57 lines
1.3 KiB
YAML
57 lines
1.3 KiB
YAML
- name: Install packages for wireguard
|
|
ansible.builtin.apt:
|
|
update_cache: yes
|
|
pkg:
|
|
- qrencode
|
|
- wireguard
|
|
- wireguard-tools
|
|
|
|
- name: Wireguard server config
|
|
ansible.builtin.template:
|
|
src: wireguard-server.conf
|
|
dest: /etc/wireguard/wg0.conf
|
|
mode: "0600"
|
|
backup: yes
|
|
become: true
|
|
register: wireguard_conf
|
|
|
|
- name: Enable wireguard
|
|
ansible.builtin.service:
|
|
name: wg-quick@wg0
|
|
enabled: true
|
|
become: true
|
|
|
|
- name: Restart wireguard
|
|
ansible.builtin.service:
|
|
name: wg-quick@wg0
|
|
state: restarted
|
|
when: wireguard_conf.changed
|
|
become: true
|
|
|
|
- name: Create wireguard client directory
|
|
ansible.builtin.file:
|
|
path: "/home/{{ users.0.username }}/wireguard-clients"
|
|
state: directory
|
|
owner: "{{ users.0.username }}"
|
|
mode: 0700
|
|
|
|
- name: Wireguard client configuration
|
|
ansible.builtin.template:
|
|
src: wireguard-client.conf
|
|
dest: "/home/{{ users.0.username }}/wireguard-clients/{{ item.key }}.conf"
|
|
owner: "{{ users.0.username }}"
|
|
mode: 0600
|
|
loop: "{{ wireguard.clients|dict2items }}"
|
|
loop_control:
|
|
label: "{{ item.key }}"
|
|
|
|
- name: Enable p2p communication
|
|
ansible.builtin.sysctl:
|
|
name: net.ipv4.ip_forward
|
|
value: "1"
|
|
sysctl_set: yes
|
|
state: present
|
|
reload: yes
|
|
sysctl_file: /etc/sysctl.d/99-sysctl.conf
|
|
become: true
|