python-support-infra/roles/host/network_wg0/tasks/main.yml

#################### 
# - Check Variables
#################### 
- name: "[Play] Check Variables"
  assert:
    that:
      - "hosts_wg0 is defined"

- name: "[Host][localhost] Check Variables"
  assert:
    that:
      - "hostvars['localhost'].nodes_to_ipv4s_private is defined"

- name: "[Host] Check Variables"
  assert:
    that:
      - "wg0_private_key is defined"
      - "wg0_public_key is defined"
      - "wg0_ip is defined"
  with_items: "{{ hosts_wg0 }}"
    
- name: "[Special][Inter-Host PSKs] Check Variables"
  assert:
    that:
      - "'wg0_psk_' ~ item is defined"
  with_items: "{{ hosts_wg0 }}"
  when: "item != inventory_hostname"

#################### 
# - Wireguard
#################### 
- name: "Install Wireguard Tools"
  ansible.builtin.apt:
    state: "present"
    name: "wireguard"

- name: "systemd-networkd: Install wg0 Device"
  template:
    src: "{{ role_path }}/templates/99-wg0.netdev"
    dest: "/etc/systemd/network/99-wg0.netdev"
    owner: "root"
    group: "systemd-network"
    mode: "0640"
  notify: "restart systemd-networkd"

- name: "systemd-networkd: Install wg0 Network"
  template:
    src: "{{ role_path }}/templates/99-wg0.network"
    dest: "/etc/systemd/network/99-wg0.network"
    owner: "root"
    group: "systemd-network"
    mode: "0640"
  notify: "restart systemd-networkd"

#################### 
# - Wireguard - Enable Packet Forwarding
#################### 
- name: "Set net.ipv4.ip_forward = 1"
  sysctl:
    state: "present"
    name: "net.ipv4.ip_forward"
    value: "1"
    reload: "yes"
  notify: "restart systemd-networkd"

- name: "Run Notified Handlers"
  meta: "flush_handlers"
refactor!: Playbooks into reusable roles. Also solving several issues along the way. Progress on #18. Closes #15. Closes #13. Closes #10. Closes #16. 2023-08-21 09:03:34 +02:00			`####################`
			`# - Check Variables`
			`####################`
			`- name: "[Play] Check Variables"`
			`assert:`
			`that:`
			`- "hosts_wg0 is defined"`

			`- name: "[Host][localhost] Check Variables"`
			`assert:`
			`that:`
			`- "hostvars['localhost'].nodes_to_ipv4s_private is defined"`

			`- name: "[Host] Check Variables"`
			`assert:`
			`that:`
			`- "wg0_private_key is defined"`
			`- "wg0_public_key is defined"`
			`- "wg0_ip is defined"`
			`with_items: "{{ hosts_wg0 }}"`

			`- name: "[Special][Inter-Host PSKs] Check Variables"`
			`assert:`
			`that:`
			`- "'wg0_psk_' ~ item is defined"`
			`with_items: "{{ hosts_wg0 }}"`
			`when: "item != inventory_hostname"`

			`####################`
			`# - Wireguard`
			`####################`
			`- name: "Install Wireguard Tools"`
			`ansible.builtin.apt:`
			`state: "present"`
			`name: "wireguard"`

			`- name: "systemd-networkd: Install wg0 Device"`
			`template:`
			`src: "{{ role_path }}/templates/99-wg0.netdev"`
			`dest: "/etc/systemd/network/99-wg0.netdev"`
			`owner: "root"`
			`group: "systemd-network"`
			`mode: "0640"`
			`notify: "restart systemd-networkd"`

			`- name: "systemd-networkd: Install wg0 Network"`
			`template:`
			`src: "{{ role_path }}/templates/99-wg0.network"`
			`dest: "/etc/systemd/network/99-wg0.network"`
			`owner: "root"`
			`group: "systemd-network"`
			`mode: "0640"`
			`notify: "restart systemd-networkd"`

			`####################`
			`# - Wireguard - Enable Packet Forwarding`
			`####################`
			`- name: "Set net.ipv4.ip_forward = 1"`
			`sysctl:`
			`state: "present"`
			`name: "net.ipv4.ip_forward"`
			`value: "1"`
			`reload: "yes"`
			`notify: "restart systemd-networkd"`

			`- name: "Run Notified Handlers"`
			`meta: "flush_handlers"`