move OS package installation to OS specific subtasks

tasks/main.yml

@@ -4,23 +4,6 @@
 
 - include_tasks: "setup-{{ ansible_distribution|lower }}.yml"
 
-- name: Load packages variable file based on the OS type, or a default if not found
-  include_vars: "{{ lookup('first_found', params) }}"
-  vars:
-    params:
-      files:
-        - "packages-{{ ansible_distribution | lower }}.yml"
-        - "packages.yml"
-      paths:
-        - "vars"
-
-- name: Install WireGuard
-  package:
-    name: "{{ packages }}"
-    state: present
-  tags:
-    - wg-install
-
 - name: Enable WireGuard kernel module
   modprobe:
     name: wireguard
@@ -48,6 +31,7 @@
 - name: Get wg subcommands
   command: "wg --help"
   register: wg_subcommands
+  changed_when: false
 
 - name: Set default value for wg_syncconf variable (assume wg syncconf subcommand not available)
   set_fact:
@@ -64,8 +48,9 @@
 
 - block:
   - name: Generate WireGuard private key
-    shell: "wg genkey"
+    command: "wg genkey"
     register: wg_private_key_result
+    changed_when: false
     tags:
       - wg-generate-keys
 

tasks/setup-archlinux.yml

@@ -1,5 +1,5 @@
 ---
-- name: Install wireguard-lts package
+- name: (Archlinux) Install wireguard-lts package
   pacman:
     name: "{{ item.name }}"
     state: "{{ item.state }}"
@@ -13,12 +13,20 @@
     - ansible_kernel is match(".*-lts$")
     - ansible_kernel is version('5.6', '<')
 
-- name: Install wireguard-dkms package
+- name: (Archlinux) Install wireguard-dkms package
   pacman:
     name: wireguard-dkms
+    state: present
   become: yes
   tags:
     - wg-install
   when:
     - not ansible_kernel is match(".*-lts$")
     - ansible_kernel is version('5.6', '<')
+
+- name: (Archlinux) Install wireguard-tools package
+  pacman:
+    name: wireguard-tools
+    state: present
+  tags:
+    - wg-install

tasks/setup-centos.yml

@@ -1,11 +1,19 @@
 ---
-
-- name: Add WireGuard repository
+- name: (CentOS) Add WireGuard repository
   get_url:
     url: https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo
     dest: /etc/yum.repos.d/wireguard.repo
 
-- name: Install EPEL repository
+- name: (CentOS) Install EPEL repository
   yum:
     name: epel-release
     update_cache: yes
+
+- name: (CentOS) Install wireguard packages
+  yum:
+    name:
+      - "wireguard-dkms"
+      - "wireguard-tools"
+    state: present
+  tags:
+    - wg-install

tasks/setup-debian.yml

@@ -1,10 +1,10 @@
 ---
-- name: Install GPG - required to add wireguard key
+- name: (Debian) Install GPG - required to add wireguard key
   apt:
     name: gnupg
     state: present
 
-- name: Add WireGuard repository on buster or earlier
+- name: (Debian) Add WireGuard repository on buster or earlier
   apt_repository:
     repo: "deb http://deb.debian.org/debian buster-backports main"
     state: present
@@ -13,13 +13,22 @@
   tags:
     - wg-install
 
-- name: Get architecture
-  shell: dpkg --print-architecture
+- name: (Debian) Get architecture
+  command: "dpkg --print-architecture"
   register: dpkg_arch
   changed_when: False
 
-- name: Install kernel headers to compile wireguard with DKMS
+- name: (Debian) Install kernel headers to compile Wireguard with DKMS
   apt:
     name:
       - "linux-headers-{{ dpkg_arch.stdout }}"
     state: present
+
+- name: (Debian) Install wireguard packages
+  apt:
+    name:
+      - "wireguard-dkms"
+      - "wireguard-tools"
+    state: present
+  tags:
+    - wg-install

tasks/setup-fedora.yml

@@ -1,8 +1,17 @@
 ---
-  - name: Add wireguard COPR
-    yum_repository:
-      name: "jdoss-wireguard"
-      description: "Copr repo for wireguard owned by jdoss"
-      baseurl: "https://copr-be.cloud.fedoraproject.org/results/jdoss/wireguard/fedora-$releasever-$basearch/"
-      gpgkey: "https://copr-be.cloud.fedoraproject.org/results/jdoss/wireguard/pubkey.gpg"
-      gpgcheck: yes
+- name: (Fedora) Add wireguard COPR
+  yum_repository:
+    name: "jdoss-wireguard"
+    description: "Copr repo for wireguard owned by jdoss"
+    baseurl: "https://copr-be.cloud.fedoraproject.org/results/jdoss/wireguard/fedora-$releasever-$basearch/"
+    gpgkey: "https://copr-be.cloud.fedoraproject.org/results/jdoss/wireguard/pubkey.gpg"
+    gpgcheck: yes
+
+- name: (Fedora) Install wireguard packages
+  yum:
+    name:
+      - "wireguard-dkms"
+      - "wireguard-tools"
+    state: present
+  tags:
+    - wg-install

tasks/setup-ubuntu.yml

@@ -1,26 +1,48 @@
 ---
-- name: Update APT package cache
+- name: (Ubuntu) Update APT package cache
   apt:
     update_cache: "{{ wireguard_ubuntu_update_cache }}"
     cache_valid_time: "{{ wireguard_ubuntu_cache_valid_time }}"
   tags:
     - wg-install
 
-- name: Install required packages
-  package:
-    name: "{{ packages }}"
-    state: present
-  vars:
-    packages:
-    - software-properties-common
-    - linux-headers-{{ ansible_kernel }}
-  tags:
-    - wg-install
+- block:
+  - name: (Ubuntu) Install support packages needed for Wireguard (for Ubuntu < 19.10)
+    package:
+      name: "{{ packages }}"
+      state: present
+    vars:
+      packages:
+      - software-properties-common
+      - linux-headers-{{ ansible_kernel }}
+    tags:
+      - wg-install
 
-- name: Add WireGuard repository
-  apt_repository:
-    repo: "ppa:wireguard/wireguard"
-    state: present
-    update_cache: yes
-  tags:
-    - wg-install
+  - name: (Ubuntu) Add WireGuard repository (for Ubuntu < 19.10)
+    apt_repository:
+      repo: "ppa:wireguard/wireguard"
+      state: present
+      update_cache: yes
+    tags:
+      - wg-install
+
+  - name: (Ubuntu) Install wireguard packages (for Ubuntu < 19.10)
+    apt:
+      name:
+        - "wireguard-dkms"
+        - "wireguard-tools"
+      state: present
+    tags:
+      - wg-install
+  when:
+    - ansible_lsb.major_release is version('19.10', '<')
+
+- block:
+  - name: (Ubuntu) Install wireguard-tools package (for Ubuntu > 19.04)
+    apt:
+      name: "wireguard-tools"
+      state: present
+    tags:
+      - wg-install
+  when:
+    - ansible_lsb.major_release is version('19.04', '>')