From 5ec7c4b1b31bb3cea080005b0245d09e05048e11 Mon Sep 17 00:00:00 2001
From: Dmitry Ilvokhin <d@ilvokhin.com>
Date: Sun, 19 May 2024 19:26:01 +0100
Subject: Migrate away from networkd for wireguard

Migrate due to a bug [1], which wasn't fixed for some time.

[1]: https://github.com/systemd/systemd/issues/25547
---
 roles/wgnet/tasks/main.yml | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

(limited to 'roles/wgnet/tasks')

diff --git a/roles/wgnet/tasks/main.yml b/roles/wgnet/tasks/main.yml
index 8e5a632..c776a84 100644
--- a/roles/wgnet/tasks/main.yml
+++ b/roles/wgnet/tasks/main.yml
@@ -10,12 +10,17 @@
 
 - name: Configure WireGuard for wgnet
   ansible.builtin.template:
-    src: "{{ item.src }}"
-    dest: "/etc/systemd/network/{{ item.dest }}"
-    owner: systemd-network
-    group: systemd-network
-    mode: u+rw,g+r,o+r
-  loop:
-    - { src: templates/wg0.netdev.j2, dest: wg0.netdev }
-    - { src: templates/wg0.network.j2, dest: wg0.network }
-  notify: Reload network
+    src: templates/wg0.conf.j2
+    dest: /etc/wireguard/wg0.conf
+    owner: root
+    group: root
+    # Config containes private key for this host, so permissions are
+    # restricted.
+    mode: u+rw,g-rw,o-rw
+  notify: Reload wgnet
+
+- name: Enable WireGuard service for wgnet
+  ansible.builtin.service:
+    name: wg-quick@wg0
+    enabled: yes
+    state: started
-- 
cgit v1.2.3-70-g09d2