With this role you can configure wireguard interfaces on debian systems.
You need to generate the keys beforehand.
Start a Wireguard Key-Generation environment:
docker run --rm -ti -v "$PWD:/dir" alpine sh -c 'apk add wireguard-tools libqrencode; sh'
Generate Keypair:
wg genkey | tee /dir/wg.key | wg pubkey > /dir/wg.pub
Generate PSK:
PSK (pre shared key for post quantum crypto). The pre-shared key (PSK) is an optional security improvement as per the WireGuard protocol and should be a unique PSK per client for highest security.
wg genpsk > /dir/presharedkey
Generate QR-Code of config file:
qrencode -t ansiutf8 < /dir/wireguard-config.conf
You can use several Variables to configure this role.
-
netmask- (default:255.255.255.0) path to store the CA folder. -
wireguard_interface- (default:wg-p2p) interface name for wireguard interface -
wireguard_port- (default:51820) port where wireguard udp service will listen -
wireguard_is_router- (default:true) enable routing over this interface
address- required the ip address of the wireguard interfaceprivateKey- required private key of the wireguard interfacepeers- required array of peer objects (see cert description below)
peers:
- publicKey: 4/wUE/Cf/l5iA5AEN29Wtzz0qlrRxb1GRKbXbBPMRk0=
allowedIPs: 10.10.10.2/32
presharedKey: bQUv8uStM9ixF54iou2xvNPdVTcTipflhtWPSTIdm3c=
persistentKeepalive: 20
publicKey- required PublicKey of peerallowedIPs- required AllowedIPs of peerpersistentKeepalive- optional PersistentKeepalive of peerpresharedKey- optional PresharedKey of peerendpoint- optional Endpoint of peer