ansible-role-wireguard/tasks/main.yml

---
- name: 'Include asserts'
  include_tasks: 'asserts.yml'

- name: 'Requirements'
  include_tasks: 'requirements.yml'

- name: "Setup {{ wireguard_config | default('wg0') }} configuration"
  template:
    src: "server.conf.j2"
    dest: "/etc/wireguard/{{ wireguard_config | default('wg0') }}.conf"
    owner: root
    group: root
    mode: '0600'
  no_log: "{{no_log|default(true)}}"
  notify: restart wireguard
  tags: ['wireguard']

- name: "Enable and start wireguard service"
  systemd:
    name: wg-quick@{{ wireguard_config | default('wg0') }}
    state: started
    enabled: yes
  tags: ['wireguard']

- name: "Create clients configuration directory for {{ wireguard_config | default('wg0') }}"
  file:
    path: "/etc/wireguard/{{ wireguard_config | default('wg0') }}-clients"
    owner: root
    group: root
    mode: '0600'
    state: directory
  tags: ['wireguard']

- name: "Create configuration for each peer"
  template:
    src: "peer.conf.j2"
    dest: "/etc/wireguard/{{ wireguard_config | default('wg0') }}-clients/{{ item.name }}.conf"
    owner: root
    group: root
    mode: '0600'
  loop: "{{ wireguard_users }}"
  no_log: "{{no_log|default(true)}}"
  notify: restart wireguard
  tags: ['wireguard']