From 75a3e2cddf32f3d6818d38040e14b2d59f44e1fa Mon Sep 17 00:00:00 2001
From: Khue Doan <khuedoan98@gmail.com>
Date: Sat, 1 May 2021 16:13:27 +0700
Subject: [PATCH] Generate Wireguard keys

---
 infra/modules/vpn/ansible/main.yml               |  3 +++
 .../vpn/ansible/roles/wireguard/tasks/main.yml   | 16 +++++++++++++++-
 .../roles/wireguard/templates/wg0.conf.j2        |  6 ++++++
 3 files changed, 24 insertions(+), 1 deletion(-)
 create mode 100644 infra/modules/vpn/ansible/roles/wireguard/templates/wg0.conf.j2

diff --git a/infra/modules/vpn/ansible/main.yml b/infra/modules/vpn/ansible/main.yml
index d0f3444f..c2c21fdc 100644
--- a/infra/modules/vpn/ansible/main.yml
+++ b/infra/modules/vpn/ansible/main.yml
@@ -7,5 +7,8 @@
 
 - hosts: all
   become: yes
+  tasks:
+    - apt:
+        update_cache: yes
   roles:
     - name: wireguard
diff --git a/infra/modules/vpn/ansible/roles/wireguard/tasks/main.yml b/infra/modules/vpn/ansible/roles/wireguard/tasks/main.yml
index fcc2be25..e19a3fc8 100644
--- a/infra/modules/vpn/ansible/roles/wireguard/tasks/main.yml
+++ b/infra/modules/vpn/ansible/roles/wireguard/tasks/main.yml
@@ -1,4 +1,18 @@
 - name: Install Wireguard
   apt:
     name: wireguard
-    update_cache: yes
+
+- name: Generate Wireguard keypair
+  shell: wg genkey | tee /etc/wireguard/privatekey | wg pubkey | tee /etc/wireguard/publickey
+  args:
+    creates: /etc/wireguard/privatekey
+
+- name: Register private key
+  shell: cat /etc/wireguard/privatekey
+  register: wireguard_private_key
+  changed_when: false
+
+- name: Register public key
+  shell: cat /etc/wireguard/publickey
+  register: wireguard_public_key
+  changed_when: false
diff --git a/infra/modules/vpn/ansible/roles/wireguard/templates/wg0.conf.j2 b/infra/modules/vpn/ansible/roles/wireguard/templates/wg0.conf.j2
new file mode 100644
index 00000000..039a595a
--- /dev/null
+++ b/infra/modules/vpn/ansible/roles/wireguard/templates/wg0.conf.j2
@@ -0,0 +1,6 @@
+[Interface]
+Address = {{ interface }}.1
+ListenPort = 51820
+PrivateKey = {{ wireguard_private_key }}
+PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE