homelab/roles/base/tasks/wireguard.yml

37 lines
781 B
YAML

- name: Install WireGuard
apt:
name: wireguard
state: present
update_cache: true
- name: Generate WireGuard keys
shell: wg genkey | tee privatekey | wg pubkey > publickey
args:
chdir: /etc/wireguard/
creates: /etc/wireguard/privatekey
- name: Grab WireGuard private key for configuration
slurp:
src: /etc/wireguard/privatekey
register: wgkey
- name: Install WireGuard configuration
template:
src: wireguard.j2
dest: /etc/wireguard/wg0.conf
notify:
- restart_wireguard
- name: Start WireGuard interface
service:
name: wg-quick@wg0
state: started
enabled: true
- name: Add WireGuard firewall rule
ufw:
rule: allow
port: "{{ wireguard.listenport }}"
proto: tcp
when: wireguard.listenport is defined