Ansible role for creating a Wireguard-based mesh network
An Ansible role to automate the creation of a Wireguard-based mesh network, allowing servers to communicate between each other using a private, secure VPN without the need for a central node.
The role uses the
wg-quick control which is also exposed via a Systemd service, such that the interface can be brought up automatically on boot. After the mesh network is created, connectivity is verified with a ping task. If you are behind NAT or a stateful firewall, you might need to set
--- - name: Wireguard hosts: all any_errors_fatal: true gather_facts: yes become: true roles: - create-wireguard-mesh-network
all: hosts: host1: ansible_host: 188.8.131.52 wireguard_ip: 10.1.0.1 host2: ansible_host: 184.108.40.206 wireguard_ip: 10.2.0.1 host3: ansible_host: 220.127.116.11 wireguard_ip: 10.3.0.1 vars: ansible_ssh_port: 22 ansible_ssh_common_args: "-o StrictHostKeyChecking=no" ansible_ssh_user: root ansible_become_method: su wireguard_mask_bits: 24 wireguard_port: 51871