ansible-debops-infrastructure

DebOps and Ansible scripts to manage my infrastructure
git clone git://git.erethon.com/ansible-debops-infrastructure
Log | Files | Refs

main.yml (1997B)


      1 ---
      2 
      3 - name: Generate private WG keys
      4   command:
      5     cmd: wg genkey
      6   args:
      7     creates: '{{ secret + "/wireguard/" + item + "/keys/privatekey" }}'
      8   delegate_to: 'localhost'
      9   become: False
     10   run_once: True
     11   loop: "{{ ansible_play_hosts }}"
     12   register: wg__private_keys
     13   tags: ["wireguard::genkeys"]
     14 
     15 - name: Create required directories on Ansible controller
     16   file:
     17     dest: '{{ secret + "/wireguard/" + item.item + "/keys/" }}'
     18     state: directory
     19   delegate_to: 'localhost'
     20   become: False
     21   run_once: True
     22   loop: "{{ wg__private_keys.results }}"
     23   tags: ["wireguard::genkeys"]
     24 
     25 - name: Save private keys to the controller secret stash
     26   copy:
     27     content: "{{ item.stdout }}"
     28     dest: '{{ secret + "/wireguard/" + item.item + "/keys/privatekey" }}'
     29   delegate_to: 'localhost'
     30   become: False
     31   run_once: True
     32   loop: "{{ wg__private_keys.results }}"
     33   when: item.changed
     34   tags: ["wireguard::genkeys"]
     35 
     36 - name: Get public keys from private keys
     37   command: wg pubkey
     38   args:
     39     stdin: "{{ item.stdout }}"
     40     creates: '{{ secret + "/wireguard/" + item.item + "/keys/publickey" }}'
     41   delegate_to: 'localhost'
     42   loop: "{{ wg__private_keys.results }}"
     43   when: item.changed
     44   register: wg__public_keys
     45   tags: ["wireguard::genkeys"]
     46 
     47 - name: Save public keys to the controller secret stash
     48   copy:
     49     content: "{{ item.stdout }}"
     50     dest: '{{ secret + "/wireguard/" + item.item.item + "/keys/publickey" }}'
     51   delegate_to: 'localhost'
     52   become: False
     53   run_once: True
     54   loop: "{{ wg__public_keys.results }}"
     55   when: item.changed
     56   tags: ["wireguard::genkeys"]
     57 
     58 - name: Create /etc/wireguard directory
     59   file:
     60     name: "/etc/wireguard"
     61     state: "directory"
     62 
     63 - name: Read private key and register it
     64   set_fact:
     65     _wireguard__private_key: "{{ lookup('file', secret + '/wireguard/' + item + '/keys/privatekey') }}"
     66   loop: "{{ ansible_play_hosts }}"
     67 
     68 - name: Create wireguard config files
     69   template:
     70     src: wg.conf.j2
     71     dest: "/etc/wireguard/wg0.conf"
     72     mode: 0600
     73   become: True