--- # Copyright (C) 2018-2020 Robert Wimmer # SPDX-License-Identifier: GPL-3.0-or-later ####################################### # General settings ####################################### # Directory to store WireGuard configuration on the remote hosts wireguard_remote_directory: "{{ '/etc/wireguard' if not ansible_os_family == 'Darwin' else '/opt/local/etc/wireguard' }}" # The default port WireGuard will listen if not specified otherwise. wireguard_port: "51820" # The default interface name that WireGuard should use if not specified otherwise. wireguard_interface: "wg0" # The default owner of the wg.conf file wireguard_conf_owner: root # The default group of the wg.conf file wireguard_conf_group: "{{ 'root' if not ansible_os_family == 'Darwin' else 'wheel' }}" # The default mode of the wg.conf file wireguard_conf_mode: 0600 # The default state of the wireguard service wireguard_service_enabled: "yes" wireguard_service_state: "started" # This is sensitive: encrypt it with a tool like Ansible Vault. # If not set, a new one is generated on a blank configuration. # wireguard_private_key: ####################################### # Settings only relevant for Ubuntu ####################################### # Set to "false" if package cache should not be updated wireguard_ubuntu_update_cache: "true" # Set package cache valid time wireguard_ubuntu_cache_valid_time: "3600" ####################################### # Settings only relevant for CentOS 7 ####################################### # Set wireguard_centos7_installation_method to "kernel-plus" # to use the kernel-plus kernel, which includes a built-in, # signed WireGuard module. # UTILIZING KERNEL-PLUS WILL PERFORM A SYSTEM REBOOT DURING SETUP!! # # The default of "standard" will use the standard kernel and # the ELRepo module for WireGuard. wireguard_centos7_installation_method: "standard" # The default seconds to wait for machine to reboot and respond wireguard_centos7_kernel_plus_reboot_timeout: "600"