michael/michaelschiemer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
66f7efdcfc55da48a6f0cec5eb9e640ea5838c8f
michaelschiemer/ansible/wireguard-server/add-client.yml
Michael Schiemer 55a330b223 Enable Discovery debug logging for production troubleshooting 
- Add DISCOVERY_LOG_LEVEL=debug
- Add DISCOVERY_SHOW_PROGRESS=true
- Temporary changes for debugging InitializerProcessor fixes on production
2025-08-11 20:13:26 +02:00

125 lines
3.9 KiB
YAML
Raw Blame History

---
- name: Add WireGuard Client
hosts: vpn
become: true
gather_facts: false
vars_prompt:
- name: client_name
prompt: "Client-Name"
private: false
- name: client_ip
prompt: "Client-IP (z.B. 10.8.0.30)"
private: false
tasks:
- name: Validiere Eingaben
fail:
msg: "client_name und client_ip müssen angegeben werden"
when: client_name | length == 0 or client_ip | length == 0
- name: Prüfe ob Client bereits existiert
stat:
path: /etc/wireguard/clients/{{ client_name }}.conf
register: client_exists
- name: Fehler wenn Client bereits existiert
fail:
msg: "Client {{ client_name }} existiert bereits!"
when: client_exists.stat.exists
- name: Prüfe IP-Konflikt
shell: grep -r "Address.*{{ client_ip }}" /etc/wireguard/clients/ || true
register: ip_conflict
changed_when: false
- name: Fehler bei IP-Konflikt
fail:
msg: "IP {{ client_ip }} wird bereits verwendet!"
when: ip_conflict.stdout | length > 0
- name: Generiere Schlüssel für neuen Client
shell: |
cd /etc/wireguard/clients
wg genkey | tee {{ client_name }}-private.key | wg pubkey > {{ client_name }}-public.key
chmod 600 {{ client_name }}-private.key {{ client_name }}-public.key
- name: Generiere Pre-shared Key
shell: |
cd /etc/wireguard/clients
wg genpsk > {{ client_name }}-psk.key
chmod 600 {{ client_name }}-psk.key
when: wireguard_pre_shared_key | default(false)
- name: Lese Server-Public-Key
slurp:
src: /etc/wireguard/server-public.key
register: server_pub_key
- name: Lese Client-Private-Key
slurp:
src: /etc/wireguard/clients/{{ client_name }}-private.key
register: client_priv_key
- name: Lese Client-Public-Key
slurp:
src: /etc/wireguard/clients/{{ client_name }}-public.key
register: client_pub_key
- name: Lese Pre-shared Key
slurp:
src: /etc/wireguard/clients/{{ client_name }}-psk.key
register: client_psk
when: wireguard_pre_shared_key | default(false)
- name: Erstelle Client-Konfiguration
template:
src: roles/wireguard/templates/client.conf.j2
dest: /etc/wireguard/clients/{{ client_name }}.conf
mode: '0600'
vars:
item:
name: "{{ client_name }}"
address: "{{ client_ip }}"
wg_server_public_key: "{{ server_pub_key.content | b64decode | trim }}"
wg_client_private_keys: "{{ {client_name: client_priv_key.content | b64decode | trim} }}"
wg_client_psk_keys: "{{ {client_name: client_psk.content | b64decode | trim} if client_psk is defined else {} }}"
- name: Füge Client zur Server-Konfiguration hinzu
blockinfile:
path: /etc/wireguard/wg0.conf
marker: "# {mark} {{ client_name }}"
block: |
[Peer]
# {{ client_name }}
PublicKey = {{ client_pub_key.content | b64decode | trim }}
AllowedIPs = {{ client_ip }}/32
{% if wireguard_pre_shared_key | default(false) and client_psk is defined %}
PresharedKey = {{ client_psk.content | b64decode | trim }}
{% endif %}
- name: Starte WireGuard neu
systemd:
name: wg-quick@wg0
state: restarted
- name: Zeige Erfolg
debug:
msg: |
✅ Client {{ client_name }} wurde erfolgreich hinzugefügt!
📂 Konfiguration: /etc/wireguard/clients/{{ client_name }}.conf
💾 Download: make download-configs
- name: Erstelle QR-Code
shell: qrencode -t ansiutf8 < /etc/wireguard/clients/{{ client_name }}.conf
register: qr_code
ignore_errors: true
- name: Zeige QR-Code
debug:
msg: |
📱 QR-Code für {{ client_name }}:
{{ qr_code.stdout }}
when: qr_code.rc == 0
Reference in New Issue View Git Blame Copy Permalink