Add wireguard server config

ansible/roles/gateway/files/haproxy.cfg

@@ -40,7 +40,7 @@ defaults
 listen https
 	bind *:443
 	mode tcp
-	server default {{ upstream }}:443 check send-proxy
+	server default {{ wireguard.intersect_ip }}:443 check send-proxy
 
 listen http
 	bind *:80
@@ -48,15 +48,15 @@ listen http
 	stats show-node
 	stats uri /haproxy
 	stats auth stats:{{ haproxy_stats_pass }}
-	server default {{ upstream }}:80 check
+	server default {{ wireguard.intersect_ip }}:80 check
 
 
 listen matrix
 	bind *:8448
 	mode tcp
-	server default {{ upstream }}:8448 check
+	server default {{ wireguard.intersect_ip }}:8448 check
 
 listen gitea
 	bind *:3022
 	mode tcp
-	server default {{ upstream }}:3022 check
+	server default {{ wireguard.intersect_ip }}:3022 check

ansible/roles/gateway/files/wireguard.conf

@@ -0,0 +1,9 @@
+[Interface]
+Address = {{ wireguard.server_ip }}
+PrivateKey = {{ wireguard.server_private_key }}
+ListenPort = {{ wireguard.server_port }}
+
+[Peer]
+# intersect
+PublicKey = {{ wireguard.intersect_public_key }}
+AllowedIPs = {{ wireguard.intersect_ip }}/32

ansible/roles/gateway/tasks/haproxy.yml

@@ -6,11 +6,7 @@
 
 - name: Import vault
   include_vars:
-    file: vault.yml
-
-- name: Define context
-  set_fact:
-    upstream: 10.23.0.2
+    file: vars/gateway.yml
 
 - name: Haproxy config
   template:

ansible/roles/gateway/tasks/main.yml

@@ -1,3 +1,7 @@
+- name: Import wireguard variables
+  include_vars:
+    file: vars/wireguard.yml
+
 - name: Configure HAproxy
   include: haproxy.yml
 

ansible/roles/gateway/tasks/wireguard.yml

@@ -29,3 +29,21 @@
       - wireguard-tools
   become: true
   become_user: root
+
+- name: Wireguard server config
+  template:
+    src: files/wireguard.conf
+    dest: /etc/wireguard/wg0.conf
+    backup: yes
+  become: true
+  become_user: root
+  register: wireguard_conf
+
+- name: Enable wireguard
+  service:
+    name: wg-quick@wg0
+    state: reloaded
+    enabled: true
+  when: wireguard_conf.changed
+  become: true
+  become_user: root