- name: Copy Wireguard configuration files become: true ansible.builtin.template: src: "{{ item.src }}" dest: "{{ item.dest }}" owner: root group: systemd-network mode: "0640" loop: - src: "templates/network/wireguard/default/wg0.netdev.j2" dest: "/etc/systemd/network/wg0.netdev" - src: "templates/network/wireguard/default/wg0.network.j2" dest: "/etc/systemd/network/wg0.network" notify: restart systemd-networkd - name: Create Wireguard directories become: true ansible.builtin.file: path: "{{ item }}" owner: root group: systemd-network mode: "0750" state: directory recurse: true loop: - "{{ vpn_config_dir }}" - "{{ vpn_server_public_key_path | dirname }}" - "{{ vpn_server_key_path | dirname }}" - name: Copy Wireguard server credentials become: true ansible.builtin.copy: src: "{{ item.src }}" dest: "{{ item.dest }}" owner: root group: systemd-network mode: "0640" loop: - src: "files/wireguard/default/server.pub" dest: "{{ vpn_server_public_key_path }}" - src: "files/wireguard/default/server.key" dest: "{{ vpn_server_key_path }}" notify: restart systemd-networkd - name: Copy Wireguard mobile credentials become: true ansible.builtin.copy: src: "{{ item.src }}" dest: "{{ item.dest }}" owner: root group: systemd-network mode: "0640" loop: - src: "files/wireguard/default/mobile.pub" dest: "{{ vpn_config_dir }}/keys/public/mobile.pub" - src: "files/wireguard/default/mobile.key" dest: "{{ vpn_config_dir }}/keys/private/mobile.key" notify: restart systemd-networkd - name: Copy Wireguard preshared keys become: true ansible.builtin.copy: src: "{{ item.value.preshared_key_source_path }}" dest: "{{ item.value.preshared_key_path }}" owner: root group: systemd-network mode: "0640" with_dict: "{{ vpn_peers }}" notify: restart systemd-networkd - name: Copy Wireguard mobile configuration become: true ansible.builtin.template: src: "templates/network/wireguard/default/mobile.wireguard.j2" dest: "/tmp/mobile.conf" mode: "0600" owner: "{{ ansible_user_id }}" when: copy_vpn_configurations