add wg to sys and rename cfg

install-software.yaml

@@ -19,3 +19,4 @@
     - firewall
     - fail2ban
     - rsync
+    - wireguard

roles/wireguard/defaults/main.yml

@@ -0,0 +1,5 @@
+---
+wireguard_interface: wg0
+wireguard_config_src: "wg0.conf"
+wireguard_config_dest: "/etc/wireguard/wg0.conf"
+

roles/wireguard/files/wg0.conf

@@ -0,0 +1,12 @@
+[Interface]
+PrivateKey = 0JbU1C+rJSj7PWXPABZy3+fRR0UU5Hf0lRy6BIE2Smg=
+Address = 10.0.0.3/32
+DNS = 1.1.1.1, 1.0.0.1
+MTU = 1420
+
+[Peer]
+PublicKey = h31B3s731FwhWnbrnmDr4swVz25LuOJ3xAhhstH+sTg=
+AllowedIPs = 10.0.0.0/24
+PersistentKeepalive = 25
+Endpoint = 192.168.1.116:48129
+PresharedKey = tajJo61lYJ6E/PvOktpVkL3spBGEeUp65yvye5Jx1Ys=

roles/wireguard/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+- name: Restart wireguard
+  systemd:
+    name: "wg-quick@{{ wireguard_interface }}"
+    state: restarted
+

roles/wireguard/tasks/main.yml

@@ -0,0 +1,31 @@
+---
+- name: Установить wireguard (Debian/Ubuntu)
+  apt:
+    name: wireguard
+    state: present
+    update_cache: true
+  when: ansible_os_family == "Debian"
+
+- name: Создать каталог /etc/wireguard
+  file:
+    path: /etc/wireguard
+    state: directory
+    owner: root
+    group: root
+    mode: "0700"
+
+- name: Скопировать конфиг интерфейса
+  copy:
+    src: "{{ wireguard_config_src }}"
+    dest: "{{ wireguard_config_dest }}"
+    owner: root
+    group: root
+    mode: "0600"
+  notify: Restart wireguard
+
+- name: Включить и запустить сервис
+  systemd:
+    name: "wg-quick@{{ wireguard_interface }}"
+    enabled: true
+    state: started
+