35 lines
856 B
YAML
35 lines
856 B
YAML
---
|
|
- name: install fail2ban service
|
|
apt:
|
|
update_cache: yes
|
|
state: "{% if cloud_update | bool %}latest{% else %}present{% endif %}"
|
|
install_recommends: yes
|
|
pkg: wireguard
|
|
register: wireguard_installed
|
|
|
|
- name: setup key files
|
|
template:
|
|
src: "etc/wireguard/{{ item }}.j2"
|
|
dest: "/etc/wireguard/{{ item }}"
|
|
owner: root
|
|
mode: 0600
|
|
loop:
|
|
- private.key
|
|
- public.key
|
|
notify: restart wireguard service
|
|
|
|
- name: setup wireguard config
|
|
template:
|
|
src: "etc/wireguard/wireguard-{% if wireguard_is_gateway %}server{% else %}client{% endif %}.conf.j2"
|
|
dest: "/etc/wireguard/{{ cloud_name }}.conf"
|
|
owner: root
|
|
mode: 0600
|
|
notify: restart wireguard service
|
|
|
|
- name: enable wireguard systemd unit
|
|
systemd:
|
|
name: wg-quick@{{ cloud_name }}
|
|
enabled: yes
|
|
daemon_reload: yes
|
|
state: started
|