2024-09-29 18:04:34 +05:00
|
|
|
---
|
|
|
|
- name: Install wireguard and iptables
|
|
|
|
become: true
|
|
|
|
ansible.builtin.apt:
|
|
|
|
pkg:
|
|
|
|
- wireguard
|
|
|
|
- iptables
|
|
|
|
- name: Create wireguard directory
|
|
|
|
become: true
|
|
|
|
ansible.builtin.file:
|
|
|
|
path: /etc/wireguard
|
|
|
|
state: directory
|
2024-10-30 17:42:17 +05:00
|
|
|
mode: '1700'
|
|
|
|
owner: root
|
2024-09-29 18:04:34 +05:00
|
|
|
- name: Generate private key
|
|
|
|
become: true
|
|
|
|
ansible.builtin.shell: |
|
|
|
|
umask 077
|
|
|
|
wg genkey > private_key
|
|
|
|
args:
|
|
|
|
chdir: /etc/wireguard
|
|
|
|
creates: private_key
|
|
|
|
- name: Generate public key
|
|
|
|
become: true
|
|
|
|
ansible.builtin.shell: |
|
|
|
|
umask 077
|
|
|
|
cat private_key | wg pubkey > public_key
|
|
|
|
args:
|
|
|
|
chdir: /etc/wireguard
|
|
|
|
creates: public_key
|
|
|
|
- name: Enable packet forwarding
|
|
|
|
become: true
|
|
|
|
ansible.posix.sysctl:
|
|
|
|
name: net.ipv4.ip_forward
|
|
|
|
value: '1'
|
|
|
|
state: present
|
|
|
|
reload: true
|
|
|
|
- name: Read private key
|
|
|
|
become: true
|
|
|
|
ansible.builtin.slurp:
|
|
|
|
path: /etc/wireguard/private_key
|
|
|
|
register: private_key
|
|
|
|
- name: Copy wireguard config
|
|
|
|
become: true
|
|
|
|
ansible.builtin.template:
|
|
|
|
src: wg0.conf.j2
|
|
|
|
dest: /etc/wireguard/wg0.conf
|
2024-10-30 17:42:17 +05:00
|
|
|
register: cfg
|
2024-09-29 18:04:34 +05:00
|
|
|
- name: Enable wireguard service
|
|
|
|
become: true
|
|
|
|
ansible.builtin.systemd_service:
|
|
|
|
name: wg-quick@wg0
|
2024-10-30 17:42:17 +05:00
|
|
|
state: "{% if cfg.changed %}restarted{% else %}started{% endif %}"
|
2024-09-29 18:04:34 +05:00
|
|
|
enabled: true
|