--- - name: Packages ansible.builtin.include_tasks: install.yml tags: install - name: Check for existence of private key ansible.builtin.stat: path: /etc/wireguard/private.key register: _private_key - name: Generate keypair ansible.builtin.include_tasks: tasks/generate_keypair.yml when: not _private_key.stat.exists - name: Save private key ansible.builtin.template: src: templates/keyfile.j2 dest: /etc/wireguard/private.key owner: root group: root mode: 0700 vars: key: "{{ wg_private_key }}" when: not _private_key.stat.exists - name: Save public key ansible.builtin.template: src: templates/keyfile.j2 dest: /etc/wireguard/public.key owner: root group: root mode: 0700 vars: key: "{{ wg_public_key }}" when: not _private_key.stat.exists - name: Set dns_command for co-openSUSE ansible.builtin.set_fact: wg_dns_command: "resolvectl dns %i {{ wg_gateway }}; resolvectl domain %i ~{{ wg_domain }}" when: '"openSUSE" not in ansible_distribution' - name: Set dns_command for openSUSE ansible.builtin.set_fact: wg_dns_command: "nmcli con mod %i ipv4.dns {{ wg_gateway }}; nmcli con mod %i ipv4.dns-search ~{{ wg_domain }}" when: '"openSUSE" in ansible_distribution' - name: Create the config vars: address: "{{ wg_address }}" dns_command: "{{ wg_dns_command }}" domain: "{{ wg_domain }}" gateway: "{{ wg_gateway }}" peers: "{{ wg_peers }}" ansible.builtin.template: src: "templates/wg.conf" dest: "/etc/wireguard/{{ wg_ifname }}.conf" owner: root group: root mode: "0600" - name: Set up the DNS on AlmaLinux ansible.builtin.include_tasks: "dns_{{ ansible_distribution }}.yml" when: wg_domain and ansible_distribution == "AlmaLinux" - name: Enable and start the wireguard connection ansible.builtin.service: name: "wg-quick@{{ wg_ifname }}" enabled: yes state: started