# All firewall nodes share one external IP for wireguard connections.
# Private key and peer configuration is the same for all nodes. Peers
# connected to each node are installed in the routing table and
# distributed into fabric.

- name: Install wireguard tools
  package:
    name: wireguard-tools

- name: Create wireguard directory
  file:
    path: /etc/wireguard
    state: directory

- name: Touch wireguard config
  file:
    path: /etc/wireguard/wg.conf
    state: touch
    access_time: preserve
    modification_time: preserve

- name: Add wireguard interface
  template:
    dest: /etc/network/interfaces.d/wg.intf
    src: wg.intf.j2
  notify: enable interfaces