ansibloated/tasks/tasks_machine_configuration/vpn/server/task_machine_configuration.yml

---
- name: "00: UFW configuration"
  ansible.builtin.command: ufw allow "{{ vpn_server_port }}/udp"


- name: "00: more UFW configuration"
  ansible.builtin.command: ufw allow "OpenSSH"

- name: "10: Cycle UFW"
  ansible.builtin.command: ufw disable && ufw --force enable

- name: "00: Create Wireguard directory"
  ansible.builtin.file:
    path: "/etc/wireguard"
    state: "directory"

- name: "10: Create Public and Private server keys"
  ansible.builtin.shell:
    cmd: "wg genkey | tee /etc/wireguard/privatekey | wg pubkey | tee /etc/wireguard/publickey"

- name: "20: Modify Private key permissions"
  ansible.builtin.file:
    path: "/etc/wireguard/privatekey"
    mode: '0600'

- name: "30: Read out VPN server private key"
  ansible.builtin.command: cat /etc/wireguard/privatekey
  register: private_key_cmd

- name: "35: Register the stdout of previous"
  ansible.builtin.set_fact:
    vpn_private_key_content: "{{ private_key_cmd.stdout }}"

- name : "40: Read out VPN server public key"
  ansible.builtin.command: cat /etc/wireguard/publickey
  register: public_key_cmd

- name: "35: Register the stdout of previous"
  ansible.builtin.set_fact:
    vpn_public_key_content: "{{ public_key_cmd.stdout }}"

- name: "40: Create server configuration file"
  ansible.builtin.template:
    src: "templates/wg0.conf.j2"
    dest: "/etc/wireguard/wg0.conf"


- name: "50: Modify Server config file permissions"
  ansible.builtin.file:
    path: "/etc/wireguard/wg0.conf"
    mode: "0600"
  ansible.builtin.file:
    path: "/etc/wireguard/privatekey"
    mode: "0600"


- name: "60: Start the wireguard server"
  ansible.builtin.shell:
    cmd: "wg-quick up wg0"

- name: "70: Enable IP forwarding"
  ansible.builtin.sysctl:
    name: "net.ipv4.ip_forward"
    value: "1"
    sysctl_set: "yes"
    state: "present"
    reload: "yes"