--- - name: Update APT package cache apt: update_cache: true upgrade: dist - name: Ensure WireGuard DKMS package is removed apt: name: - "wireguard-dkms" state: absent - name: Install wireguard package apt: name: "wireguard" state: present - name: Install qrencode package apt: name: "qrencode" state: present - name: Reboot to use new kernel reboot: - name: ensure wireguard services are stopped command: "systemctl stop wg-quick@wg0" - name: generate directories for client configs file: path: "~/wg/client_{{ item }}" state: directory owner: root group: root mode: 0700 with_sequence: start=1 end={{ vpn_clients }} - name: generate private and public keys for the client and server shell: umask 077; wg genkey | tee ~/wg/{{ item }}.private | wg pubkey > ~/wg/{{ item }}.public register: key_files with_sequence: start=0 end={{ vpn_clients }} - name: register private key file contents shell: cat ~/wg/{{ item }}.private register: private_key_files with_sequence: start=0 end={{ vpn_clients }} - name: register public key file contents shell: cat ~/wg/{{ item }}.public register: public_key_files with_sequence: start=0 end={{ vpn_clients }} - name: generate client configs template: src: "wg0-client.conf" dest: "~/wg/client_{{ item }}/wg0-client.conf" owner: root group: root mode: 0600 with_sequence: start=1 end={{ vpn_clients }} - name: generate qr codes for client configs shell: umask 077; qrencode --type=PNG --output=/root/wg/client_{{ item }}/wg0-client.png < ~/wg/client_{{ item }}/wg0-client.conf with_sequence: start=1 end={{ vpn_clients }} - name: generate server config template: src: "wg0.conf" dest: "/etc/wireguard/wg0.conf" owner: root group: root mode: 0600 - name: enable ipv4 traffic forwarding sysctl: name: net.ipv4.ip_forward value: "1" sysctl_set: yes state: present reload: yes - name: ensure wireguard services are enabled command: "systemctl enable wg-quick@wg0" - name: ensure all wireguard services are started command: "systemctl start wg-quick@wg0" - name: download client conf files to the "wireguard_profiles/" folder on your local host fetch: src: "~/wg/client_{{item}}/wg0-client.conf" dest: "wireguard_profiles/{{ ansible_ssh_host }}/client_{{item}}/" flat: yes with_sequence: start=1 end={{ vpn_clients }} - name: download client qr codes to the "wireguard_profiles/" folder on your local host fetch: src: "~/wg/client_{{item}}/wg0-client.png" dest: "wireguard_profiles/{{ ansible_ssh_host }}/client_{{item}}/" flat: yes with_sequence: start=1 end={{ vpn_clients }}