3 files changed, 40 insertions, 0 deletions

diff --git a/roles/wireguard/defaults/main.yml b/roles/wireguard/defaults/main.yml
new file mode 100644
index 0000000..67964a5
--- /dev/null
+++ b/roles/wireguard/defaults/main.yml
@@ -0,0 +1,2 @@
+wg_name: wg0
+wg_listen_port: 51280
diff --git a/roles/wireguard/tasks/main.yml b/roles/wireguard/tasks/main.yml
new file mode 100644
index 0000000..2512b59
--- /dev/null
+++ b/roles/wireguard/tasks/main.yml
@@ -0,0 +1,23 @@
+- name: Set up Wireguard
+  become: true
+  block:
+  - name: Install wireguard-tools
+    ansible.builtin.apt:
+      install_recommends: false
+      name: wireguard-tools
+      state: present
+  
+  - name: Config file
+    ansible.builtin.template:
+      src: wg0.conf
+      dest: '/etc/wireguard/{{ wg_name }}.conf'
+      owner: root
+      group: root
+      mode: '600'
+    register: config
+  
+  - name: Restart wg-quick service
+    ansible.builtin.systemd_service:
+      name: 'wg-quick@{{ wg_name }}'
+      state: restarted
+    when: config.changed
diff --git a/roles/wireguard/templates/wg0.conf b/roles/wireguard/templates/wg0.conf
new file mode 100644
index 0000000..9e6f4c6
--- /dev/null
+++ b/roles/wireguard/templates/wg0.conf
@@ -0,0 +1,15 @@
+[Interface]
+PrivateKey = {{ wg_private_key }}
+Address = {{ wg_addr4 }}, {{ wg_addr6 }}
+ListenPort = {{ wg_listen_port }}
+{% if wg_peers is defined %}
+{% for peer in wg_peers %}
+
+[Peer]
+PublicKey = {{ peer.public_key }}
+{% if peer.preshared_key is defined %}
+PresharedKey = {{ peer.preshared_key }}
+{% endif %}
+AllowedIPs = {{ peer.addr4 }}/32, {{ peer.addr6 }}/128
+{% endfor %}
+{% endif %}