infrastructure/ansible/roles/gateway/tasks/wireguard.yml

57 lines
1.2 KiB
YAML
Raw Normal View History

- name: Install wireguard tools
package:
name: "{{ item }}"
become: true
loop:
- wireguard-tools
- qrencode
2019-12-08 21:05:20 +00:00
- name: Wireguard server config
template:
2020-01-19 16:43:51 +00:00
src: files/wireguard-server.conf
2019-12-08 21:05:20 +00:00
dest: /etc/wireguard/wg0.conf
mode: "0600"
backup: true
2019-12-08 21:05:20 +00:00
become: true
register: wireguard_conf
- name: Enable wireguard
service:
name: wg-quick@wg0
enabled: true
2020-04-28 20:48:15 +01:00
become: true
- name: Restart wireguard
service:
name: wg-quick@wg0
state: restarted
2019-12-08 21:05:20 +00:00
when: wireguard_conf.changed
become: true
2020-01-19 16:43:51 +00:00
- name: Create wireguard client directory
file:
2023-06-17 16:00:30 +01:00
path: "{{ me.home }}/wireguard-clients"
2020-01-19 16:43:51 +00:00
state: directory
owner: "{{ me.user }}"
mode: "700"
2020-01-19 16:43:51 +00:00
- name: Wireguard client configuration
template:
src: files/wireguard-client.conf
2023-06-17 16:00:30 +01:00
dest: "{{ me.home }}/wireguard-clients/{{ item.key }}.conf"
owner: "{{ me.user }}"
mode: "600"
loop: "{{ wireguard.clients | dict2items }}"
2020-01-19 16:43:51 +00:00
loop_control:
label: "{{ item.key }}"
2020-05-09 20:07:19 +01:00
- name: Enable p2p communication
sysctl:
name: net.ipv4.ip_forward
2020-06-18 21:18:47 +01:00
value: "1"
sysctl_set: true
2020-05-09 20:07:19 +01:00
state: present
reload: true
sysctl_file: /etc/sysctl.d/99-sysctl.conf
2020-05-09 20:07:19 +01:00
become: true