infra-ansible

ansible script to ship alpine/ssh/wireguard

git clone https://9o.is/git/infra-ansible.git

commit 61c50c932e051fe31340c44c9073925b888cc7b8
parent 2d9b6ec6a57d21b59a5219daac6096997455685d
Author: Jul <jul@9o.is>
Date:   Mon, 13 May 2024 18:42:32 +0800

configure fwknop locally

Diffstat:
M host/roles/fwknop/tasks/main.yml  | 37 +++++++++++++++++++++++++++++++++++++

1 file changed, 37 insertions(+), 0 deletions(-)
diff --git a/host/roles/fwknop/tasks/main.yml b/host/roles/fwknop/tasks/main.yml
@@ -34,3 +34,40 @@
     mode: '0600'
   notify: restart fwknop-server
 
+- name: Create fwknop config directory locally
+  delegate_to: localhost
+  become: false
+  file:
+    path: ~user/.config/fwknop
+    owner: user
+    group: user
+    mode: '0755'
+    state: directory
+
+- name: Create fwknoprc locally
+  delegate_to: localhost
+  become: false
+  file:
+    path: ~user/.config/fwknop/fwknoprc
+    owner: user
+    group: user
+    mode: '0600'
+    state: touch
+
+- name: Configure fwknoprc locally
+  delegate_to: localhost
+  delegate_facts: true
+  become: false
+  blockinfile:
+    path: ~user/.config/fwknop/fwknoprc
+    marker: "### {mark} ansible managed {{ ansible_facts.hostname }}"
+    append_newline: true
+    prepend_newline: true
+    block: |
+      [{{ ansible_facts.hostname }}]
+      ACCESS tcp/{{ openssh_port }}
+      SPA_SERVER {{ ansible_facts.hostname }}
+      USE_HMAC Y
+      KEY_BASE64 {{ fwknop_key_base64 }}
+      HMAC_KEY_BASE64 {{ fwknop_hmac_key_base64 }}
+