adc/ansible/roles/home-net/tasks/rpi.yml

---

- name: install wireguard
  apt:
    name:
      - wireguard
      - wireguard-dkms
      - wireguard-tools        
    update_cache: yes
    state: latest

- name: Enable IP forwarding
  sysctl: name={{ item }} value=1 state=present
  with_items:
    - net.ipv4.ip_forward
    - net.ipv6.conf.all.forwarding    

- name: Configure firewall (Ubuntu)
  ufw: rule=allow port=51820 proto=udp
  when: ansible_distribution == "Ubuntu"

- name: Create wireguard config directory
  file: state=directory path=/etc/wireguard owner=root group=root mode=0700

- name: Install wireguard configuration
  template: src=wg0.conf dest=/etc/wireguard/wg0.conf owner=root group=root mode=0600
  notify: restart wireguard

- name: Start wireguard
  service: name=wg-quick@wg0.service enabled=yes state=started