diff options
author | Christian Pointner <equinox@spreadspace.org> | 2022-11-20 23:30:00 +0100 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2022-11-20 23:30:00 +0100 |
commit | 0f6cabbae37d2750a1841d2e1abd07eca064af29 (patch) | |
tree | f20a721e510a85da81428b2f7d9f46ae51614b05 /roles/network/wireguard/p2p/tasks/main.yml | |
parent | wireguard roles: some more cleanups and fixes (diff) |
add wireguard-based remote vpn connections to ch-(pan|mimas)
Diffstat (limited to 'roles/network/wireguard/p2p/tasks/main.yml')
-rw-r--r-- | roles/network/wireguard/p2p/tasks/main.yml | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/roles/network/wireguard/p2p/tasks/main.yml b/roles/network/wireguard/p2p/tasks/main.yml index 78cfaf43..c1c21263 100644 --- a/roles/network/wireguard/p2p/tasks/main.yml +++ b/roles/network/wireguard/p2p/tasks/main.yml @@ -1,4 +1,18 @@ --- +- name: autogenerate wireguard private key file + when: "'priv_key' not in wireguard_p2p_interface" + block: + - name: generate private key + shell: + cmd: "umask 0027; wg genkey > '/etc/systemd/network/{{ wireguard_p2p_interface.name }}.privkey'" + creates: "/etc/systemd/network/{{ wireguard_p2p_interface.name }}.privkey" + + - name: make sure systemd-netword can read the private key file + file: + path: "/etc/systemd/network/{{ wireguard_p2p_interface.name }}.privkey" + mode: 0640 + group: systemd-network + - name: install wireguard interfaces (netdev) template: src: systemd.netdev.j2 @@ -13,7 +27,7 @@ dest: "/etc/systemd/network/{{ wireguard_p2p_interface.name }}.network" notify: restart systemd-networkd -- name: enable systemd-networkd +- name: make sure systemd-networkd is enabled systemd: name: systemd-networkd enabled: yes |