57 lines
1.5 KiB
YAML
57 lines
1.5 KiB
YAML
---
|
|
- name: Check if wstunnel is already installed
|
|
ansible.builtin.stat:
|
|
path: /usr/local/bin/wstunnel
|
|
register: wstunnel_binary
|
|
|
|
- name: Download and install wstunnel
|
|
when: not wstunnel_binary.stat.exists
|
|
block:
|
|
- name: Download and unarchive wstunnel package
|
|
ansible.builtin.unarchive:
|
|
src: "{{ vars['wireguard-server']['wstunnel-download-url'] }}"
|
|
dest: /tmp
|
|
remote_src: yes
|
|
creates: /tmp/wstunnel
|
|
|
|
- name: Move wstunnel binary to /usr/local/bin
|
|
ansible.builtin.copy:
|
|
src: /tmp/wstunnel
|
|
dest: /usr/local/bin/wstunnel
|
|
mode: '0755'
|
|
remote_src: yes
|
|
become: true
|
|
|
|
- name: Clean up temporary wstunnel file
|
|
ansible.builtin.file:
|
|
path: /tmp/wstunnel
|
|
state: absent
|
|
|
|
- name: Create wstunnel systemd service file
|
|
ansible.builtin.copy:
|
|
dest: /etc/systemd/system/wstunnel.service
|
|
content: |
|
|
[Unit]
|
|
Description=WSTunnel Server
|
|
After=network.target
|
|
|
|
[Service]
|
|
Type=simple
|
|
User=nobody
|
|
ExecStart=/usr/local/bin/wstunnel server ws://0.0.0.0:8080 --restrict-to 127.0.0.1:{{ vars['wireguard-server']['internal-port'] }}
|
|
Restart=always
|
|
RestartSec=3
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
become: true
|
|
notify: Restart wstunnel
|
|
|
|
- name: Ensure wstunnel service is started and enabled
|
|
ansible.builtin.systemd:
|
|
name: wstunnel
|
|
state: started
|
|
enabled: yes
|
|
daemon_reload: yes
|
|
become: true
|