From 7d113fcddd341f1e4b04ceb2785087d50b8e1556 Mon Sep 17 00:00:00 2001
From: Dmitry Ilvokhin <d@ilvokhin.com>
Date: Sun, 24 Aug 2025 13:31:38 +0100
Subject: Add wireguard configuration to dotfiles role

This is a simple role that works only for one host. There are multiple
complications that I should keep in mind in the future.

* There is should be a way to install dotfiles on boxes without GPG key
  there. So, files with secrets in them should be gated.
* Wireguard configuration should be per host. Each host should have it
  is own private key.
---
 roles/dotfiles/tasks/main.yml | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

(limited to 'roles/dotfiles/tasks/main.yml')

diff --git a/roles/dotfiles/tasks/main.yml b/roles/dotfiles/tasks/main.yml
index 424588d..73c9a90 100644
--- a/roles/dotfiles/tasks/main.yml
+++ b/roles/dotfiles/tasks/main.yml
@@ -74,6 +74,29 @@
         sshconfig_jumphost: '{{ dotfiles_jumphost }}'
       when: has_ssh.rc == 0
 
+- name: Configure wireguard if installed
+  tags: wireguard
+  block:
+    - name: Check if wireguard is installed
+      ansible.builtin.command: wg --version
+      changed_when: false
+      failed_when: false
+      register: has_wireguard
+
+    - name: Get actual hostname
+      ansible.builtin.command: hostname
+      changed_when: false
+      failed_when: false
+      register: hostname
+
+    - ansible.builtin.include_role:
+        name: wgconfig
+      vars:
+        wgconfig_user: '{{ dotfiles_user }}'
+        wgconfig_group: '{{ dotfiles_group }}'
+        wgconfig_homedir: '{{ dotfiles_homedir }}'
+      when: has_wireguard.rc == 0 and hostname.stdout == "silver"
+
 - name: Configure git if installed
   tags: git
   block:
-- 
cgit v1.2.3-70-g09d2