Merge branch 'master' of ssh://gitlab.social.my-wan.de:22422/rene/ansible-pull

2022-07-07 17:46:09 +02:00
parent 506fd2a603 b6bb11b014
commit b2faa85bde
5 changed files with 23 additions and 22 deletions
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@@ -8,6 +8,15 @@
      msg: Debug
  # basics
  - import_tasks: system_setup/hostname.yml
+  - include_tasks: system_setup/hosts.yml
+  - import_tasks: system_setup/clock.yml
+  - import_tasks: system_setup/locale.yml
+  - include_tasks: system-setup/wireguard.yml
+    when:
+      - wireguard is defined
+      - wireguard == true
+      - ansible_default_ipv4.address | ipaddr('public')
+    ignore_errors: True
  - import_tasks: system_setup/git.yml
  # install software
  # - import_tasks: software/repositories.yml
@@ -19,9 +28,7 @@

  # Perform remaining tasks:
  - import_tasks: users.yml
-  - import_tasks: system_setup/clock.yml
  - import_tasks: system_setup/cron.yml
-  - import_tasks: system_setup/locale.yml
  # - import_tasks: system_setup/logging.yml
  # - import_tasks: system_setup/memory.yml
  # - import_tasks: system_setup/microcode.yml
--- a/roles/base/tasks/system_setup/hosts.yml
+++ b/roles/base/tasks/system_setup/hosts.yml
@@ -0,0 +1,12 @@
+- name: system setup | /etc/hosts | populate
+  lineinfile:
+    path: "/etc/hosts"
+    line: "{{ item.ip }}  {{ item.fqdn }}"
+    mode: '0644'
+    owner: 'root'
+    group: 'root'
+  loop:
+    - { ip: '192.168.1.240', fqdn: 'gitlab.social.my-wan.de coruscant.universe.local'}
+  when:
+    - set_hosts is defined
+    - set_hosts == true
--- a/roles/base/tasks/system_setup/wireguard.yml
+++ b/roles/base/tasks/system_setup/wireguard.yml
@@ -0,0 +1,66 @@
+- name: base | system setup | wireguard install
+  package:
+    name: "{{ wireguard_package }}"
+    state: latest
+
+- name: base | system setup | wireguard generate private key
+  shell:
+    cmd: umask 077 && wg genkey | tee privatekey | wg pubkey > publickey
+    chdir: /etc/wireguard
+    creates: /etc/wireguard/publickey
+  when:
+    - wg_privkey is not defined
+    - wg_pubkey is not defined
+
+- name: base | system setup | wireguard cat pubkey
+  command: "cat /etc/wireguard/publickey"
+  register: wg_publickkey
+  when:
+    - wg_pubkey is not defined
+
+- name: base | system setup | wireguard output pubkey
+  debug:
+    var: wg_publickkey.stdout_lines
+  when:
+    - wg_pubkey is not defined
+
+- name: base | system setup | wireguard pause
+  pause:
+    prompt: please copy pubkey to your wireguard server
+  when:
+    - wg_pubkey is not defined
+
+- name: base | system setup | wireguard copy keys
+  copy:
+    content: "{{ item.key }}"
+    dest: "{{ item.keyfile }}"
+    mode: '0600'
+  loop:
+    - { key: "{{ wg_pubkey }}", keyfile: "/etc/wireguard/publickey" }
+    - { key: "{{ wg_privkey }}", keyfile: "/etc/wireguard/privatekey" }
+  when:
+    - wg_pubkey is defined
+    - wg_privkey is defined
+
+- name: base | system setup | wireguard generate config
+  template:
+    dest: "/etc/wireguard/VPN.conf"
+    src: client_VPN.conf.j2
+    owner: root
+    group: root
+    mode: '0600'
+
+- name: base | system setup | wireguard check if already running
+  command: wg show
+  register: wireguard
+
+- block:
+  - name: base | system setup | wireguard start vpn
+    command: wg-quick up VPN
+
+  - name: base | system setup | wireguard enable service
+    service:
+      name: "wg-quick@VPN"
+      enabled: true
+  when: wireguard.stdout == ""
+  ignore_errors: True