ansible-edda/playbooks/tasks/vpn/wireguard.yml

- name: Install WireGuard
  apt:
    name: wireguard

- name: WireGuard interface configuration
  template:
    src: ./filesystem/{{ ansible_hostname }}/etc/wireguard/wg0.conf.j2
    dest: /etc/wireguard/wg0.conf
    mode: 0600
  register: wg_intf_conf

- name: WireGuard interface post-up nftables script
  template:
    src: ./filesystem/{{ ansible_hostname }}/usr/local/sbin/post-up-wg0.nft.j2
    dest: /usr/local/sbin/post-up-wg0.nft
    mode: 0755
  register: wg_intf_post_up

- name: Create WireGuard interface
  template:
    src: ./filesystem/{{ ansible_hostname }}/etc/network/interfaces.d/wg0.j2
    dest: /etc/network/interfaces.d/wg0
    mode: 0644
  register: wg_intf

- name: Restart WireGuard interface
  shell: ifdown wg0 && ifup wg0
  when:
    wg_intf_conf is changed or
    wg_intf_post_up is changed or
    wg_intf is changed

- name: WireGuard interface pre-down nftables script
  template:
    src: ./filesystem/{{ ansible_hostname }}/usr/local/sbin/pre-down-wg0.nft.j2
    dest: /usr/local/sbin/pre-down-wg0.nft
    mode: 0755
Set up VPN network 2022-09-24 00:15:46 +02:00			`- name: Install WireGuard`
			`apt:`
			`name: wireguard`

			`- name: WireGuard interface configuration`
			`template:`
			`src: ./filesystem/{{ ansible_hostname }}/etc/wireguard/wg0.conf.j2`
			`dest: /etc/wireguard/wg0.conf`
			`mode: 0600`
			`register: wg_intf_conf`

			`- name: WireGuard interface post-up nftables script`
			`template:`
			`src: ./filesystem/{{ ansible_hostname }}/usr/local/sbin/post-up-wg0.nft.j2`
			`dest: /usr/local/sbin/post-up-wg0.nft`
			`mode: 0755`
			`register: wg_intf_post_up`

			`- name: Create WireGuard interface`
			`template:`
			`src: ./filesystem/{{ ansible_hostname }}/etc/network/interfaces.d/wg0.j2`
			`dest: /etc/network/interfaces.d/wg0`
			`mode: 0644`
			`register: wg_intf`

			`- name: Restart WireGuard interface`
			`shell: ifdown wg0 && ifup wg0`
			`when:`
			`wg_intf_conf is changed or`
			`wg_intf_post_up is changed or`
			`wg_intf is changed`

			`- name: WireGuard interface pre-down nftables script`
			`template:`
			`src: ./filesystem/{{ ansible_hostname }}/usr/local/sbin/pre-down-wg0.nft.j2`
			`dest: /usr/local/sbin/pre-down-wg0.nft`
			`mode: 0755`