PiFrame
/
ansible-role-wireguard
Archived
3
0
Fork 0
Code Pull Requests Releases Activity

Support Ubuntu 20.04 (#52) 

* update Ansible Galaxy meta info (added Ubunut Focal Fossa / Debian Buster)

* update CHANGELOG (Ubuntu 20.04 support)

* move OS package installation to OS specific subtasks

* update README

* update CHANGELOG

Co-authored-by: githubixx <home@tauceti.net>
This commit is contained in:
Robert Wimmer 2020-05-04 23:27:56 +02:00 committed by GitHub
parent 97f566ad85
commit 9f76b8baf5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 124 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGELOG.md
View File

@ -1,6 +1,12 @@
Changelog
---------
**6.2.0**
- Support Ubuntu 20.04 (Focal Fossa)
- Introduce `wireguard_ubuntu_update_cache` and `wireguard_ubuntu_cache_valid_time` variables to specifiy individual Ubuntu package cache settings. Default values are the same as before.
- As kernel >= 5.6 (and kernel 5.4 in Ubuntu 20.04) now have `wireguard` module included `wireguard-dkms` package is no longer needed in that case. That's why WireGuard package installation is now part of the includes for the specific OS to make it easier to handle various cases.
**6.1.0**
- Archlinux: Linux kernel >= 5.6 contains `wireguard` module now. No need to install `wireguard-dkms` anymore in this case. Installations with LTS kernel installs `wireguard-lts` package now instead of `wireguard-dkms`. Installations with kernel <= 5.6 will still install `wireguard-dkms` package.

8
README.md
View File

@ -7,7 +7,7 @@ I used [PeerVPN](https://peervpn.net/) before but that wasn't updated for a whil
In general WireGuard is a network tunnel (VPN) for IPv4 and IPv6 that uses UDP. If you need more information about [WireGuard](https://www.wireguard.io/) you can find a good introduction here: [Installing WireGuard, the Modern VPN](https://research.kudelskisecurity.com/2017/06/07/installing-wireguard-the-modern-vpn/).
This role was tested with Ubuntu 18.04 (Bionic Beaver), Debian 9 (Stretch), Archlinux, Fedora 31 and CentOS. It might also work with Ubuntu 16.04 (Xenial Xerus), Debian 10 (Buster) or other distributions but haven't tested it. If someone tested it let me please know if it works or send a pull request to make it work ;-)
This role is tested with Ubuntu 18.04 (Bionic Beaver), Ubuntu 20 (Focal Fossa) and Archlinux. Ubuntu 16.04 (Xenial Xerus), Debian 9 (Stretch), Debian 10 (Buster), Fedora 31 (or later) and CentOS 7 might also work or other distributions but haven't tested it (code for this operating systems was submitted by other contributors). If someone tested it let me please know if it works or send a pull request to make it work ;-)
Versions
--------
@ -294,11 +294,13 @@ vpn1:
vpn2:
hosts:
# use a different name, and define ansible_host, to avoid mixing of vars without needing to prefix vars with interface name
# Use a different name, and define ansible_host, to avoid mixing of vars without
# needing to prefix vars with interface name.
multi-wg1:
ansible_host: multi
wireguard_interface: wg1
wireguard_port: 51821 # when using several interface on one host, we must use different ports
# when using several interface on one host, we must use different ports
wireguard_port: 51821
wireguard_address: 10.9.1.1/32
wireguard_endpoint: multi.exemple.com
another:

15
defaults/main.yml
View File

@ -1,4 +1,8 @@
---
#######################################
# General settings
#######################################
# Directory to store WireGuard configuration on the remote hosts
wireguard_remote_directory: "/etc/wireguard"
@ -7,3 +11,14 @@ wireguard_port: "51820"
# The default interface name that wireguard should use if not specified otherwise.
wireguard_interface: "wg0"
#######################################
# Settings only relevant for Ubuntu
#######################################
# Set to "false" if package cache should not be updated
wireguard_ubuntu_update_cache: "true"
# Set package cache valid time
wireguard_ubuntu_cache_valid_time: "3600"

2
meta/main.yml
View File

@ -8,9 +8,11 @@ galaxy_info:
- name: Ubuntu
versions:
- bionic
- focal
- name: Debian
versions:
- stretch
- buster
- name: EL
versions:
- 7

21
tasks/main.yml
View File

@ -4,23 +4,6 @@
- include_tasks: "setup-{{ ansible_distribution|lower }}.yml"
- name: Load packages variable file based on the OS type, or a default if not found
include_vars: "{{ lookup('first_found', params) }}"
vars:
params:
files:
- "packages-{{ ansible_distribution | lower }}.yml"
- "packages.yml"
paths:
- "vars"
- name: Install WireGuard
package:
name: "{{ packages }}"
state: present
tags:
- wg-install
- name: Enable WireGuard kernel module
modprobe:
name: wireguard
@ -48,6 +31,7 @@
- name: Get wg subcommands
command: "wg --help"
register: wg_subcommands
changed_when: false
- name: Set default value for wg_syncconf variable (assume wg syncconf subcommand not available)
set_fact:
@ -64,8 +48,9 @@
- block:
- name: Generate WireGuard private key
shell: "wg genkey"
command: "wg genkey"
register: wg_private_key_result
changed_when: false
tags:
- wg-generate-keys

