feat(wireguard_server): Add wstunnel server setup

roles/wireguard_server/tasks/wstunnel.yml

@@ -0,0 +1,56 @@
+---
+- name: Check if wstunnel is already installed
+  ansible.builtin.stat:
+    path: /usr/local/bin/wstunnel
+  register: wstunnel_binary
+
+- name: Download and install wstunnel
+  when: not wstunnel_binary.stat.exists
+  block:
+    - name: Download and unarchive wstunnel package
+      ansible.builtin.unarchive:
+        src: https://github.com/erebe/wstunnel/releases/download/v5.1/wstunnel_5.1_linux_amd64.tar.gz
+        dest: /tmp
+        remote_src: yes
+        creates: /tmp/wstunnel
+
+    - name: Move wstunnel binary to /usr/local/bin
+      ansible.builtin.copy:
+        src: /tmp/wstunnel
+        dest: /usr/local/bin/wstunnel
+        mode: '0755'
+        remote_src: yes
+      become: true
+  
+    - name: Clean up temporary wstunnel file
+      ansible.builtin.file:
+        path: /tmp/wstunnel
+        state: absent
+
+- name: Create wstunnel systemd service file
+  ansible.builtin.copy:
+    dest: /etc/systemd/system/wstunnel.service
+    content: |
+      [Unit]
+      Description=WSTunnel Server
+      After=network.target
+
+      [Service]
+      Type=simple
+      User=nobody
+      ExecStart=/usr/local/bin/wstunnel -s 127.0.0.1:8080 -t udp://127.0.0.1:51820
+      Restart=always
+      RestartSec=3
+
+      [Install]
+      WantedBy=multi-user.target
+  become: true
+  notify: Restart wstunnel
+
+- name: Ensure wstunnel service is started and enabled
+  ansible.builtin.systemd:
+    name: wstunnel
+    state: started
+    enabled: yes
+    daemon_reload: yes
+  become: true