Taqi Tahmid
d9b3ceff6b
All checks were successful
ci/woodpecker/push/demo-workflow Pipeline was successful
93 lines
2.3 KiB
YAML
93 lines
2.3 KiB
YAML
---
|
|
- name: Update apt cache
|
|
ansible.builtin.apt:
|
|
update_cache: yes
|
|
become: true
|
|
|
|
- name: Install necessary packages
|
|
ansible.builtin.apt:
|
|
name: "{{ apt_packages }}"
|
|
state: present
|
|
become: true
|
|
|
|
- name: Ensure WireGuard directory exists
|
|
ansible.builtin.file:
|
|
path: "{{ wireguard_path }}"
|
|
state: directory
|
|
mode: "0700"
|
|
owner: root
|
|
group: root
|
|
become: true
|
|
|
|
- name: Generate WireGuard server private key
|
|
ansible.builtin.command:
|
|
cmd: wg genkey
|
|
register: wg_private_key
|
|
become: true
|
|
|
|
- name: Save WireGuard server private key
|
|
ansible.builtin.copy:
|
|
content: "{{ wg_private_key.stdout | trim }}"
|
|
dest: "{{ wireguard_private_key_file }}"
|
|
mode: "0600"
|
|
owner: root
|
|
group: root
|
|
become: true
|
|
|
|
- name: Read WireGuard private key from file
|
|
ansible.builtin.slurp:
|
|
src: "{{ wireguard_private_key_file }}"
|
|
register: wg_private_key_file_content
|
|
become: true
|
|
|
|
- name: Decode WireGuard private key
|
|
ansible.builtin.set_fact:
|
|
wg_private_key_content: "{{ wg_private_key_file_content.content | b64decode | trim }}"
|
|
|
|
- name: Generate WireGuard server public key (if not exists)
|
|
ansible.builtin.stat:
|
|
path: "{{ wireguard_public_key_file }}"
|
|
register: public_key_stat
|
|
become: true
|
|
|
|
- name: Generate WireGuard server public key
|
|
ansible.builtin.shell:
|
|
cmd: "wg pubkey < {{ wireguard_private_key_file }}"
|
|
register: wg_public_key
|
|
become: true
|
|
|
|
- name: Save WireGuard server public key
|
|
ansible.builtin.copy:
|
|
content: "{{ wg_public_key.stdout | trim }}"
|
|
dest: "{{ wireguard_public_key_file }}"
|
|
mode: "0644"
|
|
owner: root
|
|
group: root
|
|
become: true
|
|
|
|
- name: Read WireGuard public key from file
|
|
ansible.builtin.slurp:
|
|
src: "{{ wireguard_public_key_file }}"
|
|
register: wg_public_key_file_content
|
|
become: true
|
|
|
|
- name: Decode WireGuard public key
|
|
ansible.builtin.set_fact:
|
|
wg_public_key_content: "{{ wg_public_key_file_content.content | trim }}"
|
|
|
|
- name: Create WireGuard configuration file
|
|
ansible.builtin.template:
|
|
src: "wg0.conf.j2"
|
|
dest: "{{ wireguard_path }}/wg0.conf"
|
|
owner: root
|
|
group: root
|
|
mode: "0600"
|
|
become: true
|
|
|
|
- name: Enable and start WireGuard service
|
|
ansible.builtin.service:
|
|
name: "wg-quick@{{ wireguard_interface }}"
|
|
state: started
|
|
enabled: yes
|
|
become: true
|