wg-aws/roles/wireguard_server/tasks/main.yml

---
- name: Update APT package cache
  apt:
    update_cache: true
    upgrade: dist
    
- name: Ensure WireGuard DKMS package is removed
  apt:
    name:
      - "wireguard-dkms"
    state: absent

- name: Install wireguard package
  apt:
    name: "wireguard"
    state: present

- name: Install qrencode package
  apt:
    name: "qrencode"
    state: present

- name: ensure wireguard services are stopped
  command: "systemctl stop wg-quick@wg0"

- name: generate directory for server configs
  file:
    path: "~/wg/wireguard-server"
    state: directory
    owner: root
    group: root
    mode: 0700

- name: generate directories for client configs
  file:
    path: "~/wg/{{ item }}"
    state: directory
    owner: root
    group: root
    mode: 0700
  with_items: "{{ vpn_client_names }}"

- name: generate private key for the server
  shell: umask 077; wg genkey | tee ~/wg/wireguard-server.private
  register: vpn_server_private_key

- name: generate public key for the server
  shell: umask 077; cat ~/wg/wireguard-server.private | wg pubkey | tee ~/wg/wireguard-server.public
  register: vpn_server_public_key
 
- name: generate private keys for clients
  shell: umask 077; wg genkey | tee ~/wg/{{ item }}/wg0.private
  register: vpn_client_private_keys
  with_items: "{{ vpn_client_names }}"

- name: generate public keys for clients
  shell: umask 077; cat ~/wg/{{ item }}/wg0.private | wg pubkey | tee ~/wg/{{ item }}/wg0.public
  register: vpn_client_public_keys
  with_items: "{{ vpn_client_names }}"

- name: generate client configs
  template:
    src: "wg0-client.conf"
    dest: "~/wg/{{ item.1.item }}/wg0-client.conf"
    owner: root
    group: root
    mode: 0600
  with_indexed_items: "{{ vpn_client_private_keys.results }}"

- name: generate qr codes for client configs
  shell: umask 077; qrencode --type=PNG --output=/root/wg/{{ item }}/wg0-client.png < ~/wg/{{ item }}/wg0-client.conf
  with_items: "{{ vpn_client_names }}"

- name: generate server config
  template:
    src: "wg0.conf"
    dest: "/etc/wireguard/wg0.conf"
    owner: root
    group: root
    mode: 0600

- name: enable ipv4 traffic forwarding
  sysctl:
    name: net.ipv4.ip_forward
    value: "1"
    sysctl_set: yes
    state: present
    reload: yes

- name: ensure wireguard services are enabled
  command: "systemctl enable wg-quick@wg0"

- name: ensure all wireguard services are started
  command: "systemctl start wg-quick@wg0"
    
- name:  download client conf files to the "wireguard_profiles/" folder on your local host
  fetch:
    src: "~/wg/{{item}}/wg0-client.conf"
    dest: "wireguard_profiles/{{ ansible_ssh_host }}/{{item}}/"
    flat: yes
  with_items: "{{ vpn_client_names }}"

- name:  download client conf files to the "wireguard_profiles/" folder on your local host
  fetch:
    src: "~/wg/{{item}}/wg0-client.png"
    dest: "wireguard_profiles/{{ ansible_ssh_host }}/{{item}}/"
    flat: yes
  with_items: "{{ vpn_client_names }}"
neue Rolle wireguard_server 2020-12-02 16:09:55 +01:00			`---`
Bugfixes: String nach int in jinja2 muss explizit gemacht werden Bugfixes: systemctl explizit aufrufen statt ansible modul verwenden startet das wg0 zuverlässig 2020-12-03 00:09:24 +01:00			`- name: Update APT package cache`
neue Rolle wireguard_server 2020-12-02 16:09:55 +01:00			`apt:`
			`update_cache: true`
Bugfixes: String nach int in jinja2 muss explizit gemacht werden Bugfixes: systemctl explizit aufrufen statt ansible modul verwenden startet das wg0 zuverlässig 2020-12-03 00:09:24 +01:00			`upgrade: dist`

			`- name: Ensure WireGuard DKMS package is removed`
neue Rolle wireguard_server 2020-12-02 16:09:55 +01:00			`apt:`
			`name:`
			`- "wireguard-dkms"`
			`state: absent`

installation von wireguard 2020-12-02 18:11:18 +01:00			`- name: Install wireguard package`
neue Rolle wireguard_server 2020-12-02 16:09:55 +01:00			`apt:`
			`name: "wireguard"`
			`state: present`

installation von wireguard 2020-12-02 18:11:18 +01:00			`- name: Install qrencode package`
			`apt:`
			`name: "qrencode"`
			`state: present`

