54 lines
1.2 KiB
YAML
Executable File
54 lines
1.2 KiB
YAML
Executable File
---
|
|
- name: install fail2ban service
|
|
apt:
|
|
update_cache: yes
|
|
state: "{% if cloud_update | bool %}latest{% else %}present{% endif %}"
|
|
install_recommends: yes
|
|
pkg: wireguard
|
|
register: wireguard_installed
|
|
|
|
- name: setup key files
|
|
template:
|
|
src: "etc/wireguard/{{ item }}.j2"
|
|
dest: "/etc/wireguard/{{ item }}"
|
|
owner: root
|
|
mode: 0600
|
|
loop:
|
|
- private.key
|
|
- public.key
|
|
notify: restart wireguard service
|
|
|
|
- name: setup wireguard config
|
|
template:
|
|
src: "etc/wireguard/wireguard.conf.j2"
|
|
dest: "/etc/wireguard/{{ cloud_name }}.conf"
|
|
owner: root
|
|
mode: 0600
|
|
notify: restart wireguard service
|
|
|
|
- name: setup client folder
|
|
file:
|
|
state: directory
|
|
mode: 0600
|
|
owner: root
|
|
path: "{{ vpn_gateway_clientfolder }}"
|
|
|
|
- name: setup client configs
|
|
template:
|
|
src: "etc/wireguard/clients/wireguard-client.conf.j2"
|
|
dest: "{{ vpn_gateway_clientfolder }}/{{ vpn_client.name }}.conf"
|
|
owner: root
|
|
mode: 0600
|
|
loop: "{{ vpn_clients }}"
|
|
loop_control:
|
|
loop_var: vpn_client
|
|
label: "{{ vpn_client.name }}"
|
|
|
|
|
|
- name: enable wireguard systemd unit
|
|
systemd:
|
|
name: wg-quick@{{ cloud_name }}
|
|
enabled: yes
|
|
daemon_reload: yes
|
|
state: started
|