Moved bastion config to separate role

ansible/buildHomelab.yaml

@@ -49,32 +49,13 @@
         backup: true
       tags: docker
 
-
 - name: Setup bastion
   hosts: bastion
   vars:
   tags:
     - bastion
-  tasks:
+  roles:
-    - name: Enable IP forwarding
+    - bastion
-      ansible.builtin.lineinfile:
-        path: /etc/sysctl.conf
-        regexp: '^#?.*net\.ipv4\.ip_forward='
-        line: 'net.ipv4.ip_forward=1'
-    - name: Install Wireguard
-      ansible.builtin.package:
-        name: wireguard
-        state: present
-    - name: Shutdown Wireguard (remove iptables rules)
-      ansible.builtin.shell: wg-quick down wg0
-      ignore_errors: true
-    - name: Copy Wireguard config
-      ansible.builtin.template:
-        src: assets/{{ inventory_hostname }}/wg0.conf.j2
-        dest: /etc/wireguard/wg0.conf
-        backup: true
-    - name: Enable Wireguard int
-      ansible.builtin.shell: wg-quick up wg0
 
       #- name: Setup Docker hosts
       #  hosts: 
@@ -140,8 +121,10 @@
 - name: Local server Wireguard
   hosts: 
     - docker-ext
+  tags:
+    - bastion
   tasks:
-    - name: "docker-ext Wireguard"
+    - name: "Local server Wireguard"
       ansible.builtin.template:
         src: assets/{{ inventory_hostname }}/wg0.conf.j2
         dest: /etc/wireguard/wg0.conf

ansible/roles/bastion/tasks/main.yml

@@ -0,0 +1,19 @@
+- name: Enable IP forwarding
+  ansible.builtin.lineinfile:
+    path: /etc/sysctl.conf
+    regexp: '^#?.*net\.ipv4\.ip_forward='
+    line: 'net.ipv4.ip_forward=1'
+- name: Install Wireguard
+  ansible.builtin.package:
+    name: wireguard
+    state: present
+- name: Shutdown Wireguard (remove iptables rules)
+  ansible.builtin.shell: wg-quick down wg0
+  ignore_errors: true
+- name: Copy Wireguard config
+  ansible.builtin.template:
+    src: assets/{{ inventory_hostname }}/wg0.conf.j2
+    dest: /etc/wireguard/wg0.conf
+    backup: true
+- name: Enable Wireguard int
+  ansible.builtin.shell: wg-quick up wg0