- name: Install wireguard apt: name: - wireguard - wireguard-tools - name: Create wireguard configuration directory file: path: /etc/wireguard state: directory mode: '700' - name: Check if public key exists stat: path: /etc/wireguard/public.key register: public_key_stats - name: Generate private key shell: wg genkey >/etc/wireguard/private.key args: creates: /etc/wireguard/private.key register: private_key_gen - name: Read private key command: cat /etc/wireguard/private.key register: private_key changed_when: false - name: Generate public key shell: cat /etc/wireguard/private.key | wg pubkey >/etc/wireguard/public.key when: not public_key_stats.stat.exists or private_key_gen.changed - name: Read public key command: cat /etc/wireguard/public.key register: public_key changed_when: false - name: Print public key debug: msg: '{{public_key.stdout}}' - name: Install wireguard configuration template: src: wg0.conf dest: /etc/wireguard/wg0.conf notify: Restart wg0 - name: Enable ipv4 packet forwarding lineinfile: path: /etc/sysctl.conf regexp: '^#?net.ipv4.ip_forward=' line: net.ipv4.ip_forward=1 notify: Reboot