ansible-role-wireguard_server/tasks/configure.yml

---
- name: Ensure Wireguard server is configure
  template:
    src: templates/wireguard_server.conf
    dest: "/etc/wireguard/{{ interface_name }}.conf"
  notify:
    - Restart Wireguard service

- name: Ensure UFW firewall rule exists
  ufw:
    rule: allow
    port: "{{ listenport }}"
    comment: 'Wireguard server listener'
    proto: udp

- name: Ensure UFW firewall routes
  ufw:
    default: allow
    direction: routed

- name: Ensure IPv4 forwarding works
  sysctl:
    name: net.ipv4.ip_forward
    value: '1'
    sysctl_set: yes

- name: Ensure IPv6 forwarding works
  sysctl:
    name: net.ipv6.conf.all.forwarding
    value: '1'
    sysctl_set: yes

- name: Ensure Wireguard service is running for {{ interface_name }}
  systemd:
    name: "wg-quick@{{ interface_name }}"
    state: started
    daemon_reload: yes

- name: Ensure VPN traffic is enabled
  ufw:
    from_ip: 192.168.2.0/24
    rule: allow
Initial commit with previous code 2022-10-11 09:19:17 +02:00			`---`
			`- name: Ensure Wireguard server is configure`
			`template:`
			`src: templates/wireguard_server.conf`
			`dest: "/etc/wireguard/{{ interface_name }}.conf"`
			`notify:`
			`- Restart Wireguard service`

			`- name: Ensure UFW firewall rule exists`
			`ufw:`
			`rule: allow`
			`port: "{{ listenport }}"`
			`comment: 'Wireguard server listener'`
			`proto: udp`

			`- name: Ensure UFW firewall routes`
			`ufw:`
			`default: allow`
			`direction: routed`

			`- name: Ensure IPv4 forwarding works`
			`sysctl:`
			`name: net.ipv4.ip_forward`
			`value: '1'`
			`sysctl_set: yes`

			`- name: Ensure IPv6 forwarding works`
			`sysctl:`
			`name: net.ipv6.conf.all.forwarding`
			`value: '1'`
			`sysctl_set: yes`

			`- name: Ensure Wireguard service is running for {{ interface_name }}`
			`systemd:`
			`name: "wg-quick@{{ interface_name }}"`
			`state: started`
			`daemon_reload: yes`

			`- name: Ensure VPN traffic is enabled`
			`ufw:`
			`from_ip: 192.168.2.0/24`
			`rule: allow`