--- all: hosts: frame1: ansible_host: 192.168.0.11 dispatcher: ansible_connection: local dispatchers: hosts: dispatcher: frames: hosts: frame1: vars: frame_timezone: UTC monit_wireguard: true monit_wireguard_ip: 192.168.254.1 wg: hosts: frame1: wireguard_address: 192.168.254.11/32 dispatcher: containerized: true wireguard_containerized: "{{ containerized }}" wireguard_remote_directory: "/opt/wireguard" wireguard_address: 192.168.254.1/32 wireguard_allowed_ips: "192.168.254.0/24" wireguard_table: "off" wireguard_postup: - ip route add 192.168.254.0/24 via 192.168.254.1 dev wg0 - iptables -t nat -A PREROUTING -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT - iptables -A FORWARD -i wg0 -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT - iptables -A FORWARD -i wg0 -s 192.168.254.0/24 -d 0.0.0.0/0 -j DROP - iptables -A INPUT -i wg0 -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT - iptables -A INPUT -i wg0 -s 192.168.254.0/24 -d 0.0.0.0/0 -j DROP wireguard_postdown: - ip route del 192.168.254.0/24 via 192.168.254.1 dev wg0 - iptables -D -t nat -A PREROUTING -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT - iptables -D -A FORWARD -i wg0 -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT - iptables -D -A FORWARD -i wg0 -s 192.168.254.0/24 -d 0.0.0.0/0 -j DROP - iptables -D -A INPUT -i wg0 -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT - iptables -D -A INPUT -i wg0 -s 192.168.254.0/24 -d 0.0.0.0/0 -j DROP vars: wireguard_port: 51821 wireguard_endpoint: 192.168.0.2 wireguard_persistent_keepalive: 30