Issue
Block a user