Add wireguard configuration to dotfiles roleHEADmaster

This is a simple role that works only for one host. There are multiple
complications that I should keep in mind in the future.

* There is should be a way to install dotfiles on boxes without GPG key
  there. So, files with secrets in them should be gated.
* Wireguard configuration should be per host. Each host should have it
  is own private key.

1 files changed, 35 insertions, 0 deletions

diff --git a/roles/wgconfig/tasks/main.yml b/roles/wgconfig/tasks/main.yml
new file mode 100644
index 0000000..9ece687
--- /dev/null
+++ b/roles/wgconfig/tasks/main.yml
@@ -0,0 +1,35 @@
+- name: Setup wireguard config directory
+  ansible.builtin.file:
+    path: '{{ wgconfig_homedir }}/.wireguard'
+    state: directory
+    owner: '{{ wgconfig_user }}'
+    group: '{{ wgconfig_group }}'
+    mode: u+rw,g-rw,o-rw
+  tags:
+    - dotfiles
+
+- name: Copy wireguard config files to home directory
+  ansible.builtin.copy:
+    src: misc/dotfiles/wireguard/{{ item }}
+    dest: '{{ wgconfig_homedir }}/.wireguard/{{ item }}'
+    owner: '{{ wgconfig_user }}'
+    group: '{{ wgconfig_group }}'
+    mode: u+rw,g-rw,o-rw
+  loop:
+    - wgvpn0.conf
+    - wgtor0.conf
+  tags:
+    - dotfiles
+
+- name: Copy wireguard scripts to home directory
+  ansible.builtin.copy:
+    src: misc/dotfiles/wireguard/{{ item }}
+    dest: '{{ wgconfig_homedir }}/.wireguard/{{ item }}'
+    owner: '{{ wgconfig_user }}'
+    group: '{{ wgconfig_group }}'
+    mode: u+rwx,g-rw,o-rw
+  loop:
+    - onion-dns-up.sh
+    - onion-dns-down.sh
+  tags:
+    - dotfiles