--- - name: Ensure dependencies are installed package: name: "{{ item }}" state: present loop: - wireguard-tools - name: Stat WireGuard config file stat: path: "/etc/wireguard/{{ wireguard_interface }}.conf" register: __wireguard_config_file become: True become_user: root - block: - name: Generate WireGuard private key command: "wg genkey" register: __wireguard_private_key_gen changed_when: false - name: Set private key fact set_fact: wireguard_private_key: "{{ __wireguard_private_key_gen.stdout }}" when: - not __wireguard_config_file.stat.exists - wireguard_private_key is not defined become: True become_user: root - block: - name: Read WireGuard config file slurp: src: "/etc/wireguard/{{ wireguard_interface }}.conf" register: __wireguard_config - name: Set private key fact set_fact: wireguard_private_key: "{{ __wireguard_config['content'] | b64decode | regex_findall('PrivateKey = (.*)') | first }}" when: - __wireguard_config_file.stat.exists - wireguard_private_key is not defined become: True become_user: root - block: - name: Derive WireGuard public key command: "wg pubkey" args: stdin: "{{ wireguard_private_key }}" register: __wireguard_public_key_gen changed_when: False - name: Set public key fact set_fact: __wireguard_public_key: "{{ __wireguard_public_key_gen.stdout }}" - name: Generate WireGuard configuration file template: src: etc/wireguard/wg.conf.j2 dest: "/etc/wireguard/{{ wireguard_interface }}.conf" owner: root group: root mode: 0600 notify: __wireguard_restart - name: Ensure legacy reload-module-on-update is absent file: dest: "/etc/wireguard/.reload-module-on-update" state: absent - name: Ensure WireGuard service is up and running service: name: "wg-quick@{{ wireguard_interface }}" daemon_reload: True enabled: True state: started become: True become_user: root