33 lines
659 B
YAML
33 lines
659 B
YAML
---
|
|
- name: Ensure wireguard is present
|
|
apt:
|
|
name: wireguard-tools
|
|
state: present
|
|
default_release: buster-backports
|
|
register: wireguard
|
|
|
|
- name: Ensure wireguard configuration is present
|
|
template:
|
|
src: templates/wireguard.conf.j2
|
|
dest: "/etc/wireguard/dns.conf"
|
|
owner: root
|
|
group: root
|
|
mode: 0600
|
|
notify: restart wireguard
|
|
|
|
- name: Enable IPv4 forwarding
|
|
sysctl:
|
|
name: net.ipv4.ip_forward
|
|
value: 1
|
|
reload: yes
|
|
|
|
- name: Reboot to allow wireguard to start
|
|
reboot:
|
|
when: wireguard.changed
|
|
|
|
- name: Ensure wireguard is enabled
|
|
systemd:
|
|
name: wg-quick@dns.service
|
|
state: started
|
|
enabled: yes
|