--- - name: install wireguard interfaces (netdev) loop: "{{ wireguard_gateway_tunnels | dict2items }}" loop_control: label: "{{ item.key }}" template: src: systemd.netdev.j2 dest: "/etc/systemd/network/{{ item.key }}.netdev" mode: 0640 group: systemd-network notify: restart systemd-networkd - name: install wireguard interfaces (network) loop: "{{ wireguard_gateway_tunnels | dict2items }}" loop_control: label: "{{ item.key }}" template: src: systemd.network.j2 dest: "/etc/systemd/network/{{ item.key }}.network" notify: restart systemd-networkd - name: enable systemd-networkd systemd: name: systemd-networkd enabled: yes state: started - name: create iptables service unit loop: "{{ wireguard_gateway_tunnels | dict2items }}" loop_control: label: "{{ item.key }}" when: "'ip_snat' in item.value or 'port_forwardings' in item.value" template: src: systemd-iptables.service.j2 dest: "/etc/systemd/system/wireguard-gateway-{{ item.key }}-iptables.service" - name: enable/start iptables service unit loop: "{{ wireguard_gateway_tunnels | dict2items }}" loop_control: label: "{{ item.key }}" when: "'ip_snat' in item.value or 'port_forwardings' in item.value" systemd: daemon_reload: yes name: "wireguard-gateway-{{ item.key }}-iptables.service" enabled: yes state: started - name: install workaround for default-gateway handling loop: "{{ wireguard_gateway_tunnels | dict2items }}" loop_control: label: "{{ item.key }}" when: "'default_gateway' in item.value" template: src: systemd-fix-default-gw.service.j2 dest: "/etc/systemd/system/wireguard-gateway-{{ item.key }}-fix-default-gw.service" - name: enable/start workaround for default-gateway handling loop: "{{ wireguard_gateway_tunnels | dict2items }}" loop_control: label: "{{ item.key }}" when: "'default_gateway' in item.value" systemd: daemon_reload: yes name: "wireguard-gateway-{{ item.key }}-fix-default-gw.service" enabled: yes state: started