Optimized wireguard for ubuntu

roles/native-apt-update/tasks/main.yml

@@ -1,4 +1,5 @@
 - name: apt update all packages to their latest version
   apt:
-    name: "*"
+    update_cache: yes
-    state: latest
+    upgrade: dist
+    force_apt_get: yes

roles/native-wireguard-behind-firewall/readme.md

@@ -2,3 +2,4 @@
 
 # see
 - https://gist.github.com/insdavm/b1034635ab23b8839bf957aa406b5e39
+- https://wiki.debian.org/iptables

roles/native-wireguard/README.md

@@ -1,10 +1,23 @@
 # Role Native Wireguard
-Manages wireguard natively on host. More information are available in the [Arch wiki](https://wiki.archlinux.org/index.php/WireGuard#Manual_WireGuard_setup).
+Manages wireguard on host.
 
-## Create Client Key
+## Client
-``bash
+### Create Client Keys
-wg genkey | tee peer_A.key | wg pubkey > peer_A.pub
+```bash
-``
+  wg_private_key="$(wg genkey)"
+  wg_public_key="$(echo "$wg_private_key" | wg pubkey)"
+  echo "PrivateKey: $wg_private_key"
+  echo "PublicKey: $wg_public_key"
+  echo "PresharedKey: $(wg genpsk)"
+```
 
-chown root:systemd-network /etc/systemd/network/99-*.netdev
+### Activate Configuration
-chmod 0640 /etc/systemd/network/99-*.netdev
+```bash
+  cp /path/to/wg0.conf /etc/wireguard/wg0.conf
+  systemctl enable wg-quick@wg0.service --now
+```
+
+## See
+- https://golb.hplar.ch/2019/01/expose-server-vpn.html
+- https://wiki.archlinux.org/index.php/WireGuard
+- https://wireguard.how/server/raspbian/

roles/native-wireguard/tasks/main.yml

@@ -1,5 +1,10 @@
-- name: install wireguard
+- name: install wireguard for Arch
   pacman: name=wireguard-tools state=present
+  when: ansible_os_family == "Arch"
+
+- name: install wireguard for Ubuntu
+  apt: name=wireguard state=present
+  when: ansible_os_family == "Debian"
 
 - name: create /etc/wireguard/wg0.conf
   copy: