68 lines
1.6 KiB
YAML
68 lines
1.6 KiB
YAML
|
####################
|
||
|
# - Check Variables
|
||
|
####################
|
||
|
- name: "[Play] Check Variables"
|
||
|
assert:
|
||
|
that:
|
||
|
- "hosts_wg0 is defined"
|
||
|
|
||
|
- name: "[Host][localhost] Check Variables"
|
||
|
assert:
|
||
|
that:
|
||
|
- "hostvars['localhost'].nodes_to_ipv4s_private is defined"
|
||
|
|
||
|
- name: "[Host] Check Variables"
|
||
|
assert:
|
||
|
that:
|
||
|
- "wg0_private_key is defined"
|
||
|
- "wg0_public_key is defined"
|
||
|
- "wg0_ip is defined"
|
||
|
with_items: "{{ hosts_wg0 }}"
|
||
|
|
||
|
- name: "[Special][Inter-Host PSKs] Check Variables"
|
||
|
assert:
|
||
|
that:
|
||
|
- "'wg0_psk_' ~ item is defined"
|
||
|
with_items: "{{ hosts_wg0 }}"
|
||
|
when: "item != inventory_hostname"
|
||
|
|
||
|
####################
|
||
|
# - Wireguard
|
||
|
####################
|
||
|
- name: "Install Wireguard Tools"
|
||
|
ansible.builtin.apt:
|
||
|
state: "present"
|
||
|
name: "wireguard"
|
||
|
|
||
|
- name: "systemd-networkd: Install wg0 Device"
|
||
|
template:
|
||
|
src: "{{ role_path }}/templates/99-wg0.netdev"
|
||
|
dest: "/etc/systemd/network/99-wg0.netdev"
|
||
|
owner: "root"
|
||
|
group: "systemd-network"
|
||
|
mode: "0640"
|
||
|
notify: "restart systemd-networkd"
|
||
|
|
||
|
- name: "systemd-networkd: Install wg0 Network"
|
||
|
template:
|
||
|
src: "{{ role_path }}/templates/99-wg0.network"
|
||
|
dest: "/etc/systemd/network/99-wg0.network"
|
||
|
owner: "root"
|
||
|
group: "systemd-network"
|
||
|
mode: "0640"
|
||
|
notify: "restart systemd-networkd"
|
||
|
|
||
|
####################
|
||
|
# - Wireguard - Enable Packet Forwarding
|
||
|
####################
|
||
|
- name: "Set net.ipv4.ip_forward = 1"
|
||
|
sysctl:
|
||
|
state: "present"
|
||
|
name: "net.ipv4.ip_forward"
|
||
|
value: "1"
|
||
|
reload: "yes"
|
||
|
notify: "restart systemd-networkd"
|
||
|
|
||
|
- name: "Run Notified Handlers"
|
||
|
meta: "flush_handlers"
|