diff --git a/roles/wireguard/tasks/main.yml b/roles/wireguard/tasks/main.yml index 73b7bba8..f6b62a9e 100644 --- a/roles/wireguard/tasks/main.yml +++ b/roles/wireguard/tasks/main.yml @@ -3,6 +3,28 @@ pkg: - wireguard +- name: Generate the client keys + local_action: + module: shell + _raw_params: "wg genkey | tee credentials/wireguard/{{ inventory_hostname }}.private.key | wg pubkey > credentials/wireguard/{{ inventory_hostname }}.public.key" + creates: "credentials/wireguard/{{ inventory_hostname }}.private.key" + become: no + +- name: Get client IP + local_action: + module: copy + content: "{{ wireguard_address }}\n" + dest: "credentials/wireguard/{{ inventory_hostname }}.address" + become: no + +- name: Enable NAT on server + sysctl: + name: net.ipv4.ip_forward + value: '1' + sysctl_set: true + state: present + when: wireguard_config is defined and wireguard_config == "server" + - name: configure wireguard template: dest="/etc/wireguard/wg0.conf" @@ -35,4 +57,3 @@ enabled: true masked: false state: started - when: wireguard_config is not defined or wireguard_config == "client"