---

- name: "Paketfilter anpassen - Eingehenden VXLAN Verkehr auf dem Mesh-Interface erlauben"
  ansible.builtin.command: |
    ip6tables -I INPUT 1 -i wg-uplink -m udp -p udp --dport 8472 -j ACCEPT
  changed_when: false

- name: "VXLAN-ID des gewählten Segments ermitteln"
  ansible.builtin.set_fact:
    ffmuc_vxlan_id: "{{ item.value }}"
  loop: "{{ lookup('dict', gw_vxlan_ids) }}"
  when: "ffmuc_segment in item.key"

- name: "link-local des Gateways ermitteln"
  ansible.builtin.set_fact:
    ffmuc_wireguard_linklocal: "{{ item.value }}"
  loop: "{{ lookup('dict', gw_linklocal) }}"
  when: "ffmuc_gateway in item.key"

- name: "lokale link-local IPv6 Adresse aus dem PUBLIC-Key erzeugen"
  ansible.builtin.shell: |
    cat /etc/wireguard/client_public.key | md5sum | sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/fe80::02\1:\2ff:fe\3:\4\5/'
  register: wg_node_linklocal
  changed_when: false

- name: "Startupdatei für VXLAN kopieren"
  template:
    src: templates/vxlan-init.j2
    dest: /usr/local/bin/vxlan
    owner: root
    group: root
    mode: '0750'

...