27 lines
676 B
YAML
27 lines
676 B
YAML
|
# All firewall nodes share one external IP for wireguard connections.
|
||
|
# Private key and peer configuration is the same for all nodes. Peers
|
||
|
# connected to each node are installed in the routing table and
|
||
|
# distributed into fabric.
|
||
|
|
||
|
- name: Install wireguard tools
|
||
|
package:
|
||
|
name: wireguard-tools
|
||
|
|
||
|
- name: Create wireguard directory
|
||
|
file:
|
||
|
path: /etc/wireguard
|
||
|
state: directory
|
||
|
|
||
|
- name: Touch wireguard config
|
||
|
file:
|
||
|
path: /etc/wireguard/wg.conf
|
||
|
state: touch
|
||
|
access_time: preserve
|
||
|
modification_time: preserve
|
||
|
|
||
|
- name: Add wireguard interface
|
||
|
template:
|
||
|
dest: /etc/network/interfaces.d/wg.intf
|
||
|
src: wg.intf.j2
|
||
|
notify: enable interfaces
|