structure :)

files/workstations/go.txt

@@ -0,0 +1 @@
+github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest

tasks/tasks_enable_service_units/vpn/enable_service_units.yml

@@ -0,0 +1,6 @@
+---
+- name: "00: Start the Wireguard service at boot"
+  ansible.builtin.systemd_service:
+    state: "started"
+    name: "wg-quick@wg0"
+    enabled: True

tasks/tasks_machine_configuration.yml

@@ -0,0 +1,8 @@
+---
+- name: "00: Determine Machine Configuration Task Set"
+  ansible.builtin.include_tasks: "{{ _tasks }}"
+  with_first_found:
+    - "tasks/tasks_machine_configuration/{{ machine_type }}/{{ machine_relationship }}/configuration.yml"
+    - "tasks/tasks_machine_configuration/{{ machine_type }}/configuration.yml"
+  loop_control:
+    loop_var: "_tasks"

tasks/tasks_machine_configuration/vpn/client/configuration.yml

@@ -0,0 +1,11 @@
+---
+- name: "00: Create Public and Private server keys"
+  become: True
+  ansible.builtin.shell:
+    command: "wg genkey | sudo tee /etc/wireguard/privatekey | wg pubkey | sudo tee /etc/wireguard/publickey"
+
+- name: "10: Render Client Configuration file"
+  
+
+
+

tasks/tasks_machine_configuration/vpn/configuration.yml → tasks/tasks_machine_configuration/vpn/server/configuration.yml

@@ -36,4 +36,20 @@
   ansible.builtin.file:
     path: "/etc/wireguard/privatekey"
     mode: "0600"
-  
+
+
+- name: "60: Start the wireguard server"
+  become: True
+  ansible.builtin.shell:
+    cmd: "wg-quick up wg0"
+
+- name: "70: Enable IP forwarding"
+  become: True
+ ansible.builtin.sysctl:
+    name: "net.ipv4.ip_forward"
+    value: "1"
+    sysctl_set: "yes"
+    state: "present"
+    reload: "yes"
+
+

templates/wireguard.client.j2

@@ -0,0 +1,10 @@
+[Interface]
+PrivateKey = {{ ansible_facts['vpn_client_private_key'] }}
+Address = {{ ansible_facts['vpn_client_address'] }}
+
+
+[Peer]
+PublicKey = {{ ansible_facts['vpn_server_public_key'] }}
+Endpoint = {{ ansible_facts['vpn_server_wan_address'] }}:{{ ansible_facts['vpn_server_port'] }}
+AllowedIPs = 0.0.0.0/0
+