--- - name: Install required packages apt: pkg: - ifupdown2 - wireguard - nftables state: latest update_cache: yes - name: Tweak sysctl to enable IP forwarding template: src: sysctl.conf.j2 dest: /etc/sysctl.d/forwarding.conf owner: root group: root mode: u=rw,g=r,o= - name: Create tunnels configurations template: src: wireguard.conf.j2 dest: "/etc/wireguard/{{ item.name }}.conf" owner: root group: root mode: u=rw,g=,o= loop: "{{ wireguard_endpoints }}" # try to hide clear-text private keys from Ansible output no_log: True diff: no notify: - Reload network interfaces - name: Create network interfaces template: src: interface.j2 dest: "/etc/network/interfaces.d/{{ item.name }}" owner: root group: root mode: u=rw,g=r,o= loop: "{{ wireguard_endpoints }}" no_log: True diff: no notify: - Reload network interfaces - name: Enable nftables systemd: name: nftables.service state: started enabled: yes #- name: Configure nftables # template: # src: nftables.conf.j2 # dest: /etc/nftables.conf # validate: /sbin/nft -c -f %s # owner: root # group: root # mode: u=rw,g=r,o= # notify: # - Reload nftables ...