42 lines
No EOL
919 B
YAML
42 lines
No EOL
919 B
YAML
---
|
|
- name: Ensure Wireguard server is configure
|
|
template:
|
|
src: templates/wireguard_server.conf
|
|
dest: "/etc/wireguard/{{ interface_name }}.conf"
|
|
notify:
|
|
- Restart Wireguard service
|
|
|
|
- name: Ensure UFW firewall rule exists
|
|
ufw:
|
|
rule: allow
|
|
port: "{{ listenport }}"
|
|
comment: 'Wireguard server listener'
|
|
proto: udp
|
|
|
|
- name: Ensure UFW firewall routes
|
|
ufw:
|
|
default: allow
|
|
direction: routed
|
|
|
|
- name: Ensure IPv4 forwarding works
|
|
sysctl:
|
|
name: net.ipv4.ip_forward
|
|
value: '1'
|
|
sysctl_set: yes
|
|
|
|
- name: Ensure IPv6 forwarding works
|
|
sysctl:
|
|
name: net.ipv6.conf.all.forwarding
|
|
value: '1'
|
|
sysctl_set: yes
|
|
|
|
- name: Ensure Wireguard service is running for {{ interface_name }}
|
|
systemd:
|
|
name: "wg-quick@{{ interface_name }}"
|
|
state: started
|
|
daemon_reload: yes
|
|
|
|
- name: Ensure VPN traffic is enabled
|
|
ufw:
|
|
from_ip: 192.168.2.0/24
|
|
rule: allow |