SL/ansible/roles/wireguard/tasks/main.yml

57 lines
1.3 KiB
YAML
Raw Normal View History

2022-06-13 22:09:07 +02:00
- name: Install packages for wireguard
ansible.builtin.apt:
update_cache: yes
pkg:
- qrencode
- wireguard
- wireguard-tools
- name: Wireguard server config
ansible.builtin.template:
src: wireguard-server.conf
dest: /etc/wireguard/wg0.conf
mode: "0600"
backup: yes
become: true
register: wireguard_conf
- name: Enable wireguard
ansible.builtin.service:
name: wg-quick@wg0
enabled: true
become: true
- name: Restart wireguard
ansible.builtin.service:
name: wg-quick@wg0
state: restarted
when: wireguard_conf.changed
become: true
- name: Create wireguard client directory
ansible.builtin.file:
path: "/home/{{ users.0.username }}/wireguard-clients"
state: directory
owner: "{{ users.0.username }}"
mode: 0700
- name: Wireguard client configuration
ansible.builtin.template:
src: wireguard-client.conf
dest: "/home/{{ users.0.username }}/wireguard-clients/{{ item.key }}.conf"
owner: "{{ users.0.username }}"
mode: 0600
loop: "{{ wireguard.clients|dict2items }}"
loop_control:
label: "{{ item.key }}"
- name: Enable p2p communication
ansible.builtin.sysctl:
name: net.ipv4.ip_forward
value: "1"
sysctl_set: yes
state: present
reload: yes
sysctl_file: /etc/sysctl.d/99-sysctl.conf
become: true