From ea9ff70b12387b2e89ee19746eb019e6a318766f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stefan=20M=C3=A4rkle?= <stefan.maerkle@netpioneer.de>
Date: Sun, 27 Dec 2020 14:25:20 +0100
Subject: [PATCH] erste Version mit Namen statt Nummern

---
 .gitignore                                    |  1 +
 create_aws_wireguard_server.yml               | 17 +----
 roles/wireguard_server/tasks/main.yml         | 65 +++++++++++--------
 .../templates/wg0-client.conf                 |  4 +-
 roles/wireguard_server/templates/wg0.conf     |  6 +-
 5 files changed, 47 insertions(+), 46 deletions(-)

diff --git a/.gitignore b/.gitignore
index 0b1677b..635053b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
 .terraform
 wireguard_profiles/*
 *~
+inventory/*
\ No newline at end of file
diff --git a/create_aws_wireguard_server.yml b/create_aws_wireguard_server.yml
index bc2c765..c611e97 100644
--- a/create_aws_wireguard_server.yml
+++ b/create_aws_wireguard_server.yml
@@ -29,17 +29,6 @@
   roles:
     - aws_graviton_nano_spot
 
-- name: Install wireguard server on launched hosts
-  hosts: launched 
-  remote_user: admin
-  become: true
-  vars_prompt:
-  - name: vpn_clients
-    prompt: Number of vpn clients to be generated
-    default: 1
-    private: no
-  vars:
-    vpn_network: '10.100.100'
-    vpn_port: '58172'
-  roles:
-    - wireguard_server  
+- name: Include playbook to install wireguard
+  import_playbook: wireguard.yml
+
diff --git a/roles/wireguard_server/tasks/main.yml b/roles/wireguard_server/tasks/main.yml
index 8967255..51a52db 100644
--- a/roles/wireguard_server/tasks/main.yml
+++ b/roles/wireguard_server/tasks/main.yml
@@ -26,42 +26,54 @@
 - name: ensure wireguard services are stopped
   command: "systemctl stop wg-quick@wg0"
 
-- name: generate directories for client configs
+- name: generate directory for server configs
   file:
-    path: "~/wg/client_{{ item }}"
+    path: "~/wg/wireguard-server"
     state: directory
     owner: root
     group: root
     mode: 0700
-  with_sequence: start=1 end={{ vpn_clients }}
 
-- name: generate private and public keys for the client and server
-  shell: umask 077; wg genkey | tee ~/wg/{{ item }}.private | wg pubkey > ~/wg/{{ item }}.public
-  register: key_files
-  with_sequence: start=0 end={{ vpn_clients }}
+- name: generate directories for client configs
+  file:
+    path: "~/wg/{{ item }}"
+    state: directory
+    owner: root
+    group: root
+    mode: 0700
+  with_items: "{{ vpn_client_names }}"
 
-- name: register private key file contents
-  shell: cat ~/wg/{{ item }}.private
-  register: private_key_files
-  with_sequence: start=0 end={{ vpn_clients }}
+- name: generate private key for the server
+  shell: umask 077; wg genkey | tee ~/wg/wireguard-server.private
+  register: vpn_server_private_key
 
-- name: register public key file contents
-  shell: cat ~/wg/{{ item }}.public
-  register: public_key_files
-  with_sequence: start=0 end={{ vpn_clients }}
+- name: generate public key for the server
+  shell: umask 077; cat ~/wg/wireguard-server.private | wg pubkey | tee ~/wg/wireguard-server.public
+  register: vpn_server_public_key
+ 
+- name: generate private keys for clients
+  shell: umask 077; wg genkey | tee ~/wg/{{ item }}/wg0.private
+   | wg pubkey > ~/wg/{{ item }}/wg0.public
+  register: vpn_client_private_keys
+  with_items: "{{ vpn_client_names }}"
+
+- name: generate public keys for clients
+  shell: umask 077; cat ~/wg/{{ item }}/wg0.private | wg pubkey | tee ~/wg/{{ item }}/wg0.public
+  register: vpn_client_public_keys
+  with_items: "{{ vpn_client_names }}"
 
