| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051 |
- ---
- - name: "00: Create Wireguard directory"
- ansible.builtin.file:
- path: "/etc/wireguard"
- state: "directory"
- - name: "10: Create Public and Private server keys"
- ansible.builtin.shell:
- cmd: "wg genkey | tee /etc/wireguard/privatekey | wg pubkey | tee /etc/wireguard/publickey"
- - name: "20: Modify Private key permissions"
- ansible.builtin.file:
- path: "/etc/wireguard/privatekey"
- mode: '0600'
- - name: "30: Set VPN configuration variables"
- ansible.builtin.command: cat /etc/wireguard/privatekey
- register: private_key_cmd
- - name: "35: Register the stdout of previous"
- ansible.builtin.set_fact:
- vpn_private_key_content: "{{ private_key_cmd.stdout }}"
-
- - name: "40: Create server configuration file"
- ansible.builtin.template:
- src: "templates/wg0.conf.j2"
- dest: "/etc/wireguard/wg0.conf"
- - name: "50: Modify Server config file permissions"
- ansible.builtin.file:
- path: "/etc/wireguard/wg0.conf"
- mode: "0600"
- ansible.builtin.file:
- path: "/etc/wireguard/privatekey"
- mode: "0600"
- - name: "60: Start the wireguard server"
- ansible.builtin.shell:
- cmd: "wg-quick up wg0"
- - name: "70: Enable IP forwarding"
- ansible.builtin.sysctl:
- name: "net.ipv4.ip_forward"
- value: "1"
- sysctl_set: "yes"
- state: "present"
- reload: "yes"
|
