Giters

githubixx / ansible-role-wireguard

Ansible role for installing WireGuard VPN. Supports Ubuntu, Debian, Archlinx, Fedora and CentOS.

Home Page:https://www.tauceti.blog/post/kubernetes-the-not-so-hard-way-with-ansible-wireguard/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Add ability to download client configs

srigi opened this issue · comments

commented

Inspired by lablabs/ansible-collection-wireguard I would very welcome the ability to configure to download client configs for unmanaged peers.

commented

I had something similar in mind but never had the time to implement it. I'll leave the issue open for now and mark it as enhancement.

commented

Any news?

commented

This my playbook for install wireguard and generate client config.
Could you move something to role?

- hosts: wireguard
  become: true
  pre_tasks:
    - name: Install a qrencode, openresolv
      apt:
        pkg:
        - qrencode
        - openresolv
  roles:
    - githubixx.ansible_role_wireguard
  post_tasks:
    - name: Show wireguard__fact_public_key
      debug: var=wireguard__fact_public_key

    - name: Generate Wireguard client keypair
      shell: wg genkey | tee /etc/wireguard/client_privatekey | wg pubkey | tee /etc/wireguard/client_publickey
      args:
        creates: /etc/wireguard/client_privatekey
      become: yes

    - name: Register client private key
      shell: cat /etc/wireguard/client_privatekey
      register: client_privatekey
      changed_when: false
      become: yes

    - name: Register client public key
      shell: cat /etc/wireguard/client_publickey
      register: client_publickey
      changed_when: false
      become: yes

    - name: Add [Peer] to /etc/wireguard/wg0.conf
      lineinfile:
        dest: /etc/wireguard/wg0.conf
        line: "\n[Peer]"
        insertafter: EOF
      register: create_clients_configs

    - name: Add client publickey to /etc/wireguard/wg0.conf
      lineinfile:
        dest: /etc/wireguard/wg0.conf
        line: "PublicKey = {{ client_publickey.stdout }}"
        insertafter: EOF
      register: create_clients_configs

    - name: Add client AllowedIPs to /etc/wireguard/wg0.conf
      lineinfile:
        dest: /etc/wireguard/wg0.conf
        line: "AllowedIPs = 10.27.123.10/32"
        insertafter: EOF
      register: create_clients_configs

    - name: Create clients configs
      template:
        src: "clients.conf.j2"
        dest: "/etc/wireguard/client.conf"
        mode: 0644
      register: create_clients_configs

    - name: restart service wg-quick@wg0
      service:
        name: wg-quick@wg0
        state: restarted
      when: create_clients_configs.changed

    - name: Generate QR code
      shell: qrencode -t ansiutf8 < "/etc/wireguard/client.conf"
      changed_when: false
      register: qrcode

    - name: Show QR code
      debug:
        msg: "{{ qrcode.stdout_lines }}"