ansible-role-wireguard-nfta…/tasks/wireguard.yml

---
- name: Create wireguard directory
  file:
    path: /etc/wireguard
    state: directory
    mode: 0700

- name: Generate private key
  shell: "umask 077 && wg genkey > /etc/wireguard/{{ wireguard_if }}.key"
  args:
    creates: "/etc/wireguard/{{ wireguard_if }}.key"

- name: Read private key
  command: "cat /etc/wireguard/{{ wireguard_if }}.key"
  register: priv_key
  changed_when: false
  check_mode: no

- name: Interface configuration file
  template:
    src: wg.conf.j2
    dest: "/etc/wireguard/{{ wireguard_if }}.conf"
    mode: 0600
    owner: root
    group: root
  notify: Restart wg-quick service

- name: Wireguard service
  service:
    name: "wg-quick@{{ wireguard_if }}.service"
    state: started
    enabled: true