skeleton for unmanged hosts

defaults/main.yml

@@ -1,7 +1,7 @@
 ---
-#######################################
+################################################################################
 # General settings
-#######################################
+################################################################################
 
 # Directory to store WireGuard configuration on the remote hosts
 wireguard_remote_directory: "/etc/wireguard"
@@ -13,9 +13,26 @@ wireguard_port: "51820"
 wireguard_interface: "wg0"
 
 
-#######################################
+################################################################################
+# Settings for devices like laptops, tablets, mobiles, etc. not managed by
+# Ansible. If you don't have such devices just leave the variables commented.
+################################################################################
+
+# Directory to store configurations for unmanaged hosts
+wireguard_unmanaged_hosts_directory: "{{ '~/wireguard_unmanaged_hosts' | expanduser }}"
+
+# 
+wireguard_unmanaged_hosts_list:
+  - tablet01
+  - mobile01
+
+#
+wireguard_unmanaged_delegate_to: "127.0.0.1"
+
+
+###############################################################################
 # Settings only relevant for Ubuntu
-#######################################
+###############################################################################
 
 # Set to "false" if package cache should not be updated
 wireguard_ubuntu_update_cache: "true"

tasks/main.yml

@@ -1,8 +1,22 @@
 ---
-- name: Gather instance facts
-  setup:
+#- name: Gather instance facts
+#  setup:
 
-- include_tasks: "setup-{{ ansible_distribution|lower }}.yml"
+#- name: Include distribution specific tasks
+#  include_tasks: "setup-{{ ansible_distribution|lower }}.yml"
+
+- name: Include unmanaged hosts variables
+  include_vars:
+    name: wireguard_unmanaged_host_{{ item }}
+    dir: vars
+    extensions:
+      - yml
+      - yaml
+  loop: "{{ wireguard_unmanaged_hosts_list }}"
+  when: wireguard_unmanaged_hosts_list is defined
+
+- debug: var=wireguard_unmanaged_host_{{ item }}
+  loop: "{{ wireguard_unmanaged_hosts_list }}"
 
 - name: Enable WireGuard kernel module
   modprobe:

templates/wg-unmanaged.conf.j2

@@ -0,0 +1,14 @@
+{{ ansible_managed | comment }}
+# For unmanaged host {{ item.item.host }}
+# qrencode -t ansiutf8 < /etc/wireguard/{{ item.item.host }}.conf
+[Interface]
+PrivateKey = {{ item.stdout }}
+Address = {{ item.item.allowed_ips }}
+{% if item.item.dns is defined %}
+DNS = {{ item.item.dns }}
+{% endif %}
+
+[Peer]
+Endpoint = {{ wireguard_endpoint }}:{{ wireguard_port }}
+PublicKey = {{ public_key }}
+AllowedIPs = 0.0.0.0/0, ::/0

vars/mobile01.yml

@@ -0,0 +1,4 @@
+wireguard_address: "10.8.0.11"
+wireguard_port: "51820"
+wireguard_dns: "1.1.1.1"
+wireguard_mtu: "1492"

vars/tablet01.yml

@@ -0,0 +1,4 @@
+wireguard_address: "10.8.0.10"
+wireguard_port: "51820"
+wireguard_dns: "1.1.1.1"
+wireguard_mtu: "1492"