diff --git a/common.yml b/common.yml
index 0d2c7b4..c86a18c 100644
--- a/common.yml
+++ b/common.yml
@@ -3,3 +3,5 @@
   remote_user: root
   roles:
     - common
+    - vpn-server-wireguard
+
diff --git a/roles/vpn-server-wireguard/tasks/main.yml b/roles/vpn-server-wireguard/tasks/main.yml
index 58e099b..1383acb 100644
--- a/roles/vpn-server-wireguard/tasks/main.yml
+++ b/roles/vpn-server-wireguard/tasks/main.yml
@@ -1,51 +1,49 @@
 ---
-- name: wireguard server keys
-  hosts: vpn_server
+
+- name: install wireguard
+  apt:
+    name: wireguard
+    state: present
+
+- name: create server wireguard config
   vars:
     server_privkey: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          37373763643362313533663532373161353334613738316136336562666462303735623065323139
-          3364366239376434343064633765373830393937346665650a636231396634326236333466636165
-          34373562356437373136666336363466336564663839333930366566316439336262303861343965
-          6434633631383264390a316135386235653433396161616662373633393635626537316432623632
-          30353631363164346161343530313365663437663533366639636432353234376632333638313464
-          6263333266666164343834636330626265326135303361636135
+      $ANSIBLE_VAULT;1.1;AES256
+      37373763643362313533663532373161353334613738316136336562666462303735623065323139
+      3364366239376434343064633765373830393937346665650a636231396634326236333466636165
+      34373562356437373136666336363466336564663839333930366566316439336262303861343965
+      6434633631383264390a316135386235653433396161616662373633393635626537316432623632
+      30353631363164346161343530313365663437663533366639636432353234376632333638313464
+      6263333266666164343834636330626265326135303361636135
     server_pubkey: nbHkhDv4TLxjdGRqwW4dyFyNZsYBTi2ryVCZ7/K7aEs=
-  tasks:
-    - name: install wireguard
-      apt:
-        name: wireguard
-        state: present
+  template:
+    dest: /etc/wireguard/wg0.conf
+    src: server_wg0.conf.j2
+    owner: root
+    group: root
+    mode: '0600'
 
-    - name: create server wireguard config
-      template:
-        dest: /etc/wireguard/wg0.conf
-        src: server_wg0.conf.j2
-        owner: root
-        group: root
-        mode: '0600'
+- name: enable and persist ipv6 forwarding
+  sysctl:
+    name: net.ipv6.conf.all.forwarding
+    value: "1"
+    state: present
+    sysctl_set: yes
+    reload: yes
 
-    - name: enable and persist ipv6 forwarding
-      sysctl:
-        name: net.ipv6.conf.all.forwarding
-        value: "1"
-        state: present
-        sysctl_set: yes
-        reload: yes
+- name: enable and persist ipv4 forwarding
+  sysctl:
+    name: net.ipv4.ip_forward
+    value: "1"
+    state: present
+    sysctl_set: yes
+    reload: yes
 
-    - name: enable and persist ipv4 forwarding
-      sysctl:
-        name: net.ipv4.ip_forward
-        value: "1"
-        state: present
-        sysctl_set: yes
-        reload: yes
-
-    - name: start and enable wireguard
-      systemd:
-        name: wg-quick@wg0
-        enabled: yes
-        state: started
+- name: start and enable wireguard
+  systemd:
+    name: wg-quick@wg0
+    enabled: yes
+    state: started