Archives
/
algo
mirror of https://github.com/trailofbits/algo
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
dependabot/pip/ansible-9.4.0
dependabot/github_actions/actions/setup-python-5.1.0
fix/14704
dependabot/pip/jinja2-approx-eq-3.1.3
v1.1
v1.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '347f864abb'
${ noResults }
algo/roles/wireguard/tasks/main.yml

105 lines
2.8 KiB
YAML
Raw Blame History

---
- name: Ensure the required directories exist
file:
dest: "{{ item }}"
state: directory
recurse: true
with_items:
- "{{ wireguard_pki_path }}/preshared"
- "{{ wireguard_pki_path }}/private"
- "{{ wireguard_pki_path }}/public"
- "{{ wireguard_config_path }}/apple/ios"
- "{{ wireguard_config_path }}/apple/macos"
delegate_to: localhost
become: false
- name: Include tasks for Ubuntu
include_tasks: ubuntu.yml
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
tags: always
- name: Include tasks for FreeBSD
include_tasks: freebsd.yml
when: ansible_distribution == 'FreeBSD'
tags: always
- name: Generate keys
import_tasks: keys.yml
tags: update-users
- block:
- block:
- name: WireGuard user list updated
lineinfile:
dest: "{{ wireguard_pki_path }}/index.txt"
create: true
mode: "0600"
insertafter: EOF
line: "{{ item }}"
register: lineinfile
with_items: "{{ users }}"
- set_fact:
wireguard_users: "{{ (lookup('file', wireguard_pki_path + 'index.txt')).split('\n') }}"
- name: WireGuard users config generated
template:
src: client.conf.j2
dest: "{{ wireguard_config_path }}/{{ item.1 }}.conf"
mode: "0600"
with_indexed_items: "{{ wireguard_users }}"
when: item.1 in users
vars:
index: "{{ item.0 }}"
- include_tasks: mobileconfig.yml
loop:
- ios
- macos
loop_control:
loop_var: system
- name: Generate QR codes
shell: >
umask 077;
which segno &&
segno --scale=5 --output={{ item.1 }}.png \
"{{ lookup('template', 'client.conf.j2') }}" || true
changed_when: false
with_indexed_items: "{{ wireguard_users }}"
when: item.1 in users
vars:
index: "{{ item.0 }}"
ansible_python_interpreter: "{{ ansible_playbook_python }}"
args:
chdir: "{{ wireguard_config_path }}"
executable: bash
become: false
delegate_to: localhost
- name: WireGuard configured
template:
src: server.conf.j2
dest: "{{ config_prefix|default('/') }}etc/wireguard/{{ wireguard_interface }}.conf"
mode: "0600"
notify: restart wireguard
tags: update-users
- name: WireGuard enabled and started
service:
name: "{{ service_name }}"
state: started
enabled: true
- name: Delete the PKI directory
file:
path: "{{ wireguard_pki_path }}"
state: absent
become: false
delegate_to: localhost
when:
- not algo_store_pki
- not pki_in_tmpfs
- meta: flush_handlers
Reference in New Issue View Git Blame Copy Permalink