summaryrefslogtreecommitdiff
path: root/playbooks/roles/wireguard-endpoint/tasks
diff options
context:
space:
mode:
Diffstat (limited to 'playbooks/roles/wireguard-endpoint/tasks')
-rw-r--r--playbooks/roles/wireguard-endpoint/tasks/main.yml40
1 files changed, 40 insertions, 0 deletions
diff --git a/playbooks/roles/wireguard-endpoint/tasks/main.yml b/playbooks/roles/wireguard-endpoint/tasks/main.yml
new file mode 100644
index 0000000..ed11411
--- /dev/null
+++ b/playbooks/roles/wireguard-endpoint/tasks/main.yml
@@ -0,0 +1,40 @@
+---
+
+- name: Install wireguard
+ ansible.builtin.apt:
+ name:
+ - wireguard
+ state: latest
+
+- name: Copy config
+ ansible.builtin.copy:
+ src: wireguard.cfg
+ dest: /etc/wireguard/simponic.conf
+ owner: root
+ group: root
+ mode: 0600
+
+- name: Enable and persist ip forwarding
+ ansible.builtin.sysctl:
+ name: net.ipv4.ip_forward
+ value: "1"
+ state: present
+ sysctl_set: true
+ reload: true
+
+- name: Allow wireguard endpoint ufw
+ ansible.builtin.ufw:
+ rule: allow
+ port: '51820'
+ proto: 'udp'
+
+- name: Start wireguard and enable on boot
+ ansible.builtin.systemd:
+ name: wg-quick@simponic
+ enabled: true
+ state: started
+
+- name: Hotreload wireguard
+ ansible.builtin.shell: >
+ bash -c
+ "wg syncconf mmtmesh <(wg-quick strip mmtmesh)"
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2025-09-23 18:36:19 +0000