diff --git a/deployments/serverBuild/wg_vpn/tasks/posttasks_arch.yml b/deployments/serverBuild/wg_vpn/tasks/posttasks_arch.yml index 0bf62ed..ef06df4 100644 --- a/deployments/serverBuild/wg_vpn/tasks/posttasks_arch.yml +++ b/deployments/serverBuild/wg_vpn/tasks/posttasks_arch.yml @@ -1,22 +1,19 @@ -- hosts: vpn - remote_user: josiah - gather_facts: false +- name: (local) fill out the rest of the wg0.conf file + blockinfile: + path: /etc/wireguard/wg0.conf + block: | + Address = 10.200.219.2/32, fd86:ea04:1115::2/128 + DNS = 1.1.1.1 + + [Peer] + PublicKey = {{ server_publickey.stdout }} + Endpoint = vpn.awful.club:51820 + AllowedIPs = 0.0.0.0/0 + delegate_to: localhost become: yes - tasks: - - name: (local) fill out the rest of the wg0.conf file - blockinfile: - path: /etc/wireguard/wg0.conf - block: | - Address = 10.200.219.2/32, fd86:ea04:1115::2/128 - DNS = 1.1.1.1 - - [Peer] - PublicKey = {{ server_publickey.stdout }} - Endpoint = vpn.awful.club:51820 - AllowedIPs = 0.0.0.0/0 - delegate_to: localhost - - - name: (local) bring wg up on local - shell: wg-quick up wg0 - delegate_to: localhost +- name: (local) bring wg up on local + shell: wg-quick up wg0 + delegate_to: localhost + become: yes + ignore_errors: True diff --git a/deployments/serverBuild/wg_vpn/tasks/pretasks_arch.yml b/deployments/serverBuild/wg_vpn/tasks/pretasks_arch.yml index e7a654a..51b9936 100644 --- a/deployments/serverBuild/wg_vpn/tasks/pretasks_arch.yml +++ b/deployments/serverBuild/wg_vpn/tasks/pretasks_arch.yml @@ -3,35 +3,34 @@ # this is useful for running plays /from/ an arch machine that will join the wg net. # install wg, generate keys, files on local machine -- hosts: vpn - remote_user: josiah - gather_facts: false +- name: (local) install wg (i use) arch (btw) + pacman: + update_cache: yes + name: wireguard-tools, wireguard-arch, wireguard-dkms + state: present + delegate_to: localhost become: yes + # ansible has a hard time parsing the pacman files + # ignore errors once you verify shit is installed / patched. + ignore_errors: True + +- name: (local) ensure /etc/wireguard/ exists + file: + path: /etc/wireguard/ + state: directory + delegate_to: localhost - tasks: - - name: (local) install wg (i use) arch (btw) - pacman: - update_cache: yes - name: wireguard-tools, wireguard-arch - state: present - delegate_to: localhost - - - name: (local) ensure /etc/wireguard/ exists - file: - path: /etc/wireguard/ - state: directory - delegate_to: localhost - - - name: (local) Generate keys - shell: | - printf "[Interface]\nPrivateKey = " > /etc/wireguard/wg0.conf - wg genkey | tee -a /etc/wireguard/wg0.conf | wg pubkey > /etc/wireguard/publickey - vars: - umask: "077" - delegate_to: localhost - - - name: (local) register publickey for later use - shell: cat /etc/wireguard/publickey - register: arch_publickey - delegate_to: localhost - +- name: (local) Generate keys + shell: | + printf "[Interface]\nPrivateKey = " > /etc/wireguard/wg0.conf + wg genkey | tee -a /etc/wireguard/wg0.conf | wg pubkey > /etc/wireguard/publickey + vars: + umask: "077" + delegate_to: localhost + become: yes + +- name: (local) register publickey for later use + shell: cat /etc/wireguard/publickey + register: client_publickey + delegate_to: localhost + become: yes