diff options
| author | Dmitry Ilvokhin <d@ilvokhin.com> | 2024-05-19 19:26:01 +0100 |
|---|---|---|
| committer | Dmitry Ilvokhin <d@ilvokhin.com> | 2024-05-19 19:26:01 +0100 |
| commit | 5ec7c4b1b31bb3cea080005b0245d09e05048e11 (patch) | |
| tree | d43a4d3a38a017493384c9fdb595f1ed980a7fb3 /roles/wgnet/tasks/main.yml | |
| parent | b4a12dbbf4a4759bf24975ca9bfc5096c90ae8b6 (diff) | |
| download | infra-5ec7c4b1b31bb3cea080005b0245d09e05048e11.tar.gz infra-5ec7c4b1b31bb3cea080005b0245d09e05048e11.tar.bz2 infra-5ec7c4b1b31bb3cea080005b0245d09e05048e11.zip | |
Migrate away from networkd for wireguard
Migrate due to a bug [1], which wasn't fixed for some time.
[1]: https://github.com/systemd/systemd/issues/25547
Diffstat (limited to 'roles/wgnet/tasks/main.yml')
| -rw-r--r-- | roles/wgnet/tasks/main.yml | 23 |
1 files changed, 14 insertions, 9 deletions
diff --git a/roles/wgnet/tasks/main.yml b/roles/wgnet/tasks/main.yml index 8e5a632..c776a84 100644 --- a/roles/wgnet/tasks/main.yml +++ b/roles/wgnet/tasks/main.yml @@ -10,12 +10,17 @@ - name: Configure WireGuard for wgnet ansible.builtin.template: - src: "{{ item.src }}" - dest: "/etc/systemd/network/{{ item.dest }}" - owner: systemd-network - group: systemd-network - mode: u+rw,g+r,o+r - loop: - - { src: templates/wg0.netdev.j2, dest: wg0.netdev } - - { src: templates/wg0.network.j2, dest: wg0.network } - notify: Reload network + src: templates/wg0.conf.j2 + dest: /etc/wireguard/wg0.conf + owner: root + group: root + # Config containes private key for this host, so permissions are + # restricted. + mode: u+rw,g-rw,o-rw + notify: Reload wgnet + +- name: Enable WireGuard service for wgnet + ansible.builtin.service: + name: wg-quick@wg0 + enabled: yes + state: started |