{"id":18898339,"url":"https://github.com/brainstone/ansible_roles_wireguard_easy","last_synced_at":"2026-05-06T04:32:54.129Z","repository":{"id":69185911,"uuid":"545720181","full_name":"BrainStone/ansible_roles_wireguard_easy","owner":"BrainStone","description":"An Ansible role that will install WireGuard Easy (https://github.com/WeeJeWel/wg-easy)","archived":false,"fork":false,"pushed_at":"2023-10-24T22:58:56.000Z","size":61,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-10-29T00:04:10.612Z","etag":null,"topics":["ansible","ansible-galaxy","ansible-role","vpn","wireguard"],"latest_commit_sha":null,"homepage":"https://galaxy.ansible.com/brainstone/wireguard_easy","language":"Jinja","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/BrainStone.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-10-04T21:37:52.000Z","updated_at":"2025-08-10T06:50:25.000Z","dependencies_parsed_at":"2024-11-08T08:52:49.063Z","dependency_job_id":null,"html_url":"https://github.com/BrainStone/ansible_roles_wireguard_easy","commit_stats":null,"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"purl":"pkg:github/BrainStone/ansible_roles_wireguard_easy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BrainStone%2Fansible_roles_wireguard_easy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BrainStone%2Fansible_roles_wireguard_easy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BrainStone%2Fansible_roles_wireguard_easy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BrainStone%2Fansible_roles_wireguard_easy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/BrainStone","download_url":"https://codeload.github.com/BrainStone/ansible_roles_wireguard_easy/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BrainStone%2Fansible_roles_wireguard_easy/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32678619,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-06T02:33:58.958Z","status":"ssl_error","status_checked_at":"2026-05-06T02:33:39.611Z","response_time":117,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","ansible-galaxy","ansible-role","vpn","wireguard"],"created_at":"2024-11-08T08:42:02.828Z","updated_at":"2026-05-06T04:32:54.102Z","avatar_url":"https://github.com/BrainStone.png","language":"Jinja","funding_links":[],"categories":[],"sub_categories":[],"readme":"# wireguard_easy\n\nAn Ansible role that will install WireGuard Easy (https://github.com/WeeJeWel/wg-easy).\n\n## Requirements\n\nThis role requires NodeJS installed if you decide to skip letting the role install it, git and sudo (unless you set `wireguard_easy_user` to `root`.\n\n## Role Variables\n\n| Variable | Description |\n|------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| `wireguard_easy_base_path` | The base path of the wg-easy installation.\u003cbr/\u003e\u003cbr/\u003eDefault: `/opt/wg-easy` |\n| `wireguard_easy_bin_path` | The git path of the binaries of the wg-easy installation. Should be inside `wireguard_easy_base_path`.\u003cbr/\u003e\u003cbr/\u003eDefault: \u003cbr/\u003e`{{ wireguard_easy_base_path }}/bin` |\n| `wireguard_easy_config_path` | The config path for WireGuard.\u003cbr/\u003e\u003cbr/\u003eDefault: `/etc/wireguard` |\n| `wireguard_easy_nodejs_version` | The NodeJS version to use. Typically shouldn't need to be changed.\u003cbr/\u003e\u003cbr/\u003eDefault: `14.x` |\n| `wireguard_easy_password` | Password for the webinterface. If empty, everyone can access the interface.\u003cbr/\u003e\u003cbr/\u003eDefault: *Empty* |\n| `wireguard_easy_port` | The webserver's port.\u003cbr/\u003e\u003cbr/\u003eDefault: `51821` |\n| `wireguard_easy_repo_path` | The git repository path of the wg-easy installation. Should be inside `wireguard_easy_base_path`.\u003cbr/\u003e\u003cbr/\u003eDefault: \u003cbr/\u003e`{{ wireguard_easy_base_path }}/repo` |\n| `wireguard_easy_skip_nodejs` | If set to true skip installing NodeJS (which means you should install it yourself).\u003cbr/\u003e\u003cbr/\u003eDefault: `false` |\n| `wireguard_easy_user` | Which user to own the files and run the service as. Will setup passwordless sudo for the user.\u003cbr/\u003eSet to `root` to not use sudo\u003cbr/\u003e\u003cbr/\u003eDefault: `wireguard` |\n| `wireguard_easy_wg_default_address` | The subnet used for WireGuard. The host will be the first usable IP in that range.\u003cbr/\u003e\u003cbr/\u003eDefault: `10.8.0.0/24` |\n| `wireguard_easy_wg_default_dns` | Which DNS servers should the clients use by default. Leave empty for none.\u003cbr/\u003e\u003cbr/\u003eDefault: The IP of the host in the WireGuard subnet (if the subnet is 10.8.0.0/24, it'll be 10.8.0.1) |\n| `wireguard_easy_wg_host` | The ideally publicly reachable host name of the WireGuard installation.\u003cbr/\u003e\u003cbr/\u003eDefault: the inventory host name |\n| `wireguard_easy_wg_port` | The WireGuard port.\u003cbr/\u003e\u003cbr/\u003eDefault: `51820` |\n| `wireguard_easy_wg_mtu` | The MTU for the WireGuard connection.\u003cbr/\u003e\u003cbr/\u003eDefault: *unset* |\n| `wireguard_easy_wg_persistent_keepalive` | The time interval in seconds to send keepalive packets from the client. This isn't enforce but suggested to the client.\u003cbr/\u003e\u003cbr/\u003eDefault: `0` (disabled) |\n| `wireguard_easy_wg_allowed_ips` | Suggest the client which `AllowedIPs` to use. This controls which addresses should be routed through the tunnel. (May be an array)\u003cbr/\u003e\u003cbr/\u003eDefault: `0.0.0.0/0, ::/0` |\n| `wireguard_easy_enforce_wg_allowed_ips` | By default the client can change their `AllowedIPs` setting. Enabling this will enforce this server side, limiting the clients to whatever is set in `wireguard_easy_wg_allowed_ips`.\u003cbr/\u003eNote; they can still change their own `AllowedIPs` setting, but any addresses outside the server side setting will be dropped.\u003cbr/\u003e\u003cbr/\u003eDefault: `false` |\n\n## Dependencies\n\nThe software needs NodeJS install, which will be done via the role [geerlingguy.nodejs](https://galaxy.ansible.com/geerlingguy/nodejs). You can set the\noption `wireguard_easy_skip_nodejs` to true.\n\n## Example Playbook\n\nI personally recommend using `host_vars` or `group_vars`, but a simple copy pastable block looks like this (the keys and passwords aren't real btw):\n\n```yaml\n- hosts: servers\n roles:\n - role: brainstone.wireguard_easy\n vars:\n wireguard_easy_skip_nodejs: false\n```\n\n## License\n\nThis Ansible role is licensed under the [MIT License](./LICENSE).\n\n## Contact\n\nTo contact me, use GitHub issues or Discord (BrainStone#6759)\n\n## Random Quote\n\n\u003e Remember that code is really the language in which we ultimately express the requirements. We may create languages that are closer to the requirements. We\n\u003e may create tools that help us parse and assemble those requirements into formal structures. But we will never eliminate necessary precision—so there will\n\u003e always be code.\n\u003e\n\u003e — \u003ccite\u003eRobert C. Martin\u003c/cite\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbrainstone%2Fansible_roles_wireguard_easy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbrainstone%2Fansible_roles_wireguard_easy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbrainstone%2Fansible_roles_wireguard_easy/lists"}