ansible/roles/wireguard_endpoint/tasks/main.yml

---
- name: Install required packages
  become: true
  apt:
    pkg:
      - ifupdown2
      - wireguard
    state: latest
    update_cache: yes

- name: Tweak sysctl to enable IP forwarding
  become: true
  template:
    src: sysctl.conf.j2
    dest: /etc/sysctl.d/forwarding.conf
    owner: root
    group: root
    mode: u=rw,g=r,o=
  notify:
    - Reload sysctl

- name: Create tunnels configurations
  become: true
  template:
    src: wireguard.conf.j2
    dest: "/etc/wireguard/{{ item.name }}.conf"
    owner: root
    group: root
    mode: u=rw,g=,o=
  loop: "{{ wireguard_endpoints }}"
  # try to hide clear-text private keys from Ansible output
  no_log: True
  diff: no
  notify:
    - Reload network interfaces

- name: Create network interfaces
  become: true
  template:
    src: interface.j2
    dest: "/etc/network/interfaces.d/{{ item.name }}"
    owner: root
    group: root
    mode: u=rw,g=r,o=
  loop: "{{ wireguard_endpoints }}"
  no_log: True
  diff: no
  notify:
    - Reload network interfaces
...
WIP: Create a role for a Wireguard VPN endpoint 2021-01-31 06:07:05 +01:00			`---`
			`- name: Install required packages`
Reload sysctl (wireguard_endpoint) 2021-03-10 06:23:21 +01:00			`become: true`
WIP: Create a role for a Wireguard VPN endpoint 2021-01-31 06:07:05 +01:00			`apt:`
			`pkg:`
			`- ifupdown2`
			`- wireguard`
			`state: latest`
			`update_cache: yes`

			`- name: Tweak sysctl to enable IP forwarding`
Reload sysctl (wireguard_endpoint) 2021-03-10 06:23:21 +01:00			`become: true`
WIP: Create a role for a Wireguard VPN endpoint 2021-01-31 06:07:05 +01:00			`template:`
			`src: sysctl.conf.j2`
			`dest: /etc/sysctl.d/forwarding.conf`
			`owner: root`
			`group: root`
			`mode: u=rw,g=r,o=`
Reload sysctl (wireguard_endpoint) 2021-03-10 06:23:21 +01:00			`notify:`
			`- Reload sysctl`
WIP: Create a role for a Wireguard VPN endpoint 2021-01-31 06:07:05 +01:00
			`- name: Create tunnels configurations`
Reload sysctl (wireguard_endpoint) 2021-03-10 06:23:21 +01:00			`become: true`
WIP: Create a role for a Wireguard VPN endpoint 2021-01-31 06:07:05 +01:00			`template:`
			`src: wireguard.conf.j2`
			`dest: "/etc/wireguard/{{ item.name }}.conf"`
			`owner: root`
			`group: root`
			`mode: u=rw,g=,o=`
			`loop: "{{ wireguard_endpoints }}"`
			`# try to hide clear-text private keys from Ansible output`
Restore 'no_log' in Wireguard role 2021-02-20 21:03:06 +01:00			`no_log: True`
WIP: Create a role for a Wireguard VPN endpoint 2021-01-31 06:07:05 +01:00			`diff: no`
Notify ifreload handler on wg config change 2021-02-20 23:40:19 +01:00			`notify:`
			`- Reload network interfaces`
WIP: Create a role for a Wireguard VPN endpoint 2021-01-31 06:07:05 +01:00
			`- name: Create network interfaces`
Reload sysctl (wireguard_endpoint) 2021-03-10 06:23:21 +01:00			`become: true`
WIP: Create a role for a Wireguard VPN endpoint 2021-01-31 06:07:05 +01:00			`template:`
			`src: interface.j2`
			`dest: "/etc/network/interfaces.d/{{ item.name }}"`
			`owner: root`
			`group: root`
			`mode: u=rw,g=r,o=`
			`loop: "{{ wireguard_endpoints }}"`
Restore 'no_log' in Wireguard role 2021-02-20 21:03:06 +01:00			`no_log: True`
WIP: Create a role for a Wireguard VPN endpoint 2021-01-31 06:07:05 +01:00			`diff: no`
			`notify:`
			`- Reload network interfaces`
			`...`