50 lines
1.2 KiB
YAML
50 lines
1.2 KiB
YAML
- name: Create configuration directory
|
|
file:
|
|
path: '/etc/wireguard'
|
|
state: directory
|
|
tags:
|
|
- setup
|
|
- configs
|
|
- name: Copy configuration files
|
|
template:
|
|
follow: yes
|
|
src: 'wireguard.conf.j2'
|
|
dest: '/etc/wireguard/wg0.conf'
|
|
mode: '600'
|
|
notify: Restart wg-quick
|
|
tags:
|
|
- update
|
|
- configs
|
|
- vault
|
|
- name: Install wireguard kernel module and tools
|
|
apt:
|
|
install_recommends: no
|
|
name:
|
|
- wireguard-tools
|
|
- wireguard # TODO: Check if kernel version > 5.6, it is included in the kernel following that
|
|
state: present
|
|
cache_valid_time: 3600
|
|
tags:
|
|
- setup
|
|
- packages
|
|
notify: Enable wg-quick
|
|
- name: Allow wireguard through the firewall
|
|
loop:
|
|
- { ipv: 'ipv4', proto: 'tcp' }
|
|
- { ipv: 'ipv6', proto: 'tcp' }
|
|
iptables:
|
|
chain: INPUT
|
|
ctstate:
|
|
- NEW
|
|
- ESTABLISHED
|
|
- RELATED
|
|
destination_port: "{{ wireguard.port }}"
|
|
jump: ACCEPT
|
|
ip_version: '{{ item.ipv }}'
|
|
protocol: '{{ item.proto }}'
|
|
notify:
|
|
- Save netfilter rules
|
|
tags:
|
|
- update
|
|
- firewall
|