From 8bed4a0bd7c74b546bb43eefd067472091551b7f Mon Sep 17 00:00:00 2001
From: Joe Banks <joe@jb3.dev>
Date: Fri, 30 Aug 2024 18:54:20 +0100
Subject: Create a new firewalld zone for Wireguard interface on Rocky hosts

---
 ansible/roles/wireguard/tasks/main.yml | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

(limited to 'ansible')

diff --git a/ansible/roles/wireguard/tasks/main.yml b/ansible/roles/wireguard/tasks/main.yml
index a670687..a261556 100644
--- a/ansible/roles/wireguard/tasks/main.yml
+++ b/ansible/roles/wireguard/tasks/main.yml
@@ -5,6 +5,25 @@
   tags:
     - role::wireguard
 
+- name: Create firewalld zone for Wireguard on Rocky hosts
+  ansible.posix.firewalld:
+    zone: wireguard
+    state: present
+    permanent: true
+  when: ansible_distribution == "Rocky"
+  tags:
+    - role::wireguard
+
+- name: Add wg0 interface to wireguard firewalld zone
+  ansible.posix.firewalld:
+    zone: wireguard
+    interface: wg0
+    state: enabled
+    permanent: true
+  when: ansible_distribution == "Rocky"
+  tags:
+    - role::wireguard
+
 - name: Generate WireGuard private key
   shell: set -o pipefail && wg genkey > /etc/wireguard/key.priv
   args:
-- 
cgit v1.2.3