roles/wireguard/tasks/wireguard.yaml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93

- name: Setup Wireguard on Master Host
  block:

  - name: Ensure wireguard is present
    ansible.builtin.dnf:
      name: wireguard-tools
      state: latest

  - name: Generate private key
    ansible.builtin.shell: "wg genkey"
    register: privatekey

  - name: Set private key variable
    ansible.builtin.set_fact:
      privatekey: "{{ privatekey.stdout_lines[0] }}"

  - name: Generate public key
    ansible.builtin.shell: "echo {{ privatekey }} | wg pubkey"
    register: publickey

  - name: Set public key variable
    ansible.builtin.set_fact:
      publickey: "{{ publickey.stdout_lines[0] }}"

  - name: Create wireguard config file
    ansible.builtin.template:
      src: wireguard.master.j2
      dest: "{{ network.wireguard.path }}/wg0.conf"

  - name: Ensure ansible facts directory exists
    ansible.builtin.file:
      path: /etc/ansible/facts.d
      state: directory
      mode: 0755

  - name: Add fact about wireguard config to host
    ansible.builtin.copy:
      content: '{ "PublicKey": "{{ publickey }}" }'
      dest: "/etc/ansible/facts.d/wireguard.fact"

  - name: Re-gather facts
    gather_facts:
  when: inventory_hostname in groups["cloud"]
  become: true

- name: Setup Wireguard on Slave Hosts
  block:
  - name: Ensure wireguard is present
    ansible.builtin.dnf:
      name: wireguard-tools
      state: latest

  - name: Wait for master node to generate file
    ansible.builtin.wait_for:
      host: "{{ groups['cloud'][0] }}"
      path: /etc/ansible/facts.d/wireguard.fact
      search_regex: PublicKey
    delegate_to: "{{ groups['cloud'][0] }}"
    register: output

  - name: Generate private key
    ansible.builtin.shell: "wg genkey"
    register: privatekey

  - name: Set private key variable
    ansible.builtin.set_fact:
      privatekey: "{{ privatekey.stdout_lines[0] }}"

  - name: Generate public key
    ansible.builtin.shell: "echo {{ privatekey }} | wg pubkey"
    register: publickey

  - name: Set public key variable
    ansible.builtin.set_fact:
      publickey: "{{ publickey.stdout_lines[0] }}"

  - name: Setup wireguard ip fact
    set_fact:
      wireguard_ip: "10.0.0.{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'].split('.')[3] }}"

  - name: Create wireguard config file
    ansible.builtin.template:
      src: wireguard.slave.j2
      dest: "{{ network.wireguard.path }}/wg0.conf"

  - name: Add host's details to master
    lineinfile:
      path: "{{ network.wireguard.path }}/wg0.conf"
      line: "\n[Peer]\nPublicKey={{ publickey }}\nAllowedIPs={{ wireguard_ip }}\n"
    delegate_to: "{{ groups['cloud'][0] }}"

  when: inventory_hostname not in groups["cloud"]
  become: true