1 files changed, 29 insertions, 10 deletions

diff --git a/tasks/wg_setup.yaml b/tasks/wg_setup.yaml
index 9557a79..abe818f 100644
--- a/tasks/wg_setup.yaml
+++ b/tasks/wg_setup.yaml
@@ -18,44 +18,44 @@
 
 - name: create wireguard server directory
   file:
-    path: "{{ wireguard_server_home }}"
+    path: "{{ wg_server_home }}"
     state: directory
     mode: "0700"
 
 - name: create wireguard peers directory
   file:
-    path: "{{ wireguard_peers_home }}"
+    path: "{{ wg_peers_home }}"
     state: directory
     mode: "0700"
 
 - name: generate wireguard server keys
   shell:
     cmd: |
-      wg genpsk > "{{ wireguard_server_home }}/psk.key"
-      wg genkey > "{{ wireguard_server_home }}/server.key"
-    creates: "{{ wireguard_server_home }}/server.key"
+      wg genpsk > "{{ wg_server_home }}/psk.key"
+      wg genkey > "{{ wg_server_home }}/server.key"
+    creates: "{{ wg_server_home }}/server.key"
   args:
-    chdir: "{{ wireguard_server_home }}"
+    chdir: "{{ wg_server_home }}"
 
 - name: get server public key
   shell:
-    cmd: wg pubkey < "{{ wireguard_server_home }}/server.key"
+    cmd: wg pubkey < "{{ wg_server_home }}/server.key"
   register: server_pubkey
   changed_when: false
 
 - name: read wireguard server.key from remote host
   slurp:
-    src: "{{ wireguard_server_home }}/server.key"
+    src: "{{ wg_server_home }}/server.key"
   register: wg_key
 
 - name: set private key from remote file
   set_fact:
     private_key: "{{ wg_key.content | b64decode }}"
 
-- name: deploy {{ wireguard_server_home }}/wg0.conf
+- name: deploy {{ wg_server_home }}/wg0.conf
   template:
     src: wg0.conf.j2
-    dest: "{{ wireguard_server_home }}/wg0.conf"
+    dest: "{{ wg_server_home }}/wg0.conf"
     mode: "0600"
 
 - name: deploy manage_wg_peers.sh
@@ -70,3 +70,22 @@
     state: restarted
     enabled: true
   when: ansible_service_mgr == 'systemd'
+
+- name: allow wg port 
+  ufw:
+    rule: allow
+    port: "{{ wg_port }}"
+    proto: udp
+
+- name: set wg-only pveproxy config
+  template:
+    src: pveproxy
+    dest: /etc/default/pveproxy
+    mode: '0644'
+
+- name: restart pveproxy
+  systemd:
+    name: pveproxy
+    state: restarted
+    enabled: true
+  when: ansible_service_mgr == 'systemd'