49 lines
1.3 KiB
YAML
49 lines
1.3 KiB
YAML
# generate_keys.yml - Generate WireGuard key pairs
|
|
---
|
|
- name: Create WireGuard directory
|
|
ansible.builtin.file:
|
|
path: /etc/wireguard
|
|
state: directory
|
|
mode: '0700'
|
|
|
|
- name: Check if private key already exists
|
|
ansible.builtin.stat:
|
|
path: /etc/wireguard/privatekey
|
|
register: privkey_file
|
|
|
|
- name: Generate private key
|
|
ansible.builtin.command: wg genkey
|
|
register: wg_private_key
|
|
when: not privkey_file.stat.exists
|
|
changed_when: true
|
|
|
|
- name: Save private key
|
|
ansible.builtin.copy:
|
|
content: "{{ wg_private_key.stdout }}"
|
|
dest: /etc/wireguard/privatekey
|
|
owner: root
|
|
group: root
|
|
mode: '0600'
|
|
when: not privkey_file.stat.exists
|
|
|
|
- name: Read private key
|
|
ansible.builtin.slurp:
|
|
src: /etc/wireguard/privatekey
|
|
register: private_key_content
|
|
|
|
- name: Generate public key from private key
|
|
ansible.builtin.shell: echo "{{ private_key_content.content | b64decode | trim }}" | wg pubkey
|
|
register: wg_public_key
|
|
changed_when: false
|
|
|
|
- name: Save public key
|
|
ansible.builtin.copy:
|
|
content: "{{ wg_public_key.stdout }}"
|
|
dest: /etc/wireguard/publickey
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
|
|
- name: Display public key for reference
|
|
ansible.builtin.debug:
|
|
msg: "Public key for {{ inventory_hostname }}: {{ wg_public_key.stdout }}" |