infrastructure/ansible/roles/ingress/tasks/wireguard.yml

- name: Install Wireguard
  package:
    name: wireguard

- name: Get wireguard credentials
  set_fact:
    ingress_wireguard: "{{ wireguard.clients.ingress }}"

- name: Wireguard config
  template:
    src: files/wireguard.conf
    dest: /etc/wireguard/wg0.conf
    mode: "0600"
    backup: true
  notify: restart wireguard

- name: Enable wireguard
  service:
    name: wg-quick@wg0
    enabled: true

- name: Enable p2p communication
  sysctl:
    name: net.ipv4.ip_forward
    value: "1"
    sysctl_set: true
    state: present
    reload: true
    sysctl_file: /etc/sysctl.d/99-sysctl.conf