jetzt läuft er

2020-12-02 19:12:01 +01:00 · 2020-12-02 19:12:01 +01:00 · 3a8c1c5ca0
commit 3a8c1c5ca0
parent 1bc6136142
4 changed files with 14 additions and 13 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,2 @@
 .terraform
+wireguard_profiles/*
--- a/roles/wireguard_server/tasks/main.yml
+++ b/roles/wireguard_server/tasks/main.yml
@ -22,11 +22,12 @@
 - name: Reboot to use new kernel
  reboot:

- name: ensure all wireguard services are stopped and enabled
+- name: ensure wireguard services are stopped and enabled
  service:
    name: "wg-quick@wg0"
    state: stopped
    enabled: yes
+  ignore_errors: True
  
 - name: generate directories for client configs
  file:
@ -40,17 +41,17 @@
 - name: generate private and public keys for the client and server
  shell: umask 077; wg genkey | tee ~/wg/{{ item }}.private | wg pubkey > ~/wg/{{ item }}.public
  register: key_files
-  with_sequence: start=1 end={{ vpn_clients }}
+  with_sequence: start=0 end={{ vpn_clients }}

 - name: register private key file contents
  shell: cat ~/wg/{{ item }}.private
  register: private_key_files
-  with_sequence: start=1 end={{ vpn_clients }}
+  with_sequence: start=0 end={{ vpn_clients }}

 - name: register public key file contents
  shell: cat ~/wg/{{ item }}.public
  register: public_key_files
-  with_sequence: start=1 end={{ vpn_clients }}
+  with_sequence: start=0 end={{ vpn_clients }}

 - name: generate client configs
  template:
@ -85,6 +86,7 @@
  service:
    name: "wg-quick@wg0"
    state: started
+  ignore_errors: True
    
 - name:  download client conf files to the "wireguard_profiles/" folder on your local host
  fetch:
--- a/roles/wireguard_server/templates/wg0-client.conf
+++ b/roles/wireguard_server/templates/wg0-client.conf
@ -7,4 +7,4 @@ PrivateKey = {{ private_key_files.results[item|int].stdout }}
 PublicKey = {{ public_key_files.results[0].stdout }}
 AllowedIPs = 0.0.0.0/0
 Endpoint = {{ ansible_default_ipv4.address }}:{{ vpn_port }}
-PersistentKeepalive = {{ vpn_persistent_keepalive }}
+PersistentKeepalive = 1
--- a/wireguard.yml
+++ b/wireguard.yml
@ -1,10 +1,4 @@
 ---
- name: set defaults
-  vars:
-    vpn_network: '10.100.100'
-    vpn_port: '58172'
-    vpn_clients: 1
-
 # manually prepare inventory
 - name: add host
  hosts: localhost
@ -19,5 +13,9 @@
  hosts: launched
  remote_user: admin
  become: yes
+  vars:
+    vpn_network: '10.100.100'
+    vpn_port: '58172'
+    vpn_clients: 1
  roles:
    - wireguard_server