wireguard-mesh-network-role/tasks/main.yaml

- name: Get kernel release
  command: 'uname -r'
  register: uname_r_result
  no_log: true

- name: Install packages
  apt:
    name:
      - wireguard
      - linux-headers-{{ uname_r_result.stdout }}
    state: latest
    install_recommends: false

- name: Generate Wireguard keypair
  shell: wg genkey | tee /etc/wireguard/privatekey | wg pubkey | tee /etc/wireguard/publickey
  args:
    creates: /etc/wireguard/privatekey

- name: Register private key
  shell: cat /etc/wireguard/privatekey
  register: wireguard_private_key
  changed_when: false

- name: Register public key
  shell: cat /etc/wireguard/publickey
  register: wireguard_public_key
  changed_when: false

- name: Generate Preshared Key Pair
  shell: "wg genpsk > /etc/wireguard/psk-{{ item }}"
  args:
    creates: "/etc/wireguard/psk-{{ item }}"
  when: inventory_hostname < item
  with_items: "{{ groups['all'] }}"

- name: Register preshared key
  shell: "cat /etc/wireguard/psk-{{ item }}"
  register: wireguard_preshared_key
  changed_when: false
  when: inventory_hostname < item
  with_items: "{{ groups['all'] }}"

- name: Destructure into dictionary
  set_fact: "wireguard_preshared_keys={{ wireguard_preshared_keys|default({}) | combine( {item.item: item.stdout} ) }}"
  when: item.skipped is not defined
  with_items: "{{ wireguard_preshared_key.results }}"

- name: Setup wg0 config
  template:
    src: "wg0.conf.j2"
    dest: /etc/wireguard/wg0.conf
    owner: root
    group: root
    mode: 0600

- name: Check if wg0 interface is up
  shell: "ip link show wg0"
  register: wg0_status
  ignore_errors: true

- name: Stop WireGuard service if wg0 is up
  command: "wg-quick down wg0"
  when: wg0_status.rc == 0

- name: Use wg-quick to setup
  command: "wg-quick up wg0"

- name: Enable wg-quick setup service
  command: "systemctl enable wg-quick@wg0.service"

- name: ping
  command: "ping -c6 -W 3 {{ hostvars[item].wireguard_ip }}"
  with_items: "{{ groups['all'] }}"