45 lines
980 B
YAML
45 lines
980 B
YAML
|
- name: Install Wireguard
|
||
|
|
package:
|
||
|
|
name:
|
||
|
|
- wireguard-virt
|
||
|
|
- wireguard-tools
|
||
|
|
become: true
|
||
|
|
|
||
|
|
- name: Get wireguard credentials
|
||
|
|
set_fact:
|
||
|
|
ingress_wireguard: "{{ wireguard.clients.ingress }}"
|
||
|
|
|
||
|
|
- name: Wireguard config
|
||
|
|
template:
|
||
|
|
src: files/wireguard.conf
|
||
|
|
dest: /etc/wireguard/wg0.conf
|
||
|
|
mode: "0600"
|
||
|
|
backup: true
|
||
|
|
become: true
|
||
|
|
notify: restart wireguard
|
||
|
|
|
||
|
|
# Wireguard on Alpine doesn't ship a native OpenRC service
|
||
|
|
- name: Download wireguard service
|
||
|
|
get_url:
|
||
|
|
url: https://gitweb.gentoo.org/repo/gentoo.git/plain/net-vpn/wireguard-tools/files/wg-quick.init
|
||
|
|
dest: /etc/init.d/wg-quick.wg0
|
||
|
|
mode: "0755"
|
||
|
|
backup: yes
|
||
|
|
become: true
|
||
|
|
|
||
|
|
- name: Enable wireguard
|
||
|
|
service:
|
||
|
|
name: wg-quick.wg0
|
||
|
|
enabled: true
|
||
|
|
become: true
|
||
|
|
|
||
|
|
- name: Enable p2p communication
|
||
|
|
sysctl:
|
||
|
|
name: net.ipv4.ip_forward
|
||
|
|
value: "1"
|
||
|
|
sysctl_set: yes
|
||
|
|
state: present
|
||
|
|
reload: yes
|
||
|
|
sysctl_file: /etc/sysctl.d/99-sysctl.conf
|
||
|
|
become: true
|