erste Version mit Namen statt Nummern

.gitignore

@@ -1,3 +1,4 @@
 .terraform
 wireguard_profiles/*
 *~
+inventory/*

create_aws_wireguard_server.yml

@@ -29,17 +29,6 @@
   roles:
     - aws_graviton_nano_spot
 
-- name: Install wireguard server on launched hosts
+- name: Include playbook to install wireguard
-  hosts: launched 
+  import_playbook: wireguard.yml
-  remote_user: admin
+
-  become: true
-  vars_prompt:
-  - name: vpn_clients
-    prompt: Number of vpn clients to be generated
-    default: 1
-    private: no
-  vars:
-    vpn_network: '10.100.100'
-    vpn_port: '58172'
-  roles:
-    - wireguard_server  

roles/wireguard_server/tasks/main.yml

@@ -26,42 +26,54 @@
 - name: ensure wireguard services are stopped
   command: "systemctl stop wg-quick@wg0"
 
-- name: generate directories for client configs
+- name: generate directory for server configs
   file:
-    path: "~/wg/client_{{ item }}"
+    path: "~/wg/wireguard-server"
     state: directory
     owner: root
     group: root
     mode: 0700
-  with_sequence: start=1 end={{ vpn_clients }}
 
-- name: generate private and public keys for the client and server
+- name: generate directories for client configs
-  shell: umask 077; wg genkey | tee ~/wg/{{ item }}.private | wg pubkey > ~/wg/{{ item }}.public
+  file:
-  register: key_files
+    path: "~/wg/{{ item }}"
-  with_sequence: start=0 end={{ vpn_clients }}
+    state: directory
+    owner: root
+    group: root
+    mode: 0700
+  with_items: "{{ vpn_client_names }}"
 
-- name: register private key file contents
+- name: generate private key for the server
-  shell: cat ~/wg/{{ item }}.private
+  shell: umask 077; wg genkey | tee ~/wg/wireguard-server.private
-  register: private_key_files
+  register: vpn_server_private_key
-  with_sequence: start=0 end={{ vpn_clients }}
 
-- name: register public key file contents
+- name: generate public key for the server
-  shell: cat ~/wg/{{ item }}.public
+  shell: umask 077; cat ~/wg/wireguard-server.private | wg pubkey | tee ~/wg/wireguard-server.public
-  register: public_key_files
+  register: vpn_server_public_key
-  with_sequence: start=0 end={{ vpn_clients }}
+ 
+- name: generate private keys for clients
+  shell: umask 077; wg genkey | tee ~/wg/{{ item }}/wg0.private
+   | wg pubkey > ~/wg/{{ item }}/wg0.public
+  register: vpn_client_private_keys
+  with_items: "{{ vpn_client_names }}"
+
+- name: generate public keys for clients
+  shell: umask 077; cat ~/wg/{{ item }}/wg0.private | wg pubkey | tee ~/wg/{{ item }}/wg0.public
+  register: vpn_client_public_keys
+  with_items: "{{ vpn_client_names }}"
 
 - name: generate client configs
   template:
     src: "wg0-client.conf"
-    dest: "~/wg/client_{{ item }}/wg0-client.conf"
+    dest: "~/wg/{{ item.item }}/wg0-client.conf"
     owner: root
     group: root
     mode: 0600
-  with_sequence: start=1 end={{ vpn_clients }}
+  with_items: "{{ vpn_client_private_keys.results }}"
 
 - name: generate qr codes for client configs
-  shell: umask 077; qrencode --type=PNG --output=/root/wg/client_{{ item }}/wg0-client.png < ~/wg/client_{{ item }}/wg0-client.conf
+  shell: umask 077; qrencode --type=PNG --output=/root/wg/{{ item }}/wg0-client.png < ~/wg/{{ item }}/wg0-client.conf
-  with_sequence: start=1 end={{ vpn_clients }}
+  with_items: "{{ vpn_client_names }}"
 
 - name: generate server config
   template:
@@ -87,15 +99,14 @@
     
 - name:  download client conf files to the "wireguard_profiles/" folder on your local host
   fetch:
-    src: "~/wg/client_{{item}}/wg0-client.conf"
+    src: "~/wg/{{item}}/wg0-client.conf"
-    dest: "wireguard_profiles/{{ ansible_ssh_host }}/client_{{item}}/"
+    dest: "wireguard_profiles/{{ ansible_ssh_host }}/{{item}}/"
     flat: yes
-  with_sequence: start=1 end={{ vpn_clients }}
+  with_items: "{{ vpn_client_names }}"
 
-- name:  download client qr codes to the "wireguard_profiles/" folder on your local host
+- name:  download client conf files to the "wireguard_profiles/" folder on your local host
   fetch:
-    src: "~/wg/client_{{item}}/wg0-client.png"
+    src: "~/wg/{{item}}/wg0-client.png"
-    dest: "wireguard_profiles/{{ ansible_ssh_host }}/client_{{item}}/"
+    dest: "wireguard_profiles/{{ ansible_ssh_host }}/{{item}}/"
     flat: yes
-  with_sequence: start=1 end={{ vpn_clients }}
+  with_items: "{{ vpn_client_names }}"
-  

roles/wireguard_server/templates/wg0-client.conf

@@ -1,10 +1,10 @@
 [Interface]
 Address = {{ vpn_network }}.{{item|int + 1}}/32
 DNS = 9.9.9.9
-PrivateKey = {{ private_key_files.results[item|int].stdout }}
+PrivateKey = {{ item.stdout }}
 
 [Peer]
-PublicKey = {{ public_key_files.results[0].stdout }}
+PublicKey = {{ vpn_server_public_key.stdout }}
 AllowedIPs = 0.0.0.0/0
 Endpoint = {{ ansible_ssh_host }}:{{ vpn_port }}
 PersistentKeepalive = 0

roles/wireguard_server/templates/wg0.conf

@@ -2,13 +2,13 @@
 Address = {{ vpn_network }}.1/24
 SaveConfig = false
 ListenPort = {{ vpn_port }}
-PrivateKey = {{ private_key_files.results[0].stdout }}
+PrivateKey = {{ vpn_server_private_key.stdout }}
 PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens5 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o ens5 -j MASQUERADE
 PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens5 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o ens5 -j MASQUERADE
 
-{% for i in range(vpn_clients|int) %}
+{% for i in range(vpn_client_public_keys.results|int) %}
 [Peer]
-PublicKey = {{ public_key_files.results[i + 1].stdout }}
+PublicKey = {{ vpn_client_public_keys.results[i].stdout }}
 AllowedIPs = {{ vpn_network }}.{{ i + 2 }}/32
 
 {% endfor %}