50 lines
1 KiB
YAML
50 lines
1 KiB
YAML
---
|
|
- name: Install required packages
|
|
become: true
|
|
apt:
|
|
pkg:
|
|
- ifupdown2
|
|
- wireguard
|
|
state: latest
|
|
update_cache: yes
|
|
|
|
- name: Tweak sysctl to enable IP forwarding
|
|
become: true
|
|
template:
|
|
src: sysctl.conf.j2
|
|
dest: /etc/sysctl.d/forwarding.conf
|
|
owner: root
|
|
group: root
|
|
mode: u=rw,g=r,o=
|
|
notify:
|
|
- Reload sysctl
|
|
|
|
- name: Create tunnels configurations
|
|
become: true
|
|
template:
|
|
src: wireguard.conf.j2
|
|
dest: "/etc/wireguard/{{ item.name }}.conf"
|
|
owner: root
|
|
group: root
|
|
mode: u=rw,g=,o=
|
|
loop: "{{ wireguard_endpoints }}"
|
|
# try to hide clear-text private keys from Ansible output
|
|
no_log: True
|
|
diff: no
|
|
notify:
|
|
- Reload network interfaces
|
|
|
|
- name: Create network interfaces
|
|
become: true
|
|
template:
|
|
src: interface.j2
|
|
dest: "/etc/network/interfaces.d/{{ item.name }}"
|
|
owner: root
|
|
group: root
|
|
mode: u=rw,g=r,o=
|
|
loop: "{{ wireguard_endpoints }}"
|
|
no_log: True
|
|
diff: no
|
|
notify:
|
|
- Reload network interfaces
|
|
...
|