infra-ansible
ansible script to ship alpine/ssh/wireguard
git clone https://9o.is/git/infra-ansible.git
wireguard_server.yml
(1367B)
1 ---
2 - name: install wireguard
3 package:
4 name:
5 - wireguard-tools
6 - wireguard-tools-openrc
7 state: present
8
9 - name: create server wireguard directory
10 file:
11 path: /etc/wireguard
12 owner: root
13 group: root
14 mode: '0700'
15 state: directory
16
17 - name: configure server interface
18 ini_file:
19 path: /etc/wireguard/wg0.conf
20 owner: root
21 group: root
22 mode: '0600'
23 section: Interface
24 option: '{{ item.option }}'
25 value: '{{ item.value }}'
26 with_items:
27 - option: PrivateKey
28 value: '{{ wg_server_private_key }}'
29 - option: Address
30 value: '{{ wg_server_ip }}/32'
31 - option: ListenPort
32 value: '{{ wireguard_port }}'
33 notify: restart server wireguard
34
35 - name: add client peer to server config
36 ini_file:
37 path: /etc/wireguard/wg0.conf
38 owner: root
39 group: root
40 mode: '0600'
41 section: Peer
42 option: '{{ item.option }}'
43 value: '{{ item.value }}'
44 with_items:
45 - option: PublicKey
46 value: '{{ wg_client_public_key }}'
47 - option: AllowedIPs
48 value: '{{ wg_client_ip }}/32'
49 notify: restart server wireguard
50
51 - name: create wireguard openrc service
52 file:
53 src: /etc/init.d/wg-quick
54 dest: /etc/init.d/wg-quick.wg0
55 owner: root
56 group: root
57 state: link
58
59 - name: enable wireguard service
60 service:
61 name: wg-quick.wg0
62 enabled: true
63