| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354 |
- ---
- - name: Install wireguard-tools
- yum:
- name: wireguard-tools
- state: installed
- - name: Copy wireguard config
- template:
- src: wg.conf.j2
- dest: /etc/wireguard/{{ wg_interface }}.conf
- owner: root
- group: root
- mode: '0644'
- notify:
- - Restart wireguard interface
- - name: Add {{ wg_interface }} to external zone
- firewalld:
- zone: external
- interface: "{{ wg_interface }}"
- permanent: yes
- state: enabled
- - name: Add {{ ansible_interfaces | sort | first }} to internal zone
- firewalld:
- zone: internal
- interface: "{{ ansible_interfaces | sort | first }}"
- permanent: yes
- state: enabled
- - name: Allow source networks to use wireguard
- firewalld:
- source: "{{ item }}"
- zone: external
- state: enabled
- permanent: yes
- with_items:
- - "{{ allowed_access_cidrs }}"
-
- - name: Allow services
- firewalld:
- zone: external
- service: "{{ item }}"
- state: enabled
- permanent: yes
- immediate: yes
- with_items:
- - "{{ allowed_services }}"
- - name: Start/Enable {{ wg_interface }} interface
- systemd:
- name: wg-quick@{{ wg_interface }}
- state: started
- enabled: yes
|
