From b4a12dbbf4a4759bf24975ca9bfc5096c90ae8b6 Mon Sep 17 00:00:00 2001
From: Dmitry Ilvokhin <d@ilvokhin.com>
Date: Sun, 19 May 2024 17:02:45 +0100
Subject: Wireguard overlay network setup

Need to migrate away from networkd, because it can't add new wireguard
peers now out of the box without hacks.

[1]: https://github.com/systemd/systemd/issues/25547
---
 roles/wgnet/tasks/main.yml | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 roles/wgnet/tasks/main.yml

(limited to 'roles/wgnet/tasks')

diff --git a/roles/wgnet/tasks/main.yml b/roles/wgnet/tasks/main.yml
new file mode 100644
index 0000000..8e5a632
--- /dev/null
+++ b/roles/wgnet/tasks/main.yml
@@ -0,0 +1,21 @@
+- name: Configure IPv4 and IPv6 packet forwarding
+  ansible.builtin.sysctl:
+    name: '{{ item }}'
+    value: '1'
+    sysctl_set: true
+  loop:
+    - net.ipv4.ip_forward
+    - net.ipv4.conf.all.forwarding
+    - net.ipv6.conf.all.forwarding
+
+- name: Configure WireGuard for wgnet
+  ansible.builtin.template:
+    src: "{{ item.src }}"
+    dest: "/etc/systemd/network/{{ item.dest }}"
+    owner: systemd-network
+    group: systemd-network
+    mode: u+rw,g+r,o+r
+  loop:
+    - { src: templates/wg0.netdev.j2, dest: wg0.netdev }
+    - { src: templates/wg0.network.j2, dest: wg0.network }
+  notify: Reload network
-- 
cgit v1.2.3-70-g09d2