diff options
Diffstat (limited to 'roles/network/wireguard/gateway/tasks/main.yml')
| -rw-r--r-- | roles/network/wireguard/gateway/tasks/main.yml | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/roles/network/wireguard/gateway/tasks/main.yml b/roles/network/wireguard/gateway/tasks/main.yml new file mode 100644 index 00000000..bc14db1b --- /dev/null +++ b/roles/network/wireguard/gateway/tasks/main.yml @@ -0,0 +1,68 @@ +--- +- name: install wireguard interfaces (netdev) + loop: "{{ wireguard_gateway_tunnels | dict2items }}" + loop_control: + label: "{{ item.key }}" + template: + src: systemd.netdev.j2 + dest: "/etc/systemd/network/{{ item.key }}.netdev" + mode: 0640 + group: systemd-network + notify: restart systemd-networkd + +- name: install wireguard interfaces (network) + loop: "{{ wireguard_gateway_tunnels | dict2items }}" + loop_control: + label: "{{ item.key }}" + template: + src: systemd.network.j2 + dest: "/etc/systemd/network/{{ item.key }}.network" + notify: restart systemd-networkd + +- name: enable systemd-networkd + systemd: + name: systemd-networkd + enabled: yes + state: started + + +- name: create iptables service unit + loop: "{{ wireguard_gateway_tunnels | dict2items }}" + loop_control: + label: "{{ item.key }}" + when: "'ip_snat' in item.value or 'port_forwardings' in item.value" + template: + src: systemd-iptables.service.j2 + dest: "/etc/systemd/system/wireguard-gateway-{{ item.key }}-iptables.service" + +- name: enable/start iptables service unit + loop: "{{ wireguard_gateway_tunnels | dict2items }}" + loop_control: + label: "{{ item.key }}" + when: "'ip_snat' in item.value or 'port_forwardings' in item.value" + systemd: + daemon_reload: yes + name: "wireguard-gateway-{{ item.key }}-iptables.service" + enabled: yes + state: started + + +- name: install workaround for default-gateway handling + loop: "{{ wireguard_gateway_tunnels | dict2items }}" + loop_control: + label: "{{ item.key }}" + when: "'default_gateway' in item.value" + template: + src: systemd-fix-default-gw.service.j2 + dest: "/etc/systemd/system/wireguard-gateway-{{ item.key }}-fix-default-gw.service" + +- name: enable/start workaround for default-gateway handling + loop: "{{ wireguard_gateway_tunnels | dict2items }}" + loop_control: + label: "{{ item.key }}" + when: "'default_gateway' in item.value" + systemd: + daemon_reload: yes + name: "wireguard-gateway-{{ item.key }}-fix-default-gw.service" + enabled: yes + state: started |