Generate Wireguard keys

infra/modules/vpn/ansible/main.yml

@@ -7,5 +7,8 @@
 
 - hosts: all
   become: yes
+  tasks:
+    - apt:
+        update_cache: yes
   roles:
     - name: wireguard

infra/modules/vpn/ansible/roles/wireguard/tasks/main.yml

@@ -1,4 +1,18 @@
 - name: Install Wireguard
   apt:
     name: wireguard
-    update_cache: yes
+
+- name: Generate Wireguard keypair
+  shell: wg genkey | tee /etc/wireguard/privatekey | wg pubkey | tee /etc/wireguard/publickey
+  args:
+    creates: /etc/wireguard/privatekey
+
+- name: Register private key
+  shell: cat /etc/wireguard/privatekey
+  register: wireguard_private_key
+  changed_when: false
+
+- name: Register public key
+  shell: cat /etc/wireguard/publickey
+  register: wireguard_public_key
+  changed_when: false

infra/modules/vpn/ansible/roles/wireguard/templates/wg0.conf.j2

@@ -0,0 +1,6 @@
+[Interface]
+Address = {{ interface }}.1
+ListenPort = 51820
+PrivateKey = {{ wireguard_private_key }}
+PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE