ansible.fftdf.supernode/roles/21-install-wireguard/tasks/main.yml

- name: Install Wireguard
  apt: name={{ item }} state=latest update_cache=yes
  with_items:
    - wireguard


- name: Register if config/private key already exists on target host
  ansible.builtin.stat:
    path: /etc/wireguard/vpn01.conf
  register: wireguard__register_config_file
  tags:
    - wg-generate-keys
    - wg-config

- name: WireGuard private key handling for new keys
  block:
    - name: Generate WireGuard private key
      ansible.builtin.command: "wg genkey"
      register: wireguard__register_private_key
      changed_when: false
      tags:
        - wg-generate-keys

    - name: Set private key fact
      ansible.builtin.set_fact:
        wireguard_private_key: "{{ wireguard__register_private_key.stdout }}"
      tags:
        - wg-generate-keys
  when:
    - not wireguard__register_config_file.stat.exists
    - wireguard_private_key is not defined

- name: WireGuard private key handling for existing keys
  block:
    - name: Read WireGuard config file
      ansible.builtin.slurp:
        src: /etc/wireguard/vpn01.conf
      register: wireguard__register_config
      tags:
        - wg-config

    - name: Set private key fact
      ansible.builtin.set_fact:
        wireguard_private_key: "{{ wireguard__register_config['content'] | b64decode | regex_findall('PrivateKey = (.*)') | first }}"
      tags:
        - wg-config
  when:
    - wireguard__register_config_file.stat.exists
    - wireguard_private_key is not defined

- name: Derive WireGuard public key
  ansible.builtin.command: "wg pubkey"
  args:
    stdin: "{{ wireguard_private_key }}"
  register: wireguard__register_public_key
  changed_when: false
  check_mode: false
  tags:
    - wg-config

- name: Set public key fact
  ansible.builtin.set_fact:
    wireguard__fact_public_key: "{{ wireguard__register_public_key.stdout }}"
  tags:
    - wg-config

- name: Create WireGuard configuration directory
  ansible.builtin.file:
    dest: /etc/wireguard/
    state: directory
    mode: 0700
  tags:
    - wg-config

- name: Generate WireGuard configuration file
  ansible.builtin.template:
    src: wg.conf.j2
    dest: /etc/wireguard/vpn01.conf
    owner: root
    group: root
    mode: 755
  tags:
    - wg-config
  notify:
    - reconfigure wireguard

- name: Start and enable WireGuard service
  ansible.builtin.service:
    name: "wg-quick@vpn01"
    state: started
    enabled: yes
Changed to Wireguard VPN 2022-05-08 19:32:16 +00:00			`- name: Install Wireguard`
			`apt: name={{ item }} state=latest update_cache=yes`
			`with_items:`
			`- wireguard`


			`- name: Register if config/private key already exists on target host`
			`ansible.builtin.stat:`
			`path: /etc/wireguard/vpn01.conf`
			`register: wireguard__register_config_file`
			`tags:`
			`- wg-generate-keys`
			`- wg-config`

			`- name: WireGuard private key handling for new keys`
			`block:`
			`- name: Generate WireGuard private key`
			`ansible.builtin.command: "wg genkey"`
			`register: wireguard__register_private_key`
			`changed_when: false`
			`tags:`
			`- wg-generate-keys`

			`- name: Set private key fact`
			`ansible.builtin.set_fact:`
			`wireguard_private_key: "{{ wireguard__register_private_key.stdout }}"`
			`tags:`
			`- wg-generate-keys`
			`when:`
			`- not wireguard__register_config_file.stat.exists`
			`- wireguard_private_key is not defined`

			`- name: WireGuard private key handling for existing keys`
			`block:`
			`- name: Read WireGuard config file`
			`ansible.builtin.slurp:`
			`src: /etc/wireguard/vpn01.conf`
			`register: wireguard__register_config`
			`tags:`
			`- wg-config`

			`- name: Set private key fact`
			`ansible.builtin.set_fact:`
			`wireguard_private_key: "{{ wireguard__register_config['content'] \| b64decode \| regex_findall('PrivateKey = (.*)') \| first }}"`
			`tags:`
			`- wg-config`
			`when:`
			`- wireguard__register_config_file.stat.exists`
			`- wireguard_private_key is not defined`

			`- name: Derive WireGuard public key`
			`ansible.builtin.command: "wg pubkey"`
			`args:`
			`stdin: "{{ wireguard_private_key }}"`
			`register: wireguard__register_public_key`
			`changed_when: false`
			`check_mode: false`
			`tags:`
			`- wg-config`

			`- name: Set public key fact`
			`ansible.builtin.set_fact:`
			`wireguard__fact_public_key: "{{ wireguard__register_public_key.stdout }}"`
			`tags:`
			`- wg-config`

			`- name: Create WireGuard configuration directory`
			`ansible.builtin.file:`
			`dest: /etc/wireguard/`
			`state: directory`
			`mode: 0700`
			`tags:`
			`- wg-config`

			`- name: Generate WireGuard configuration file`
			`ansible.builtin.template:`
			`src: wg.conf.j2`
			`dest: /etc/wireguard/vpn01.conf`
			`owner: root`
			`group: root`
			`mode: 755`
			`tags:`
			`- wg-config`
			`notify:`
			`- reconfigure wireguard`

			`- name: Start and enable WireGuard service`
			`ansible.builtin.service:`
			`name: "wg-quick@vpn01"`
Bugfixing and tidying up some things 2023-04-16 15:35:22 +00:00			`state: started`
			`enabled: yes`