Swap version of wstunnel (previos not exist). Creating wireguard-server variables

group_vars/all.yml

@@ -4,6 +4,10 @@ ip_admin: 192.168.6.7
 mysql_host: "{{ ip_admin }}"
 gateway: 192.168.6.1
 
+wireguard-server:
+  wstunnel-download-url: https://github.com/erebe/wstunnel/releases/download/v10.5.2/wstunnel_10.5.2_linux_amd64.tar.gz
+  internal-port: 51822
+
 wireguard-client:
   ntb:
     ip: 10.0.0.2

playbooks/services/wireguard-cerberus.yml

@@ -3,7 +3,7 @@
   become: true
   vars_files:
     - vault.yml
-    - zeus-vars.yml
+    - all.yml
   tasks:
     - name: wireguard-server
       ansible.builtin.include_role:

roles/wireguard_server/tasks/wstunnel.yml

@@ -9,7 +9,7 @@
   block:
     - name: Download and unarchive wstunnel package
       ansible.builtin.unarchive:
-        src: https://github.com/erebe/wstunnel/releases/download/v5.1/wstunnel_5.1_linux_amd64.tar.gz
+        src: "{{ wstunnel-download-url }}"
         dest: /tmp
         remote_src: yes
         creates: /tmp/wstunnel
@@ -38,7 +38,7 @@
       [Service]
       Type=simple
       User=nobody
-      ExecStart=/usr/local/bin/wstunnel -s 127.0.0.1:8080 -t udp://127.0.0.1:51820
+      ExecStart=/usr/local/bin/wstunnel -s 0.0.0.0:8080 -t udp://127.0.0.1:{{ wireguard-server.internal-port }}
       Restart=always
       RestartSec=3
 

roles/wireguard_server/templates/wireguardserver.conf

@@ -3,7 +3,7 @@ PrivateKey = {{ wireguard-server.key }}
 Address=10.0.0.1/24
 PostUp=iptables -A FORWARD -i wireguardserver -o ens18 -j ACCEPT; iptables -A FORWARD -i ens18 -o wireguardserver -j ACCEPT; iptables -t nat -A POSTROUTING -o ens18 -j MASQUERADE;
 PostDown=iptables -D FORWARD -i wireguardserver -o ens18 -j ACCEPT; iptables -D FORWARD -i ens18 -o wireguardserver -j ACCEPT; iptables -t nat -D POSTROUTING -o ens18 -j MASQUERADE;
-ListenPort=51822
+ListenPort={{ wireguard-server.internal-port }}
 
 {% for user in wireguard %}
 [Peer]