32 lines
767 B
YAML
32 lines
767 B
YAML
# wireguard_server.yml - Configure WireGuard VPN server
|
|
---
|
|
- name: Get Private Key [privatekey => var_privatekey]
|
|
shell: cat privatekey
|
|
register: wg_server_private_key
|
|
args:
|
|
chdir: /etc/wireguard
|
|
|
|
- name: Deploy WireGuard server configuration
|
|
ansible.builtin.template:
|
|
src: templates/wireguard_server.jinja
|
|
dest: "/etc/wireguard/{{ wg_interface }}.conf"
|
|
owner: root
|
|
group: root
|
|
mode: '0600'
|
|
notify: Restart WireGuard
|
|
|
|
- name: Enable and start WireGuard
|
|
ansible.builtin.systemd:
|
|
name: "wg-quick@{{ wg_interface }}"
|
|
state: started
|
|
enabled: true
|
|
|
|
- name: Open WireGuard port in firewall
|
|
community.general.ufw:
|
|
rule: allow
|
|
port: "{{ wg_port }}"
|
|
proto: udp
|
|
comment: "WireGuard VPN"
|
|
ignore_errors: true
|
|
|