Re-add previous ansible roles

Co-authored-by: Hassan Abouelela <[email protected]> Co-authored-by: Johannes Christ <[email protected]> Co-authored-by: Joe Banks <[email protected]> Co-authored-by: MarkKoz <[email protected]>
author: Chris Lovering <[email protected]> 2023-06-01 22:40:36 +0100
committer: ChrisJL <[email protected]> 2023-07-24 14:42:09 +0100
commit: 0d8bb6829dfe9358ad29ac7f0bf9ef80fd553e3d (patch)
tree: 5b586b477335e08d5f8b6e9f62f59599c1c2cade /roles/wireguard/tasks
parent: Remove bad default fail2ban ignore IP (diff)
1 files changed, 72 insertions, 0 deletions
diff --git a/roles/wireguard/tasks/main.yml b/roles/wireguard/tasks/main.yml
new file mode 100644
index 0000000..46ff3e9
--- /dev/null
+++ b/roles/wireguard/tasks/main.yml
@@ -0,0 +1,72 @@
+- name: Install WireGuard
+  apt:
+    update_cache: true
+    cache_valid_time: 3600
+    pkg:
+      - wireguard
+      - wireguard-tools
+      - linux-headers-{{ ansible_kernel }}
+  tags:
+    - role::wireguard
+
+- name: Generate WireGuard private key
+  shell: set -o pipefail && wg genkey > /etc/wireguard/key.priv
+  args:
+    executable: /bin/bash
+    creates: /etc/wireguard/key.priv
+  tags:
+    - role::wireguard
+
+- name: Generate WireGuard public key
+  shell: set -o pipefail && cat /etc/wireguard/key.priv | wg pubkey > /etc/wireguard/key.pub
+  args:
+    executable: /bin/bash
+    creates: /etc/wireguard/key.pub
+  tags:
+    - role::wireguard
+
+- name: Ensure file permissions for keys set correctly
+  file:
+    path: '{{ item }}'
+    owner: root
+    group: root
+    mode: '0600'
+  with_items:
+    - /etc/wireguard/key.priv
+    - /etc/wireguard/key.pub
+  tags:
+    - role::wireguard
+
+- name: Fetch private key for all hosts
+  slurp:
+    src: /etc/wireguard/key.priv
+  register: wg_priv_key
+  tags:
+    - role::wireguard
+
+- name: Fetch public key for all hosts
+  slurp:
+    src: /etc/wireguard/key.pub
+  register: wg_pub_key
+  tags:
+    - role::wireguard
+
+- name: Generate WireGuard configuration file
+  template:
+    src: wg0.conf.j2
+    dest: /etc/wireguard/wg0.conf
+    mode: '0600'
+    group: root
+    owner: root
+  notify:
+    - reload wg-quick
+  tags:
+    - role::wireguard
+
+- name: Start and enable the WireGuard service
+  service:
+    name: wg-quick@wg0
+    enabled: true
+    state: started
+  tags:
+    - role::wireguard
author	Chris Lovering <[email protected]>	2023-06-01 22:40:36 +0100
committer	ChrisJL <[email protected]>	2023-07-24 14:42:09 +0100
commit	0d8bb6829dfe9358ad29ac7f0bf9ef80fd553e3d (patch)
tree	5b586b477335e08d5f8b6e9f62f59599c1c2cade /roles/wireguard/tasks
parent	Remove bad default fail2ban ignore IP (diff)