Refactor systemctl services and timers

- Unified service templates into generic systemctl templates
- Introduced reusable filter plugins for script path handling
- Updated path variables and service/timer definitions
- Migrated roles (backup, cleanup, repair, etc.) to use systemctl role
- Added sys-daemon role for core systemd cleanup
- Simplified timer handling via sys-timer role

Note: This is a large refactor and some errors may still exist. Further testing and adjustments will be needed.

roles/svc-net-wireguard-plain/Administration.md

@@ -0,0 +1,11 @@
+# Administration
+
+## Create Client Keys
+
+```bash
+  wg_private_key="$(wg genkey)"
+  wg_public_key="$(echo "$wg_private_key" | wg pubkey)"
+  echo "PrivateKey: $wg_private_key"
+  echo "PublicKey: $wg_public_key"
+  echo "PresharedKey: $(wg genpsk)"
+```

roles/svc-net-wireguard-plain/README.md

@@ -0,0 +1,37 @@
+# Wireguard Client
+
+## Description
+
+This role manages WireGuard on a client system. It sets up essential services and scripts to configure and optimize WireGuard connectivity.
+
+## Overview
+
+Optimized for client configurations, this role:
+- Deploys a systemd service (`set-mtu{{ SYS_SERVICE_SUFFIX }}`) and its associated script to set the MTU on specified network interfaces.
+- Uses a Jinja2 template to generate the `set-mtu.sh` script.
+- Ensures that the MTU is configured correctly before starting WireGuard with [wg-quick](https://www.wireguard.com/quickstart/).
+
+## Purpose
+
+The primary purpose of this role is to configure WireGuard on a client by setting appropriate MTU values on network interfaces. This ensures a stable and optimized VPN connection.
+
+## Features
+
+- **MTU Configuration:** Deploys a template-based script to set the MTU on all defined internet interfaces.
+- **Systemd Service Integration:** Creates and manages a systemd service to execute the MTU configuration script.
+- **Administration Support:** For client key creation and further setup, please refer to the [Administration](./Administration.md) file.
+- **Modular Design:** Easily integrates with other WireGuard roles or network configuration roles.
+
+## Other Resources
+
+- [WireGuard Documentation](https://www.wireguard.com/)
+- [ArchWiki: WireGuard](https://wiki.archlinux.org/index.php/WireGuard)
+- [WireGuard on Raspbian](https://wireguard.how/server/raspbian/)
+- [Subnetting Basics](https://www.scaleuptech.com/de/blog/was-ist-und-wie-funktioniert-subnetting/)
+- [WireGuard Permissions Issue Discussion](https://bodhilinux.boards.net/thread/450/wireguard-rtnetlink-answers-permission-denied)
+- [SSH Issues with WireGuard](https://stackoverflow.com/questions/69140072/unable-to-ssh-into-wireguard-ip-until-i-ping-another-srv-from-inside-the-serv)
+- [UFW and SSH via WireGuard](https://unix.stackexchange.com/questions/717172/why-is-ufw-blocking-acces-to-ssh-via-wireguard)
+- [OpenWrt Forum Discussion on WireGuard](https://forum.openwrt.org/t/cannot-ssh-to-clients-on-lan-when-accessing-router-via-wireguard-client/132709/3)
+- [WireGuard Connection Dies on Ubuntu](https://serverfault.com/questions/1086297/wireguard-connection-dies-on-ubuntu-peer)
+- [SSH Fails with WireGuard IP](https://unix.stackexchange.com/questions/624987/ssh-fails-to-start-when-listenaddress-is-set-to-wireguard-vpn-ip)
+- [WireGuard NAT and Firewall Issues](https://serverfault.com/questions/210408/cannot-ssh-debug1-expecting-ssh2-msg-kex-dh-gex-reply)

roles/svc-net-wireguard-plain/defaults/main.yml

@@ -0,0 +1 @@
+internet_interfaces: []

roles/svc-net-wireguard-plain/meta/main.yml

@@ -0,0 +1,27 @@
+---
+galaxy_info:
+  author: "Kevin Veen-Birkenbach"
+  description: "Manages WireGuard on a client system by deploying services and scripts to set MTU on network interfaces and ensure optimal VPN connectivity."
+  license: "Infinito.Nexus NonCommercial License"
+  license_url: "https://s.infinito.nexus/license"
+  company: |
+    Kevin Veen-Birkenbach
+    Consulting & Coaching Solutions
+    https://www.veen.world
+  min_ansible_version: "2.9"
+  platforms:
+    - name: Linux
+      versions:
+        - all
+  galaxy_tags:
+    - wireguard
+    - vpn
+    - client
+    - mtu
+    - systemd
+    - configuration
+  repository: "https://s.infinito.nexus/code"
+  issue_tracker_url: "https://s.infinito.nexus/issues"
+  documentation: "https://docs.infinito.nexus"
+dependencies:
+  - svc-net-wireguard-core

roles/svc-net-wireguard-plain/tasks/main.yml

@@ -0,0 +1,2 @@
+- include_role:
+    name: sys-systemctl

roles/svc-net-wireguard-plain/templates/script.sh.j2

@@ -0,0 +1,4 @@
+#!/bin/bash
+{% for internet_interface in internet_interfaces %}
+ip li set mtu 1400 dev {{internet_interface}}
+{% endfor %}

roles/svc-net-wireguard-plain/templates/systemctl.service.j2

@@ -0,0 +1,10 @@
+[Unit]
+Description=set MTU 
+Before=wg-quick@wg0{{ SYS_SERVICE_SUFFIX }}
+
+[Service]
+Type=oneshot
+ExecStart=bash {{ systemctl_id | get_service_script_path('sh') }}
+
+[Install]
+RequiredBy=wg-quick@wg0{{ SYS_SERVICE_SUFFIX }}

roles/svc-net-wireguard-plain/vars/main.yml

@@ -0,0 +1,2 @@
+application_id: svc-net-wireguard-plain
+systemctl_id:   "{{ application_id }}"