This role installs WireGuard on Debian.
This role can not configure WireGuard. For configuring WireGuard you can use our systemd-network role. If you wish so, then read #configuring-wireguard.
The following is a minimal example playbook using this role.
- hosts: wg-server01
become: true
roles:
- role: wireguardThe following is an example playbook if you wish to additionally use our systemd-network role in order to configure WireGuard.
- hosts: wg-server01
become: true
roles:
- role: wireguard
- role: systemd-network
systemd_network_netdevs:
# /etc/systemd/network/*.netdev files are configured here
systemd_network_networks:
# /etc/systemd/network/*.network files are configured hereHereby you have to make yourself familiar with how to configure WireGuard
using systemd-networkd.
Then refer to our
systemd-network role
documentation in order to learn how to accordingly populate the systemd_network_netdevs
and systemd_network_networks role variables.
This role supports synchronizing a routing table into the allowed-ips of a
WireGuard interface.
To do so, simply use the role variable wireguard_synchronize_allowed_ips as
in the following example, where the main routing table is synchronized into
the allowed-ips of the WireGuard interface wg0.
- hosts: wg-server01
become: true
roles:
- role: wireguard
wireguard_synchronize_allowed_ips:
wg0: main
- role: systemd-network
systemd_network_netdevs:
# /etc/systemd/network/*.netdev files are configured here
systemd_network_networks:
# /etc/systemd/network/*.network files are configured hereYou can do this for any number of WireGuard interfaces. Note that they also have to be configured, for example using our systemd-network role.