Wireguard VPN Server

ansible/inventories/group_vars/wireguard_server/sifi.yaml

@@ -0,0 +1,14 @@
+server_port: "51820"
+
+peers:
+- publicKey: "NRGPm2GV+ocsXImNxJ5pT/FuQCPg8uQcvydB6OSQEBg="
+  allowedIPs: "192.168.99.4/32"
+
+
+
+# client
+{% for peer in peers %}
+[Peer]
+PublicKey = {{ peers[peer].publicKey}}
+AllowedIPs = {{ peers[peer].allowedIPs}}
+{{% endfor %}}

ansible/playbooks/roles/wireguard_server/tasks/main.yaml

@@ -0,0 +1,44 @@
+---
+- name: Install Wireguard Server
+  apt:
+    pkg:
+      - wireguard
+    state: latest
+    update_cache: true
+
+
+- name: Creating server privatekey and publickey
+  shell: wg genkey | tee privatekey | wg pubkey > publickey
+  args:
+    chdir: /etc/wireguard/keys
+
+- name: Get Private Key [privatekey => ]var_privatekey
+  shell: cat privatekey
+  register: var_privatekey
+  args:
+    chdir: /etc/wireguard/keys
+
+
+- name: Add WireGuard interface
+  command: ip link add dev wg0 type wireguard
+  become: true
+
+
+- name: Updating configuration
+  template:
+    src: wireguard_server
+    dest: /etc/wireguard/wg0.conf
+
+- name: Activating link
+  command: ip link set up dev wg0
+  become: true
+
+- name: Getting public key
+  shell: cat publickey
+  register: var_publickey
+  args:
+    chdir: /etc/wireguard/keys
+
+- name: Printing public key
+  debug:
+    msg: "Server public key is {{ var_publickey }}"

ansible/playbooks/roles/wireguard_server/templates/wireguard_server.jinja

@@ -0,0 +1,11 @@
+# device
+[Interface]
+PrivateKey = {{ var_privatekey.stdout }}
+ListenPort = {{ server_port }}
+
+# client
+{% for peer in peers %}
+[Peer]
+PublicKey = {{ peers[peer].publicKey}}
+AllowedIPs = {{ peers[peer].allowedIP}}
+{{% endfor %}}

ansible/playbooks/vpn_server.yaml

@@ -0,0 +1,5 @@
+---
+- name: Configure VPN Server
+  hosts: wireguard_server
+  roles:
+    - wireguard_server