Initial commit, squashed

roles/firewall/tasks/wireguard.yml

@@ -0,0 +1,26 @@
+# All firewall nodes share one external IP for wireguard connections.
+# Private key and peer configuration is the same for all nodes. Peers
+# connected to each node are installed in the routing table and
+# distributed into fabric.
+
+- name: Install wireguard tools
+  package:
+    name: wireguard-tools
+
+- name: Create wireguard directory
+  file:
+    path: /etc/wireguard
+    state: directory
+
+- name: Touch wireguard config
+  file:
+    path: /etc/wireguard/wg.conf
+    state: touch
+    access_time: preserve
+    modification_time: preserve
+
+- name: Add wireguard interface
+  template:
+    dest: /etc/network/interfaces.d/wg.intf
+    src: wg.intf.j2
+  notify: enable interfaces