---
- name: Setup CI/CD Runner
  hosts: localhost
  become: true
  become_user: root
  tags:
    - always
  tasks:
    - name: Add VPN IPs to /etc/hosts
      ansible.builtin.lineinfile:
        path: /etc/hosts
        regexp: "^{{ item }}\\s"
        line: "{{ hostvars[item]['wg_addr'] | mandatory }} {{ item }}"
        unsafe_writes: true # Docker does not allow atomic updates here.
        state: present
      loop: "{{ groups['all'] }}"

...
# vim: ft=yaml.ansible