wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-04-11 11:47:08 +02:00
Code Issues Projects Releases Wiki Activity
algo/roles/wireguard/tasks/keys.yml
Jack Ivanov 347f864abb
Ansible upgrade 6.1 (#14500) 
* linting

* update ansible

* linters
2022-07-30 15:01:24 +03:00

101 lines
2.7 KiB
YAML
Raw Blame History

---
- name: Delete the lock files
file:
dest: "{{ config_prefix|default('/') }}etc/wireguard/private_{{ item }}.lock"
state: absent
when: keys_clean_all|bool
with_items:
- "{{ users }}"
- "{{ IP_subject_alt_name }}"
- name: Generate private keys
command: wg genkey
register: wg_genkey
args:
creates: "{{ config_prefix|default('/') }}etc/wireguard/private_{{ item }}.lock"
with_items:
- "{{ users }}"
- "{{ IP_subject_alt_name }}"
- block:
- name: Save private keys
copy:
dest: "{{ wireguard_pki_path }}/private/{{ item['item'] }}"
content: "{{ item['stdout'] }}"
mode: "0600"
no_log: "{{ no_log|bool }}"
when: item.changed
with_items: "{{ wg_genkey['results'] }}"
delegate_to: localhost
become: false
- name: Touch the lock file
file:
dest: "{{ config_prefix|default('/') }}etc/wireguard/private_{{ item }}.lock"
state: touch
with_items:
- "{{ users }}"
- "{{ IP_subject_alt_name }}"
when: wg_genkey.changed
- name: Delete the preshared lock files
file:
dest: "{{ config_prefix|default('/') }}etc/wireguard/preshared_{{ item }}.lock"
state: absent
when: keys_clean_all|bool
with_items:
- "{{ users }}"
- "{{ IP_subject_alt_name }}"
- name: Generate preshared keys
command: wg genpsk
register: wg_genpsk
args:
creates: "{{ config_prefix|default('/') }}etc/wireguard/preshared_{{ item }}.lock"
with_items:
- "{{ users }}"
- "{{ IP_subject_alt_name }}"
- block:
- name: Save preshared keys
copy:
dest: "{{ wireguard_pki_path }}/preshared/{{ item['item'] }}"
content: "{{ item['stdout'] }}"
mode: "0600"
no_log: "{{ no_log|bool }}"
when: item.changed
with_items: "{{ wg_genpsk['results'] }}"
delegate_to: localhost
become: false
- name: Touch the preshared lock file
file:
dest: "{{ config_prefix|default('/') }}etc/wireguard/preshared_{{ item }}.lock"
state: touch
with_items:
- "{{ users }}"
- "{{ IP_subject_alt_name }}"
when: wg_genpsk.changed
- name: Generate public keys
shell: |
set -o pipefail
echo "{{ lookup('file', wireguard_pki_path + '/private/' + item) }}" |
wg pubkey
register: wg_pubkey
changed_when: false
args:
executable: bash
with_items:
- "{{ users }}"
- "{{ IP_subject_alt_name }}"
- name: Save public keys
copy:
dest: "{{ wireguard_pki_path }}/public/{{ item['item'] }}"
content: "{{ item['stdout'] }}"
mode: "0600"
no_log: "{{ no_log|bool }}"
with_items: "{{ wg_pubkey['results'] }}"
delegate_to: localhost
become: false
Reference in a new issue View git blame Copy permalink