From da9620ed0709be25b4ced254ca0f131f637bcfe6 Mon Sep 17 00:00:00 2001
From: Dmitry Ilvokhin <d@ilvokhin.com>
Date: Mon, 27 May 2024 10:45:25 +0100
Subject: Add wgvpn role for WireGuard VPN

---
 roles/wgvpn/tasks/main.yml | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 roles/wgvpn/tasks/main.yml

(limited to 'roles/wgvpn/tasks')

diff --git a/roles/wgvpn/tasks/main.yml b/roles/wgvpn/tasks/main.yml
new file mode 100644
index 0000000..8dc0e3b
--- /dev/null
+++ b/roles/wgvpn/tasks/main.yml
@@ -0,0 +1,23 @@
+- name: Configure WireGuard for wgvpn
+  ansible.builtin.template:
+    src: templates/wg1.conf.j2
+    dest: /etc/wireguard/wg1.conf
+    owner: root
+    group: root
+    mode: u+rw,g-rw,o-rw
+  notify: Reload wgvpn
+
+- name: Configure systemd-resolved for wgvpn
+  ansible.builtin.copy:
+    src: files/wgvpn.conf
+    dest: /etc/systemd/resolved.conf.d/wgvpn.conf
+    owner: root
+    group: root
+    mode: u+rw,g+r,o+r
+  notify: Restart systemd-resolved
+
+- name: Enable WireGuard service for wgvpn
+  ansible.builtin.service:
+    name: wg-quick@wg1
+    enabled: yes
+    state: started
-- 
cgit v1.2.3-70-g09d2