infra-ansible
ansible script to ship alpine/ssh/wireguard
git clone https://9o.is/git/infra-ansible.git
commit 03cedf9e0c2f6a652d041a53b55201689b2ec4aa parent 73aa9dd75da5b1536ff8f982b365f2451a7d7658 Author: Jul <jul@9o.is> Date: Sat, 1 Jun 2024 17:25:16 +0800 escalate privelege manually for local tasks Diffstat:
| M | host/roles/setup/handlers/main.yml | | | 1 | + |
| M | host/roles/setup/tasks/wireguard_client.yml | | | 8 | ++++++++ |
2 files changed, 9 insertions(+), 0 deletions(-)
diff --git a/host/roles/setup/handlers/main.yml b/host/roles/setup/handlers/main.yml @@ -15,6 +15,7 @@ state: restarted - name: restart client wireguard + become: true delegate_to: localhost service: name: wg-quick@{{ wg_client_iface }} diff --git a/host/roles/setup/tasks/wireguard_client.yml b/host/roles/setup/tasks/wireguard_client.yml @@ -1,5 +1,6 @@ --- - name: create client wireguard directory + become: true delegate_to: localhost file: path: /rw/config/wireguard @@ -9,6 +10,7 @@ state: directory - name: link /etc/wireguard + become: true delegate_to: localhost file: src: /rw/config/wireguard @@ -19,6 +21,7 @@ state: link - name: edit client interface + become: true delegate_to: localhost ini_file: path: '/etc/wireguard/{{ wg_client_iface }}.conf' @@ -36,6 +39,7 @@ notify: restart client wireguard - name: add server peer to client config + become: true delegate_to: localhost delegate_facts: true ini_file: @@ -58,6 +62,7 @@ notify: restart client wireguard - name: autostart wireguard + become: true delegate_to: localhost copy: dest: /rw/config/rc.local.d/wireguard.rc @@ -70,6 +75,7 @@ ln -s /rw/config/wireguard /etc/wireguard - name: autostart wireguard {{ wg_client_iface }} + become: true delegate_to: localhost copy: dest: '/rw/config/rc.local.d/wireguard-{{ wg_client_iface }}.rc' @@ -82,6 +88,7 @@ systemctl start wg-quick@{{ wg_client_iface }} - name: resolve {{ ansible_nodename }} to {{ wg_server_ip }} + become: true delegate_to: localhost delegate_facts: true lineinfile: @@ -91,6 +98,7 @@ insertbefore: '### START default local hosts' - name: persist /etc/hosts for qubes + become: true delegate_to: localhost delegate_facts: true lineinfile: