mail-server/ansible/05-vpn.yml

- name: VPN Setup
  hosts:
    - mx1
    - mx2
  remote_user: root
  vars_files:
    - vars.yml
  tasks:
    - name: Install wireguard
      community.general.openbsd_pkg:
        name:
          - wireguard-tools
        state: present

    - name: Ensures /etc/wireguard dir exists
      file:
        path: "/etc/wireguard"
        state: directory

    - name: Create wireguard config
      template:
        src: "templates/wireguard.conf.j2"
        dest: "/etc/wireguard/{{ lookup('vars', inventory_hostname + '_wg').interface }}.conf"
        owner: root
        group: wheel
        mode: "0600"

    - name: Create wireguard interface
      template:
        src: "templates/wireguard.if.j2"
        dest: "/etc/hostname.{{ lookup('vars', inventory_hostname + '_wg').interface }}"
      register: iface_config

    - name: Apply network configuration if changed
      shell: sh /etc/netstart {{ lookup('vars', inventory_hostname + '_wg').interface }}
      when: iface_config.changed