init

2026-03-14 05:38:45 +01:00 · 2026-03-14 05:38:45 +01:00 · 883f31932e
commit 883f31932e
169 changed files with 5676 additions and 0 deletions
--- a/ansible/roles/wireguard/tasks/generate-keys.yml
+++ b/ansible/roles/wireguard/tasks/generate-keys.yml
@ -0,0 +1,45 @@
+---
+-
+    name: Ensure /etc/wireguard exists
+    file:
+        path: /etc/wireguard
+        state: directory
+        mode: "0700"
+
+-
+    name: Check for existing WireGuard private key
+    stat:
+        path: /etc/wireguard/private.key
+    register: wg_key_stat
+
+-
+    name: Generate WireGuard private key
+    command: wg genkey
+    register: wg_genkey
+    when: not wg_key_stat.stat.exists
+
+-
+    name: Save WireGuard private key
+    copy:
+        content: "{{ wg_genkey.stdout }}\n"
+        dest: /etc/wireguard/private.key
+        mode: "0600"
+    when: not wg_key_stat.stat.exists
+
+-
+    name: Derive WireGuard public key
+    shell: wg pubkey < /etc/wireguard/private.key
+    register: wg_pubkey_result
+    changed_when: false
+
+-
+    name: Save WireGuard public key
+    copy:
+        content: "{{ wg_pubkey_result.stdout }}\n"
+        dest: /etc/wireguard/public.key
+        mode: "0644"
+
+-
+    name: Set WireGuard key facts
+    set_fact:
+        wg_public_key: "{{ wg_pubkey_result.stdout | trim }}"