algo/roles/wireguard/tasks/main.yml

---
- name: WireGuard repository configured
  apt_repository:
    repo: ppa:wireguard/wireguard
    state: present
  register: result
  until: result is succeeded
  retries: 10
  delay: 3

- name: WireGuard installed
  apt:
    name: wireguard
    state: present
    update_cache: true

- name: Configure unattended-upgrades
  copy:
    src: 50-wireguard-unattended-upgrades
    dest: /etc/apt/apt.conf.d/50-wireguard-unattended-upgrades
    owner: root
    group: root
    mode: 0644

- name: Ensure the required directories exist
  file:
    dest: "{{ wireguard_config_path }}/{{ item }}"
    state: directory
    recurse: true
  with_items:
    - private
    - public
  delegate_to: localhost
  become: false

- name: Generate keys
  import_tasks: keys.yml
  tags: update-users

- name: WireGuard configured
  template:
    src: server.conf.j2
    dest: "/etc/wireguard/{{ wireguard_interface }}.conf"
    mode: "0600"
  notify: restart wireguard
  tags: update-users

- name: WireGuard reload-module-on-update
  file:
    dest: /etc/wireguard/.reload-module-on-update
    state: touch

- name: WireGuard users config generated
  template:
    src: client.conf.j2
    dest: "{{ wireguard_config_path }}/{{ item.1 }}.conf"
    mode: "0600"
  with_indexed_items: "{{ users }}"
  tags: update-users
  delegate_to: localhost
  become: false

- name: WireGuard enabled and started
  service:
    name: "wg-quick@{{ wireguard_interface }}"
    state: started
    enabled: true

- meta: flush_handlers
Add WireGuard support for Android (#910) * WireGuard Implementation * Update client-android.md * Update README.md * WireGuard unattended upgrades * Update README.md * reload-module-on-update and syntax fix * SaveConfig to true * Azure firewall. Fixes #962 * Update README.md * Update client-android.md 6 years ago			`---`
			`- name: WireGuard repository configured`
			`apt_repository:`
			`repo: ppa:wireguard/wireguard`
			`state: present`
apt_repository fix (#1017) 6 years ago			`register: result`
Large refactor to support Ansible 2.5 (#976) * Refactoring, booleans declaration and update users fix * Make server_name more FQDN compatible * Rename variables * Define the default value for store_cakey * Skip a prompt about the SSH user if deploying to localhost * Disable reboot for non-cloud deployments * Enable EC2 volume encryption by default * Add default server value (localhost) for the local installation Delete empty files * Add default region to aws_region_facts * Update docs * EC2 credentials fix * Warnings fix * Update deploy-from-ansible.md * Fix a typo * Remove lightsail from the docs * Disable EC2 encryption by default * rename droplet to server * Disable dependencies * Disable tls_cipher_suite * Convert wifi-exclude to a string. Update-users fix * SSH access congrats fix * 16.04 > 18.04 * Dont ask for the credentials if specified in the environment vars * GCE server name fix 6 years ago			`until: result is succeeded`
apt_repository fix (#1017) 6 years ago			`retries: 10`
			`delay: 3`
Add WireGuard support for Android (#910) * WireGuard Implementation * Update client-android.md * Update README.md * WireGuard unattended upgrades * Update README.md * reload-module-on-update and syntax fix * SaveConfig to true * Azure firewall. Fixes #962 * Update README.md * Update client-android.md 6 years ago
			`- name: WireGuard installed`
			`apt:`
			`name: wireguard`
			`state: present`
			`update_cache: true`

Split up unattended upgrades (#1041) 6 years ago			`- name: Configure unattended-upgrades`
			`copy:`
			`src: 50-wireguard-unattended-upgrades`
			`dest: /etc/apt/apt.conf.d/50-wireguard-unattended-upgrades`
			`owner: root`
			`group: root`
			`mode: 0644`

Add WireGuard support for Android (#910) * WireGuard Implementation * Update client-android.md * Update README.md * WireGuard unattended upgrades * Update README.md * reload-module-on-update and syntax fix * SaveConfig to true * Azure firewall. Fixes #962 * Update README.md * Update client-android.md 6 years ago			`- name: Ensure the required directories exist`
			`file:`
			`dest: "{{ wireguard_config_path }}/{{ item }}"`
			`state: directory`
			`recurse: true`
			`with_items:`
			`- private`
			`- public`
			`delegate_to: localhost`
			`become: false`

			`- name: Generate keys`
			`import_tasks: keys.yml`
			`tags: update-users`

			`- name: WireGuard configured`
			`template:`
			`src: server.conf.j2`
			`dest: "/etc/wireguard/{{ wireguard_interface }}.conf"`
			`mode: "0600"`
			`notify: restart wireguard`
			`tags: update-users`

			`- name: WireGuard reload-module-on-update`
			`file:`
			`dest: /etc/wireguard/.reload-module-on-update`
			`state: touch`

			`- name: WireGuard users config generated`
			`template:`
			`src: client.conf.j2`
			`dest: "{{ wireguard_config_path }}/{{ item.1 }}.conf"`
			`mode: "0600"`
			`with_indexed_items: "{{ users }}"`
			`tags: update-users`
			`delegate_to: localhost`
			`become: false`

			`- name: WireGuard enabled and started`
			`service:`
			`name: "wg-quick@{{ wireguard_interface }}"`
			`state: started`
			`enabled: true`

			`- meta: flush_handlers`