--- - name: configure tunnel on eae-adp-jump01 hosts: eae-adp-jump01 tasks: - name: create wg0 interface file template: src: templates/hostname.wg0 dest: /etc/hostname.wg0 mode: 0600 notify: - reload interfaces - name: create pf.wg0.conf file copy: src: files/pf.wg0.conf dest: /etc/pf.wg0.conf mode: 0600 notify: - reload firewall - name: include pf.wg0.conf in pf.include.conf lineinfile: path: /etc/pf.include.conf line: 'include "/etc/pf.wg0.conf"' notify: - reload firewall - name: create ospfd.conf copy: src: files/ospfd.conf dest: /etc/ospfd.conf mode: 0600 validate: "/usr/sbin/ospfd -n -f %s" notify: - restart ospfd - name: enable ospfd service: name: ospfd state: started enabled: yes handlers: - name: reload firewall command: pfctl -vf /etc/pf.conf - name: reload interfaces command: sh /etc/netstart - name: restart ospfd service: name: ospfd state: restart - name: configure tunnel on gw-core01 hosts: gw-core01 gather_facts: no tasks: - name: create wg0 interface blockinfile: path: /etc/config/network content: | config interface 'wg0' option proto 'wireguard' option private_key "{{ lookup('passwordstore', 'wg/wg0/gw-core01') }}" option listen_port 51820 option mtu 1350 list addresses '10.84.254.1/31' config wireguard_wg0 'eap_adp_jump01' option public_key "{{ lookup('passwordstore', 'wg/wg0/eae-adp-jump01.pub') }}" option preshared_key "{{ lookup('passwordstore', 'wg/wg0/psk') }}" option endpoint_host '162.55.53.85' option endpoint_port '51820' option route_allowed_ips '0' option persistent_keepalive 15 list allowed_ips '0.0.0.0/0' notify: - restart network - name: configure frr (daemons) lineinfile: regexp: '^ospfd=.*$' line: 'ospfd=yes' path: /etc/frr/daemons notify: - restart frr - name: configure frr (frr.conf) copy: src: files/gw-core01_frr.conf dest: /etc/frr/frr.conf notify: - restart frr handlers: - name: restart network service: name: network state: restarted - name: restart frr service: name: frr state: restarted