Merged client playbook and server playbook

roles/server_native-wireguard/README.md

@@ -0,0 +1,34 @@
+# Role Native Wireguard
+Manages wireguard on host.
+
+## Client
+### Setup wireguard
+```bash
+  pacman -S wireguard-tools
+```
+
+### Create Client Keys
+```bash
+  wg_private_key="$(wg genkey)"
+  wg_public_key="$(echo "$wg_private_key" | wg pubkey)"
+  echo "PrivateKey: $wg_private_key"
+  echo "PublicKey: $wg_public_key"
+  echo "PresharedKey: $(wg genpsk)"
+```
+
+### Activate Configuration
+```bash
+  cp /path/to/wg0.conf /etc/wireguard/wg0.conf
+  systemctl enable wg-quick@wg0.service --now
+```
+
+### Check status
+```bash
+  systemctl status wg-quick@wg0.service
+```
+
+## See
+- https://golb.hplar.ch/2019/01/expose-server-vpn.html
+- https://wiki.archlinux.org/index.php/WireGuard
+- https://wireguard.how/server/raspbian/
+- https://www.scaleuptech.com/de/blog/was-ist-und-wie-funktioniert-subnetting/

roles/server_native-wireguard/handlers/main.yml

@@ -0,0 +1,6 @@
+- name: "restart wireguard"
+  systemd:
+    name: wg-quick@wg0.service
+    state: restarted
+    enabled: yes
+    daemon_reload: yes

roles/server_native-wireguard/tasks/main.yml

@@ -0,0 +1,21 @@
+- name: install wireguard for Arch
+  pacman: name=wireguard-tools state=present
+  when: ansible_os_family == "Archlinux"
+
+- name: install wireguard for Ubuntu
+  apt: name=wireguard state=present
+  when: ansible_os_family == "Debian"
+
+- name: create /etc/wireguard/wg0.conf
+  copy:
+    src: "{{ inventory_dir }}/files/{{ inventory_hostname }}/etc/wireguard/wg0.conf"
+    dest: /etc/wireguard/wg0.conf
+    owner: root
+    group: root
+  notify: restart wireguard
+
+- name: enable ipv4-forwarding
+  shell: sysctl net.ipv4.ip_forward=1
+
+- name: enable ipv6-forwarding
+  shell: sysctl net.ipv6.conf.all.forwarding=1