--- - name: WireGuard setup block: - name: Include vars for {{ ansible_os_family }} include_vars: "{{ item }}" with_first_found: - "{{ ansible_os_family }}_{{ ansible_distribution_major_version }}.yml" - "{{ ansible_os_family }}.yml" - name: Pre-installation include_tasks: "install_{{ ansible_os_family }}.yml" - name: Install packages for WireGuard package: name: - "{{ wireguard_packages }}" state: present update_cache: true - name: Configure wireguard block: - name: Retreive private key block: - name: Retreive private key shell: > cat /etc/wireguard/privatekey register: wireguard_private_key changed_when: false check_mode: false rescue: - name: Generate private key shell: > set -o pipefail && wg genkey | tee /etc/wireguard/privatekey register: wireguard_private_key always: - name: Fix permission on /etc/wireguard/privatekey file: path: "/etc/wireguard/privatekey" owner: root group: root mode: 0600 - name: Retreive public key block: - name: Retreive public key shell: > cat /etc/wireguard/publickey register: wireguard_public_key changed_when: false check_mode: false rescue: - name: Generate public key shell: > set -o pipefail && cat /etc/wireguard/privatekey | wg pubkey | tee /etc/wireguard/publickey register: wireguard_public_key always: - name: Fix permission on /etc/wireguard/publickey file: path: "/etc/wireguard/publickey" owner: root group: root mode: 0600 - name: Set keys pair variable set_fact: wireguard_public_key: '{{ wireguard_public_key.stdout }}' wireguard_private_key: '{{ wireguard_private_key.stdout }}' check_mode: false - name: Install WireGuard configuration files template: src: "etc/wireguard/wireguard.conf.j2" dest: "/etc/wireguard/{{ wireguard_interface }}.conf" owner: root group: root mode: 0644 - name: Enable Wireguard service service: name: "wg-quick@{{ wireguard_interface }}" enabled: true state: restarted when: - not skip_conf tags: - wireguard-conf tags: - wireguard