--- - name: Install wireguard ansible.builtin.apt: name: - wireguard - ufw state: present - name: Get node ips from dns records ansible.builtin.shell: "dig +short {{ item }} | tail -n1" register: wireguard_node_ip with_items: "{{ groups['wireguard-mesh'] }}" - name: Massage node ips ansible.builtin.set_fact: > wireguard_node_ips={{ wireguard_node_ips|default({}) | combine( {item.item: item.stdout} ) }} with_items: "{{ wireguard_node_ip.results }}" - name: Allow wireguard endpoint ufw ansible.builtin.ufw: rule: allow port: "{{ wireguard_listen_port }}" proto: 'udp' - name: Generate Wireguard keypair ansible.builtin.shell: > wg genkey | tee /etc/wireguard/privatekey | wg pubkey | tee /etc/wireguard/publickey args: creates: /etc/wireguard/privatekey - name: Register private key ansible.builtin.shell: cat /etc/wireguard/privatekey register: wireguard_private_key changed_when: false - name: Register public key ansible.builtin.shell: cat /etc/wireguard/publickey register: wireguard_public_key changed_when: false - name: Generate Preshared keyskeypair ansible.builtin.shell: "wg genpsk > /etc/wireguard/psk-{{ item }}" args: creates: "/etc/wireguard/psk-{{ item }}" when: inventory_hostname < item with_items: "{{ groups['wireguard-mesh'] }}" - name: Register preshared key ansible.builtin.shell: "cat /etc/wireguard/psk-{{ item }}" register: wireguard_preshared_key changed_when: false when: inventory_hostname < item with_items: "{{ groups['wireguard-mesh'] }}" - name: Massage preshared keys ansible.builtin.set_fact: > wireguard_preshared_keys={{ wireguard_preshared_keys|default({}) | combine( {item.item: item.stdout} ) }} when: item.skipped is not defined with_items: "{{ wireguard_preshared_key.results }}" - name: Build config ansible.builtin.template: src: inframesh.conf.j2 dest: /etc/wireguard/inframesh.conf owner: root mode: 0640 - name: Enable wireguard ansible.builtin.systemd: name: wg-quick@inframesh enabled: true - name: Hotreload wireguard ansible.builtin.shell: > bash -c "wg syncconf inframesh <(wg-quick strip inframesh)"