Created
August 14, 2020 00:18
-
-
Save rssnyder/e2e4ee09baa87ec66abf2c4208e17309 to your computer and use it in GitHub Desktop.
Create a hub and spoke connection using wireguard
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| - hosts: hub | |
| become: yes | |
| tasks: | |
| - name: install wireguard | |
| apt: | |
| name: wireguard | |
| state: latest | |
| update_cache: yes | |
| - name: check for existing wireguard key | |
| shell: wg show | |
| register: wg_check | |
| - name: generate new wiregurd key | |
| when: wg_check.stdout == "" | |
| shell: wg genkey | |
| register: wg_key | |
| - name: copy upstart script | |
| when: wg_check.stdout == "" | |
| template: | |
| src: templates/wg0.conf.hub.j2 | |
| dest: "/etc/wireguard/wg0.conf" | |
| - name: get wireguard private key | |
| when: wg_check.stdout != "" | |
| shell: wg show wg0 private-key | |
| register: wg_key | |
| - name: start wireguard | |
| systemd: | |
| state: started | |
| name: wg-quick@wg0 | |
| - name: enable wireguard | |
| systemd: | |
| enabled: yes | |
| name: wg-quick@wg0 | |
| - name: get wireguard public key | |
| shell: wg show wg0 public-key | |
| register: public_key | |
| - name: get hub public ip | |
| shell: curl ipinfo.io/ip | |
| register: public_ip | |
| - hosts: spoke | |
| become: yes | |
| tasks: | |
| - name: install wireguard | |
| apt: | |
| name: wireguard | |
| state: latest | |
| update_cache: yes | |
| - name: check for existing wireguard key | |
| shell: wg show wg0 private-key | |
| ignore_errors: True | |
| register: wg_check | |
| - name: generate new wiregurd key | |
| when: (wg_check.stdout == "") or | |
| (wg_check.stdout == "(none)") or | |
| (wg_check.rc != 0) | |
| shell: wg genkey | |
| register: new_wg_key | |
| - name: get wireguard private key | |
| when: new_wg_key is skipped | |
| shell: wg show wg0 private-key | |
| register: old_wg_key | |
| - set_fact: | |
| wg_key: "{{ new_wg_key.stdout }}" | |
| when: old_wg_key is skipped | |
| - set_fact: | |
| wg_key: "{{ old_wg_key.stdout }}" | |
| when: new_wg_key is skipped | |
| - name: copy upstart script | |
| template: | |
| src: templates/wg0.conf.spoke.j2 | |
| dest: "/etc/wireguard/wg0.conf" | |
| - name: start wireguard | |
| systemd: | |
| state: started | |
| name: wg-quick@wg0 | |
| - name: start wireguard | |
| systemd: | |
| enabled: yes | |
| name: wg-quick@wg0 | |
| - name: restart wireguard | |
| systemd: | |
| state: restarted | |
| name: wg-quick@wg0 | |
| - name: get wireguard public key | |
| shell: wg show wg0 public-key | |
| register: public_key | |
| - hosts: hub | |
| become: yes | |
| tasks: | |
| - name: get wireguard private key | |
| when: wg_check.stdout != "" | |
| shell: wg show wg0 private-key | |
| register: wg_key | |
| - name: get wireguard public key | |
| shell: wg show wg0 public-key | |
| register: public_key | |
| - name: copy upstart script | |
| template: | |
| src: templates/wg0.conf.hub.j2 | |
| dest: "/etc/wireguard/wg0.conf" | |
| - name: restart wireguard | |
| systemd: | |
| state: restarted | |
| name: wg-quick@wg0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment