tenseleyflow/shithub / c22a906

Browse files

S37: Ansible wireguard role

Authored by espadonne
SHA
c22a90687505cc6439b9638a40eadfcd7b3edf11
Parents
07941aa
Tree
9a5ffd8

2 changed files

StatusFile+-
A deploy/ansible/roles/wireguard/handlers/main.yml 3 0
A deploy/ansible/roles/wireguard/tasks/main.yml 15 0
deploy/ansible/roles/wireguard/handlers/main.ymladded
@@ -0,0 +1,3 @@
1
+---
2
+- name: restart wg-quick
3
+  systemd: { name: wg-quick@wg0, state: restarted, enabled: yes }
deploy/ansible/roles/wireguard/tasks/main.ymladded
@@ -0,0 +1,15 @@
1
+---
2
+# SPDX-License-Identifier: AGPL-3.0-or-later
3
+# WireGuard peer config — droplet ↔ bare-metal monitoring host.
4
+- name: WireGuard — install
5
+  apt: { name: wireguard, state: present }
6
+
7
+- name: wg0.conf — render
8
+  template:
9
+    src: "{{ playbook_dir }}/../wireguard/wg0.conf.j2"
10
+    dest: /etc/wireguard/wg0.conf
11
+    mode: "0600"
12
+  notify: restart wg-quick
13
+
14
+- name: wg-quick@wg0 — enabled + started
15
+  systemd: { name: wg-quick@wg0, state: started, enabled: yes }