 - name: generate client configs
   template:
     src: "wg0-client.conf"
-    dest: "~/wg/client_{{ item }}/wg0-client.conf"
+    dest: "~/wg/{{ item.item }}/wg0-client.conf"
     owner: root
     group: root
     mode: 0600
-  with_sequence: start=1 end={{ vpn_clients }}
+  with_items: "{{ vpn_client_private_keys.results }}"
 
 - name: generate qr codes for client configs
-  shell: umask 077; qrencode --type=PNG --output=/root/wg/client_{{ item }}/wg0-client.png < ~/wg/client_{{ item }}/wg0-client.conf
-  with_sequence: start=1 end={{ vpn_clients }}
+  shell: umask 077; qrencode --type=PNG --output=/root/wg/{{ item }}/wg0-client.png < ~/wg/{{ item }}/wg0-client.conf
+  with_items: "{{ vpn_client_names }}"
 
 - name: generate server config
   template:
@@ -87,15 +99,14 @@
     
 - name:  download client conf files to the "wireguard_profiles/" folder on your local host
   fetch:
-    src: "~/wg/client_{{item}}/wg0-client.conf"
-    dest: "wireguard_profiles/{{ ansible_ssh_host }}/client_{{item}}/"
+    src: "~/wg/{{item}}/wg0-client.conf"
+    dest: "wireguard_profiles/{{ ansible_ssh_host }}/{{item}}/"
     flat: yes
-  with_sequence: start=1 end={{ vpn_clients }}
+  with_items: "{{ vpn_client_names }}"
 
-- name:  download client qr codes to the "wireguard_profiles/" folder on your local host
+- name:  download client conf files to the "wireguard_profiles/" folder on your local host
   fetch:
-    src: "~/wg/client_{{item}}/wg0-client.png"
-    dest: "wireguard_profiles/{{ ansible_ssh_host }}/client_{{item}}/"
+    src: "~/wg/{{item}}/wg0-client.png"
+    dest: "wireguard_profiles/{{ ansible_ssh_host }}/{{item}}/"
     flat: yes
-  with_sequence: start=1 end={{ vpn_clients }}
-  
\ No newline at end of file
+  with_items: "{{ vpn_client_names }}"
diff --git a/roles/wireguard_server/templates/wg0-client.conf b/roles/wireguard_server/templates/wg0-client.conf
index 19f1e3d..4b160f8 100644
--- a/roles/wireguard_server/templates/wg0-client.conf
+++ b/roles/wireguard_server/templates/wg0-client.conf
@@ -1,10 +1,10 @@
 [Interface]
 Address = {{ vpn_network }}.{{item|int + 1}}/32
 DNS = 9.9.9.9
-PrivateKey = {{ private_key_files.results[item|int].stdout }}
+PrivateKey = {{ item.stdout }}
 
 [Peer]
-PublicKey = {{ public_key_files.results[0].stdout }}
+PublicKey = {{ vpn_server_public_key.stdout }}
 AllowedIPs = 0.0.0.0/0
 Endpoint = {{ ansible_ssh_host }}:{{ vpn_port }}
 PersistentKeepalive = 0
diff --git a/roles/wireguard_server/templates/wg0.conf b/roles/wireguard_server/templates/wg0.conf
index fb66ad6..78b54c3 100644
--- a/roles/wireguard_server/templates/wg0.conf
+++ b/roles/wireguard_server/templates/wg0.conf
@@ -2,13 +2,13 @@
 Address = {{ vpn_network }}.1/24
 SaveConfig = false
 ListenPort = {{ vpn_port }}
-PrivateKey = {{ private_key_files.results[0].stdout }}
+PrivateKey = {{ vpn_server_private_key.stdout }}
 PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens5 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o ens5 -j MASQUERADE
 PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens5 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o ens5 -j MASQUERADE
 
-{% for i in range(vpn_clients|int) %}
+{% for i in range(vpn_client_public_keys.results|int) %}
 [Peer]
-PublicKey = {{ public_key_files.results[i + 1].stdout }}
+PublicKey = {{ vpn_client_public_keys.results[i].stdout }}
 AllowedIPs = {{ vpn_network }}.{{ i + 2 }}/32
 
 {% endfor %}
\ No newline at end of file