initial commit, here be dragons

roles/wireguard/tasks/main.yml

@@ -0,0 +1,31 @@
+---
+- name: Activate IP4 forwarding in kernel
+  ansible.posix.sysctl:
+    name: net.ipv4.ip_forward
+    value: '1'
+    sysctl_file: /etc/sysctl.d/99-ip-forwarding.conf
+    state: present
+    reload: yes
+
+- name: Activate IP6 forwarding in kernel
+  ansible.posix.sysctl:
+    name: net.ipv6.conf.all.forwarding
+    value: '1'
+    sysctl_file: /etc/sysctl.d/99-ip-forwarding.conf
+    state: present
+    reload: yes
+
+- name: Provision wireguard tools
+  ansible.builtin.apt: { name: "wireguard-tools" }
+
+- name: Template a-vpn configuration
+  ansible.builtin.template:
+    src: a-vpn.conf.j2
+    dest: /etc/wireguard/a-vpn.conf
+    mode: 0600
+    owner: root
+    group: root
+  notify: [ "Start a-vpn" ]
+
+- name: Flush handlers
+  ansible.builtin.meta: flush_handlers