feat: added wireguard play

playbooks/wireguard.play.yml

+---
+- name: WireGuard Tunnel
+  hosts: all
+  become: true
+  vars_files:
+    - ./secrets/wireguard_keys.yml
+  vars:
+    interfaces:
+      H1:
+        eth0:
+          address: "1.0.0.3"
+          netmask: "255.255.255.0"
+        wg0:
+          address: "10.0.0.1"
+          port: 51820
+          netmask: "255.255.255.0"
+
+      H2:
+        eth0:
+          address: "3.0.0.3"
+          netmask: "255.255.255.0"
+        wg0:
+          address: "10.0.0.2"
+          port: 51820
+          netmask: "255.255.255.0"
+
+    keys:
+      H1:
+        private:
+          key: "{{ private_keys.H1 }}"
+        public:
+          key: "OMlLks+cwFWshIcrcZK+RJUf841Ra3lcdVLTcxwetUs="
+      H2:
+        private:
+          key: "{{ private_keys.H2 }}"
+        public:
+          key: "PtT28gd4JRts2KZlumjTG2cMWsEWXEN+lM4EsXJUjDY="
+
+  tasks:
+    - name: Setup WireGuard hosts
+      ansible.builtin.template:
+        src: "templates/wireguard.j2"
+        dest: "/etc/wireguard/wg0.conf"
+        owner: "root"
+        group: "root"
+        mode: "0644"
+      when: inventory_hostname == "H1" or inventory_hostname == "H2"
+
+    - name: Enable WireGuard service
+      ansible.builtin.systemd:
+        name: wg-quick@wg0
+        state: restarted
+        enabled: true
+
+    - name: Restrict access to webpage via tunnel
+      ansible.builtin.command:
+        cmd: "sed -i 's/listen 80/listen 10.0.0.2:80/' /etc/nginx/sites-enabled/default"
+      when: inventory_hostname == "H2"
+      notify: Restart nginx
+
+    - name: Testing connectivity
+      ansible.builtin.command:
+        cmd: "wget 10.0.0.2 -O h2.html"
+      when: inventory_hostname == "H1"
+
+  handlers:
+    - name: Restart nginx
+      ansible.builtin.systemd:
+        name: nginx
+        state: restarted
+        enabled: true