jokester/ansible-playbooks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
29d9f27052c8e497c7135a01e83089d48e1cf498
ansible-playbooks/roles/wireguard/tasks/main.yml
T
Clément Désiles ff3133f8e7 feat: wireguard role allow multiple endpoints
2026-05-29 21:32:08 +02:00

45 lines
1.4 KiB
YAML
Raw Blame History

---
- name: Validate wireguard_tunnels is defined and non-empty
ansible.builtin.assert:
that:
- wireguard_tunnels is defined
- wireguard_tunnels | length > 0
fail_msg: |
wireguard_tunnels must be defined with at least one tunnel.
See roles/wireguard/defaults/main.yml for configuration instructions.
success_msg: "wireguard_tunnels validation passed"
- name: Install wireguard
ansible.builtin.package:
name: "{{ (ansible_facts['os_family'] == 'Archlinux') | ternary('wireguard-tools', 'wireguard') }}"
state: present
# Use systemd-resolved for DNS management (modern approach on all distributions)
# Install systemd-resolvconf to provide resolvconf compatibility wrapper
# "systemd-resolved" is prefered over "openresolv"
- name: Install systemd-resolvconf (Debian only, built into systemd on Arch)
ansible.builtin.package:
name: systemd-resolvconf
state: present
when: ansible_facts['os_family'] == 'Debian'
- name: Ensure systemd-resolved is enabled and started
ansible.builtin.systemd:
name: systemd-resolved
enabled: true
state: started
- name: Ensure wireguard configuration is only owned by root
ansible.builtin.file:
path: "{{ wireguard_config_base_path }}"
owner: root
group: root
mode: "0700"
recurse: true
- name: Configure tunnel
ansible.builtin.include_tasks: tunnel.yml
loop: "{{ wireguard_tunnels }}"
loop_control:
loop_var: _tunnel
Reference in New Issue View Git Blame Copy Permalink