blob: ed11411eaecde4b909aa518b2169a6f9ebe5e536 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
---
- name: Install wireguard
ansible.builtin.apt:
name:
- wireguard
state: latest
- name: Copy config
ansible.builtin.copy:
src: wireguard.cfg
dest: /etc/wireguard/simponic.conf
owner: root
group: root
mode: 0600
- name: Enable and persist ip forwarding
ansible.builtin.sysctl:
name: net.ipv4.ip_forward
value: "1"
state: present
sysctl_set: true
reload: true
- name: Allow wireguard endpoint ufw
ansible.builtin.ufw:
rule: allow
port: '51820'
proto: 'udp'
- name: Start wireguard and enable on boot
ansible.builtin.systemd:
name: wg-quick@simponic
enabled: true
state: started
- name: Hotreload wireguard
ansible.builtin.shell: >
bash -c
"wg syncconf mmtmesh <(wg-quick strip mmtmesh)"
|
