ansible/roles/wireguard_endpoint/tasks/main.yml

62 lines
1.2 KiB
YAML

---
- name: Install required packages
apt:
pkg:
- ifupdown2
- wireguard
- nftables
state: latest
update_cache: yes
- name: Tweak sysctl to enable IP forwarding
template:
src: sysctl.conf.j2
dest: /etc/sysctl.d/forwarding.conf
owner: root
group: root
mode: u=rw,g=r,o=
- name: Create tunnels configurations
template:
src: wireguard.conf.j2
dest: "/etc/wireguard/{{ item.name }}.conf"
owner: root
group: root
mode: u=rw,g=,o=
loop: "{{ wireguard_endpoints }}"
# try to hide clear-text private keys from Ansible output
no_log: True
diff: no
notify:
- Reload network interfaces
- name: Create network interfaces
template:
src: interface.j2
dest: "/etc/network/interfaces.d/{{ item.name }}"
owner: root
group: root
mode: u=rw,g=r,o=
loop: "{{ wireguard_endpoints }}"
no_log: True
diff: no
notify:
- Reload network interfaces
- name: Enable nftables
systemd:
name: nftables.service
state: started
enabled: yes
#- name: Configure nftables
# template:
# src: nftables.conf.j2
# dest: /etc/nftables.conf
# validate: /sbin/nft -c -f %s
# owner: root
# group: root
# mode: u=rw,g=r,o=
# notify:
# - Reload nftables
...