blob: fb98ca4490b115146e5311687395167a0451011d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
- name: generate client certificate
hosts: localhost
connection: local
become: no
vars_prompt:
- name: client_ip
prompt: Enter client ip address
private: no
vars:
config_path: "{{ lookup('env', 'HOME') }}/{{ organization | replace(' ', '-') | lower }}-wg.conf"
server_pubkey: '{{ wireguard_pubkey }}'
server_port: '{{ wireguard_port | default(51820) }}'
server_host: '{{ wireguard_host }}'
gateway: '{{ vlans.vpn.gateway }}'
dns_server: "{{ vlans.vpn.dns_servers | join(',') }}"
tasks:
- name: generate private key
command:
cmd: wg genkey
register: wg_genkey
changed_when: no
- name: generate public key
command:
cmd: wg pubkey
stdin: '{{ wg_genkey.stdout }}'
register: wg_pubkey
changed_when: no
- name: generate wireguard config file
copy:
dest: '{{ config_path }}'
mode: 0600
content: |
[Interface]
Address = {{ client_ip }}/32
PrivateKey = {{ wg_genkey.stdout }}
DNS = {{ dns_server }}
[Peer]
PublicKey = {{ server_pubkey }}
AllowedIPs = 0.0.0.0/0
Endpoint = {{ server_host }}:{{ server_port }}
- debug:
msg: 'wireguard client config written to {{ config_path }}'
- debug:
msg: 'Add the following client to the wireguard server: {{ client_ip }}/32 {{ wg_pubkey.stdout }}'
|