Bugfixes: String nach int in jinja2 muss explizit gemacht werden Bugfixes: systemctl explizit aufrufen statt ansible modul verwenden startet das wg0 zuverlässig 2020-12-03 00:09:24 +01:00			`- name: ensure wireguard services are stopped`
			`command: "systemctl stop wg-quick@wg0"`

erste Version mit Namen statt Nummern 2020-12-27 14:25:20 +01:00			`- name: generate directory for server configs`
			`file:`
			`path: "~/wg/wireguard-server"`
			`state: directory`
			`owner: root`
			`group: root`
			`mode: 0700`

installation von wireguard 2020-12-02 18:11:18 +01:00			`- name: generate directories for client configs`
			`file:`
erste Version mit Namen statt Nummern 2020-12-27 14:25:20 +01:00			`path: "~/wg/{{ item }}"`
installation von wireguard 2020-12-02 18:11:18 +01:00			`state: directory`
			`owner: root`
			`group: root`
			`mode: 0700`
erste Version mit Namen statt Nummern 2020-12-27 14:25:20 +01:00			`with_items: "{{ vpn_client_names }}"`
installation von wireguard 2020-12-02 18:11:18 +01:00
erste Version mit Namen statt Nummern 2020-12-27 14:25:20 +01:00			`- name: generate private key for the server`
			`shell: umask 077; wg genkey \| tee ~/wg/wireguard-server.private`
			`register: vpn_server_private_key`
installation von wireguard 2020-12-02 18:11:18 +01:00
erste Version mit Namen statt Nummern 2020-12-27 14:25:20 +01:00			`- name: generate public key for the server`
			`shell: umask 077; cat ~/wg/wireguard-server.private \| wg pubkey \| tee ~/wg/wireguard-server.public`
			`register: vpn_server_public_key`

			`- name: generate private keys for clients`
			`shell: umask 077; wg genkey \| tee ~/wg/{{ item }}/wg0.private`
			`register: vpn_client_private_keys`
			`with_items: "{{ vpn_client_names }}"`
installation von wireguard 2020-12-02 18:11:18 +01:00
erste Version mit Namen statt Nummern 2020-12-27 14:25:20 +01:00			`- name: generate public keys for clients`
			`shell: umask 077; cat ~/wg/{{ item }}/wg0.private \| wg pubkey \| tee ~/wg/{{ item }}/wg0.public`
			`register: vpn_client_public_keys`
			`with_items: "{{ vpn_client_names }}"`
installation von wireguard 2020-12-02 18:11:18 +01:00
			`- name: generate client configs`
			`template:`
			`src: "wg0-client.conf"`
Bugfix: Iterating over clients now increment ip numbers ... 2020-12-28 18:21:19 +01:00			`dest: "~/wg/{{ item.1.item }}/wg0-client.conf"`
installation von wireguard 2020-12-02 18:11:18 +01:00			`owner: root`
			`group: root`
			`mode: 0600`
Bugfix: Iterating over clients now increment ip numbers ... 2020-12-28 18:21:19 +01:00			`with_indexed_items: "{{ vpn_client_private_keys.results }}"`
installation von wireguard 2020-12-02 18:11:18 +01:00
			`- name: generate qr codes for client configs`
erste Version mit Namen statt Nummern 2020-12-27 14:25:20 +01:00			`shell: umask 077; qrencode --type=PNG --output=/root/wg/{{ item }}/wg0-client.png < ~/wg/{{ item }}/wg0-client.conf`
			`with_items: "{{ vpn_client_names }}"`
installation von wireguard 2020-12-02 18:11:18 +01:00
			`- name: generate server config`
			`template:`
			`src: "wg0.conf"`
			`dest: "/etc/wireguard/wg0.conf"`
			`owner: root`
			`group: root`
			`mode: 0600`

			`- name: enable ipv4 traffic forwarding`
			`sysctl:`
			`name: net.ipv4.ip_forward`
			`value: "1"`
			`sysctl_set: yes`
			`state: present`
			`reload: yes`

Bugfixes: String nach int in jinja2 muss explizit gemacht werden Bugfixes: systemctl explizit aufrufen statt ansible modul verwenden startet das wg0 zuverlässig 2020-12-03 00:09:24 +01:00			`- name: ensure wireguard services are enabled`
			`command: "systemctl enable wg-quick@wg0"`

installation von wireguard 2020-12-02 18:11:18 +01:00			`- name: ensure all wireguard services are started`
Bugfixes: String nach int in jinja2 muss explizit gemacht werden Bugfixes: systemctl explizit aufrufen statt ansible modul verwenden startet das wg0 zuverlässig 2020-12-03 00:09:24 +01:00			`command: "systemctl start wg-quick@wg0"`
jetzt läuft er 2020-12-02 19:12:01 +01:00
installation von wireguard 2020-12-02 18:11:18 +01:00			`- name: download client conf files to the "wireguard_profiles/" folder on your local host`
			`fetch:`
erste Version mit Namen statt Nummern 2020-12-27 14:25:20 +01:00			`src: "~/wg/{{item}}/wg0-client.conf"`
			`dest: "wireguard_profiles/{{ ansible_ssh_host }}/{{item}}/"`
installation von wireguard 2020-12-02 18:11:18 +01:00			`flat: yes`
erste Version mit Namen statt Nummern 2020-12-27 14:25:20 +01:00			`with_items: "{{ vpn_client_names }}"`
installation von wireguard 2020-12-02 18:11:18 +01:00
erste Version mit Namen statt Nummern 2020-12-27 14:25:20 +01:00			`- name: download client conf files to the "wireguard_profiles/" folder on your local host`
installation von wireguard 2020-12-02 18:11:18 +01:00			`fetch:`
erste Version mit Namen statt Nummern 2020-12-27 14:25:20 +01:00			`src: "~/wg/{{item}}/wg0-client.png"`
			`dest: "wireguard_profiles/{{ ansible_ssh_host }}/{{item}}/"`
installation von wireguard 2020-12-02 18:11:18 +01:00			`flat: yes`
erste Version mit Namen statt Nummern 2020-12-27 14:25:20 +01:00			`with_items: "{{ vpn_client_names }}"`