39 lines
933 B
YAML
39 lines
933 B
YAML
---
|
|
- name: Install Wireguard on Server
|
|
hosts: wireguard
|
|
user: root
|
|
|
|
tasks:
|
|
- name: Install wireguard tools and dig
|
|
ansible.builtin.package:
|
|
name:
|
|
- wireguard-tools
|
|
- bind
|
|
|
|
- name: Copy keys to server
|
|
ansible.builtin.copy:
|
|
src: wireguard/wg0.conf
|
|
dest: /etc/wireguard/wg0.conf
|
|
notify: Reload systemd daemon
|
|
|
|
- name: Get server public IP
|
|
ansible.builtin.command: dig +short myip.opendns.com @resolver1.opendns.com
|
|
register: wireguard_public_ip
|
|
|
|
- name: Allow ipv4 forwarding
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/sysctl.d/wg.conf
|
|
line: net.ipv4.ip_forward=1
|
|
create: yes
|
|
|
|
- name: Start the wireguard service
|
|
ansible.builtin.service:
|
|
name: wg-quick@wg0
|
|
enabled: yes
|
|
|
|
handlers:
|
|
- name: Reload systemd daemon
|
|
ansible.builtin.command:
|
|
cmd: systemctl daemon-reload
|
|
|