12
tasks/setup-archlinux.yml
View File

@ -1,5 +1,5 @@
---
- name: Install wireguard-lts package
- name: (Archlinux) Install wireguard-lts package
pacman:
name: "{{ item.name }}"
state: "{{ item.state }}"
@ -13,12 +13,20 @@
- ansible_kernel is match(".*-lts$")
- ansible_kernel is version('5.6', '<')
- name: Install wireguard-dkms package
- name: (Archlinux) Install wireguard-dkms package
pacman:
name: wireguard-dkms
state: present
become: yes
tags:
- wg-install
when:
- not ansible_kernel is match(".*-lts$")
- ansible_kernel is version('5.6', '<')
- name: (Archlinux) Install wireguard-tools package
pacman:
name: wireguard-tools
state: present
tags:
- wg-install

14
tasks/setup-centos.yml
View File

@ -1,11 +1,19 @@
---
- name: Add WireGuard repository
- name: (CentOS) Add WireGuard repository
get_url:
url: https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo
dest: /etc/yum.repos.d/wireguard.repo
- name: Install EPEL repository
- name: (CentOS) Install EPEL repository
yum:
name: epel-release
update_cache: yes
- name: (CentOS) Install wireguard packages
yum:
name:
- "wireguard-dkms"
- "wireguard-tools"
state: present
tags:
- wg-install

19
tasks/setup-debian.yml
View File

@ -1,10 +1,10 @@
---
- name: Install GPG - required to add wireguard key
- name: (Debian) Install GPG - required to add wireguard key
apt:
name: gnupg
state: present
- name: Add WireGuard repository on buster or earlier
- name: (Debian) Add WireGuard repository on buster or earlier
apt_repository:
repo: "deb http://deb.debian.org/debian buster-backports main"
state: present
@ -13,13 +13,22 @@
tags:
- wg-install
- name: Get architecture
shell: dpkg --print-architecture
- name: (Debian) Get architecture
command: "dpkg --print-architecture"
register: dpkg_arch
changed_when: False
- name: Install kernel headers to compile wireguard with DKMS
- name: (Debian) Install kernel headers to compile Wireguard with DKMS
apt:
name:
- "linux-headers-{{ dpkg_arch.stdout }}"
state: present
- name: (Debian) Install wireguard packages
apt:
name:
- "wireguard-dkms"
- "wireguard-tools"
state: present
tags:
- wg-install

23
tasks/setup-fedora.yml
View File

@ -1,8 +1,17 @@
---
- name: Add wireguard COPR
yum_repository:
name: "jdoss-wireguard"
description: "Copr repo for wireguard owned by jdoss"
baseurl: "https://copr-be.cloud.fedoraproject.org/results/jdoss/wireguard/fedora-$releasever-$basearch/"
gpgkey: "https://copr-be.cloud.fedoraproject.org/results/jdoss/wireguard/pubkey.gpg"
gpgcheck: yes
- name: (Fedora) Add wireguard COPR
yum_repository:
name: "jdoss-wireguard"
description: "Copr repo for wireguard owned by jdoss"
baseurl: "https://copr-be.cloud.fedoraproject.org/results/jdoss/wireguard/fedora-$releasever-$basearch/"
gpgkey: "https://copr-be.cloud.fedoraproject.org/results/jdoss/wireguard/pubkey.gpg"
gpgcheck: yes
- name: (Fedora) Install wireguard packages
yum:
name:
- "wireguard-dkms"
- "wireguard-tools"
state: present
tags:
- wg-install

62
tasks/setup-ubuntu.yml
View File

@ -1,26 +1,48 @@
---
- name: Update APT package cache
- name: (Ubuntu) Update APT package cache
apt:
update_cache: true
cache_valid_time: 3600
update_cache: "{{ wireguard_ubuntu_update_cache }}"
cache_valid_time: "{{ wireguard_ubuntu_cache_valid_time }}"
tags:
- wg-install
- name: Install required packages
package:
name: "{{ packages }}"
state: present
vars:
packages:
- software-properties-common
- linux-headers-{{ ansible_kernel }}
tags:
- wg-install
- block:
- name: (Ubuntu) Install support packages needed for Wireguard (for Ubuntu < 19.10)
package:
name: "{{ packages }}"
state: present
vars:
packages:
- software-properties-common
- linux-headers-{{ ansible_kernel }}
tags:
- wg-install
- name: Add WireGuard repository
apt_repository:
repo: "ppa:wireguard/wireguard"
state: present
update_cache: yes
tags:
- wg-install
- name: (Ubuntu) Add WireGuard repository (for Ubuntu < 19.10)
apt_repository:
repo: "ppa:wireguard/wireguard"
state: present
update_cache: yes
tags:
- wg-install
- name: (Ubuntu) Install wireguard packages (for Ubuntu < 19.10)
apt:
name:
- "wireguard-dkms"
- "wireguard-tools"
state: present
tags:
- wg-install
when:
- ansible_lsb.major_release is version('19.10', '<')
- block:
- name: (Ubuntu) Install wireguard-tools package (for Ubuntu > 19.04)
apt:
name: "wireguard-tools"
state: present
tags:
- wg-install
when:
- ansible_lsb.major_release is version('19.04', '>')

2
vars/packages-archlinux.yml
View File

@ -1,2 +0,0 @@
packages:
- wireguard-tools

3
vars/packages.yml
View File

@ -1,3 +0,0 @@
packages:
- wireguard-dkms
- wireguard-tools