migrated DSNet tasks to own task file in role, as opposed to having it in relevant playbook

roles/init-server/tasks/contingent/pkg/dsnet.yml

@@ -0,0 +1,147 @@
+- name: Acquiring home of current user
+  when: ansible_facts["system"] == "Linux"
+  ansible.builtin.shell:
+    cmd: "echo ~{{ ansible_user }}"
+  register: ansible_user_home
+- name: Acquiring current user
+  when: ansible_facts["system"] == "Linux"
+  ansible.builtin.shell:
+    cmd: "echo {{ ansible_user }}"
+  register: current_user
+- name: Initializing DSNet
+  become: true
+  ansible.builtin.command:
+    cmd: dsnet init
+- name: Running DSNet VPN service interface
+  become: true
+  ansible.builtin.command:
+    cmd: dsnet up
+- name: Creating a directory to house VPN service client configurations
+  ansible.builtin.file:
+    path: "{{ ansible_user_home.stdout }}/.wg/authorized_clients.d"
+    recurse: true
+    owner: "{{ ansible_user }}"
+    group: "{{ ansible_user }}"
+    mode: "755"
+    state: directory
+- name: Adding peer device for DSNet VPN service interface
+  become: true
+  ansible.builtin.shell:
+    cmd: "dsnet add {{ item.name }}{{ idx }} --owner {{ current_user.stdout }} --description 'For {{ item.name }}--{{ item.desc }}' --confirm > {{ ansible_user_home.stdout }}/.wg/authorized_clients.d/{{ item.name }}{{ (idx | string) }}.conf"
+    creates: "{{ ansible_user_home.stdout }}/.wg/authorized_clients.d/{{ item.name }}{{ idx }}.conf"
+  loop: "{{ vpn_server.clients }}"
+  loop_control:
+    index_var: idx
+- name: Changing ownership of consequent DSNet VPN service client configurations
+  ansible.builtin.file:
+    path: "{{ ansible_user_home.stdout }}/.wg/authorized_clients.d/{{ item.name }}{{ (idx | string) }}.conf"
+    owner: "{{ ansible_user }}"
+    group: "{{ ansible_user }}"
+    state: file
+  loop: "{{ vpn_server.clients }}"
+  loop_control:
+    index_var: idx
+- name: Pausing to inquire about how to proceed
+  ansible.builtin.pause:
+    prompt: "Type \"fetch\" to get the DSNet VPN service client configuration files, or \"show\" to see their contents for manual copying instead"
+    echo: true
+  register: data_method
+- name: Presenting DSNet VPN service client configuration files to control node for copying
+  when: data_method.user_input == "show"
+  block:
+    - name: Acquiring contents of DSNet VPN service client configuration files
+      ansible.builtin.slurp:
+        src: "{{ ansible_user_home.stdout }}/.wg/authorized_clients.d/{{ item.name }}{{ (idx | string) }}.conf"
+      loop: "{{ vpn_server.clients }}"
+      loop_control:
+        index_var: idx
+      register: vpn_client_configs
+    - name: Presenting contents of DSNet VPN service client configurations to control node
+      ansible.builtin.debug:
+        msg: "Copy this client configuration of the DSNet VPN service:\n {{ item.content }}"
+      loop: "{{ vpn_client_configs.results }}"
+    - name: Giving opportunity to manually copy contents of DSNet VPN service client configuration files
+      ansible.builtin.pause:
+- name: Providing DSNet VPN service client configuration files to control node machine
+  when: data_method.user_input == "fetch"
+  block:
+    - name: Dupliciating DSNet VPN service client configuration files to control node
+      ansible.builtin.fetch:
+        src: "{{ ansible_user_home.stdout }}/.wg/authorized_clients.d/{{ item.name }}{{ (idx | string) }}.conf"
+        dest: "./.tmp/{{ inventory_hostname }}-dsnet/wg/"
+        flat: true
+      loop: "{{ vpn_server.clients }}"
+      loop_control:
+        index_var: idx
+    - name: Informing control node of acquired files
+      ansible.builtin.debug:
+        msg: "The DSNet VPS service client configuration files have been duplicated to '/var/tmp/{{ inventory_hostname }}/wg/' at the control node."
+    - name: Giving control node user time to read the aforementiioned message
+      ansible.builtin.pause:
+        seconds: 30
+- name: Ensuring IP forwarding is allowed
+  become: true
+  ansible.posix.sysctl:
+    name: "net.{{ item }}.ip_forward"
+    value: "1"
+    sysctl_set: true
+    state: present
+  loop:
+    - ipv4
+    # - ipv6
+- name: Creating SystemD unit for placing up DSNet interface
+  become: true
+  ansible.builtin.copy:
+    src: systemd/system/dsnet.service
+    dest: /etc/systemd/system/dsnet.service
+    owner: root
+    group: root
+    force: true
+    backup: true
+- name: Reloading SystemD and enabling DSNet interface
+  become: true
+  ansible.builtin.systemd_service:
+    name: dsnet
+    enabled: true
+    daemon_reload: true
+- name: Copying script for DSNet iptables rules
+  become: true
+  ansible.builtin.copy:
+    src: usr/local/bin/dsnet-forward.sh
+    dest: /usr/local/bin/
+    owner: root
+    group: root
+    mode: "744"
+    force: true
+    backup: true
+- name: Creating SystemD unit for DSNet iptables rules
+  become: true
+  ansible.builtin.copy:
+    src: systemd/system/thrunet.service
+    dest: /etc/systemd/system/thrunet.service
+    owner: root
+    group: root
+    force: true
+    backup: true
+- name: Reloading SystemD and enabling iptables rules SystemD unit
+  become: true
+  ansible.builtin.systemd_service:
+    name: thrunet
+    enabled: true
+    daemon_reload: true
+- name: Forwarding network traffic on certain ports to Wireguard VPS service interface
+  become: true
+  ansible.builtin.iptables:
+    chain: FORWARD
+    protocol: "{{ item[0][0] }}"
+    source_port: "{{ item[0][1] }}"
+    in_interface: "{{ item[1] }}"
+    jump: ACCEPT
+  loop: "{{ vpn_server.forwards | product([vpn_server.interface]) }}"
+- name: Forwarding network traffic on certain ports to Wireguard VPS service interface
+  become: true
+  ansible.builtin.iptables:
+    table: nat
+    chain: POSTROUTING
+    out_interface: "{{ vpn_server.interface }}"
+    jump: MASQUERADE