kube transfer to single-node host
This commit is contained in:
@@ -2,39 +2,40 @@
|
||||
hosts:
|
||||
- colors
|
||||
- kubernetes
|
||||
- truenas
|
||||
- nextcloud-aio
|
||||
- unifi-external
|
||||
- managed
|
||||
become: true
|
||||
become_user: root
|
||||
become_method: sudo
|
||||
vars_files:
|
||||
- vars.yaml
|
||||
tasks:
|
||||
- name: Check if duconet-wg exists
|
||||
shell: ip link show duconet-wg
|
||||
- name: Check if {{ wireguard.interface }} exists
|
||||
shell: ip link show {{ wireguard.interface }}
|
||||
register: link_check
|
||||
ignore_errors: yes
|
||||
- name: Add duconet-wg link
|
||||
shell: ip link add dev duconet-wg type wireguard
|
||||
when: link_check.rc != 0
|
||||
- name: Add duconet-wg addresses
|
||||
shell: "ip address add dev duconet-wg {{ ip[inventory_hostname].address }}/64"
|
||||
- name: Add {{ wireguard.interface }} link
|
||||
shell: ip link add dev {{ wireguard.interface }} type wireguard
|
||||
when: link_check.rc != 0
|
||||
- name: Add {{ wireguard.interface }} ipv6 addresses
|
||||
shell: "ip address add dev {{ wireguard.interface }} {{ ip[inventory_hostname].address_ipv6 }}/64"
|
||||
ignore_errors: yes
|
||||
- name: Add {{ wireguard.interface }} ipv4 addresses
|
||||
shell: "ip address add dev {{ wireguard.interface }} {{ ip[inventory_hostname].address_ipv4 }}/24"
|
||||
ignore_errors: yes
|
||||
- name: wg set port/key
|
||||
shell: >
|
||||
wg set duconet-wg
|
||||
wg set {{ wireguard.interface }}
|
||||
listen-port {{ wireguard.listen_port }}
|
||||
private-key /etc/wireguard/privatekey
|
||||
- name: Set link up
|
||||
shell: ip link set up dev duconet-wg
|
||||
- name: Touch duconet-wg.conf
|
||||
shell: ip link set up dev {{ wireguard.interface }}
|
||||
- name: Touch {{ wireguard.interface }}.conf
|
||||
ansible.builtin.file:
|
||||
path: /etc/wireguard/duconet-wg.conf
|
||||
path: /etc/wireguard/{{ wireguard.interface }}.conf
|
||||
state: touch
|
||||
- name: save wg config
|
||||
shell: wg-quick save duconet-wg
|
||||
- name: Enable wg-quick@duconet-wg
|
||||
shell: wg-quick save {{ wireguard.interface }}
|
||||
- name: Enable wg-quick@{{ wireguard.interface }}
|
||||
ansible.builtin.systemd_service:
|
||||
name: wg-quick@duconet-wg
|
||||
name: wg-quick@{{ wireguard.interface }}
|
||||
enabled: true
|
||||
|
||||
Reference in New Issue
Block a user