Add note about fork

Co-authored-by: githubixx <home@tauceti.net>

CHANGELOG.md

@@ -1,6 +1,14 @@
 Changelog
 ---------
 
+**6.3.1**
+
+- Support Openstack Debian images (contribution by @pallinger)
+
+**6.3.0**
+
+- Support Raspbian (contribution by @penguineer)
+
 **6.2.0**
 
 - Support Ubuntu 20.04 (Focal Fossa)

README.md

@@ -1,3 +1,5 @@
+# Fork of https://github.com/githubixx/ansible-role-wireguard.git with some minor tweaks to ensure PiFrameFleet can be provisioned properly
+
 ansible-role-wireguard
 ======================
 

defaults/main.yml

@@ -12,6 +12,9 @@ wireguard_port: "51820"
 # The default interface name that wireguard should use if not specified otherwise.
 wireguard_interface: "wg0"
 
+# Whether or not WireGuard is running in a container
+wireguard_containerized: false
+
 
 #######################################
 # Settings only relevant for Ubuntu

handlers/main.yml

@@ -6,7 +6,7 @@
   loop:
   - stopped
   - started
-  when: not wg_syncconf
+  when: not wg_syncconf and not wireguard_containerized
   listen: "reconfigure wireguard"
 
 - name: syncconf wireguard
@@ -19,5 +19,10 @@
       exit 0
   args:
     executable: "/bin/bash"
-  when: wg_syncconf
+  when: wg_syncconf and not wireguard_containerized
+  listen: "reconfigure wireguard"
+
+- name: restart wireguard (container)
+  command: /usr/bin/s6-svc -r /var/run/s6/services/wireguard
+  when: wireguard_containerized
   listen: "reconfigure wireguard"

tasks/main.yml

@@ -3,6 +3,7 @@
   setup:
 
 - include_tasks: "setup-{{ ansible_distribution|lower }}.yml"
+  when: not wireguard_containerized
 
 - name: Enable WireGuard kernel module
   modprobe:
@@ -129,3 +130,4 @@
     name: "wg-quick@{{ wireguard_interface }}"
     state: started
     enabled: yes
+  when: not wireguard_containerized

tasks/setup-debian-raspbian.yml

@@ -0,0 +1,93 @@
+---
+
+- name: (Raspbian) Install GPG - required to add wireguard key
+  apt:
+    name: gnupg
+    state: present
+
+- name: (Raspbian) Add Debian repository key
+  apt_key:
+    keyserver: "keyserver.ubuntu.com"
+    id: "04EE7237B7D453EC"
+    state: present
+  when: ansible_lsb.id == "Raspbian"
+  tags:
+    - wg-install
+
+- name: (Raspbian) Add Debian Unstable repository for WireGuard
+  apt_repository:
+    repo: "deb http://deb.debian.org/debian unstable main"
+    state: present
+    update_cache: yes
+  tags:
+    - wg-install
+
+- name: (Raspbian) Install latest kernel
+  apt:
+    name:
+    - "raspberrypi-kernel"
+    state: latest
+  register: kernel_update
+  tags:
+    - wg-install
+
+- name: (Raspbian) Reboot after kernel update (Ansible >= 2.8)
+  reboot:
+    search_paths: ['/lib/molly-guard', '/usr/sbin']
+  when:
+    - ansible_version.full is version('2.8.0', '>=')
+    - kernel_update is changed
+  tags:
+    - wg-install
+
+- name: (Raspbian) Check if molly-guard is installed (Ansible < 2.8)
+  stat:
+    path: /lib/molly-guard/
+  register: molly_guard
+
+- name: (Raspbian) Reboot after kernel update (Ansible < 2.8, no molly-guard)
+  reboot:
+  when:
+    - ansible_version.full is version('2.8.0', '<')
+    - kernel_update is changed
+    - not molly_guard.stat.exists
+  tags:
+    - wg-install
+
+- name: (Raspbian) Reboot after kernel update (Ansible < 2.8, with molly-guard)
+  command: /lib/molly-guard/shutdown -r now
+  async: 1
+  poll: 0
+  ignore_unreachable: yes
+  when:
+    - ansible_version.full is version('2.8.0', '<')
+    - kernel_update is changed
+    - molly_guard.stat.exists
+  tags:
+    - wg-install
+
+- name: (Raspbian) Waiting for host to be available (Ansible < 2.8, with molly-guard)
+  wait_for_connection:
+  when:
+    - ansible_version.full is version('2.8.0', '<')
+    - kernel_update is changed
+    - molly_guard.stat.exists
+  tags:
+    - wg-install
+
+- name: (Raspbian) Install latest kernel headers to compile Wireguard with DKMS
+  apt:
+    name:
+    - "raspberrypi-kernel-headers"
+    state: latest
+  tags:
+    - wg-install
+
+- name: (Raspbian) Install wireguard packages
+  apt:
+    name:
+      - "wireguard-dkms"
+      - "wireguard-tools"
+    state: present
+  tags:
+    - wg-install

tasks/setup-debian-vanilla.yml

@@ -0,0 +1,37 @@
+---
+- name: (Debian) Install GPG - required to add wireguard key
+  apt:
+    name: gnupg
+    state: present
+
+- name: (Debian) Add WireGuard repository on buster or earlier
+  apt_repository:
+    repo: "deb http://deb.debian.org/debian buster-backports main"
+    state: present
+    update_cache: yes
+  when: ansible_distribution_version | int <= 10
+  tags:
+    - wg-install
+
+- name: (Debian) Get architecture
+  command: "dpkg --print-architecture"
+  register: dpkg_arch
+  changed_when: False
+
+- set_fact:
+    kernel_header_version: "{{ ('-cloud-' in ansible_kernel) | ternary(ansible_kernel,dpkg_arch.stdout) }}"
+
+- name: (Debian) Install kernel headers to compile Wireguard with DKMS
+  apt:
+    name:
+      - "linux-headers-{{ kernel_header_version }}"
+    state: present
+
+- name: (Debian) Install wireguard packages
+  apt:
+    name:
+      - "wireguard-dkms"
+      - "wireguard-tools"
+    state: present
+  tags:
+    - wg-install

tasks/setup-debian.yml

@@ -1,34 +1,8 @@
 ---
-- name: (Debian) Install GPG - required to add wireguard key
-  apt:
-    name: gnupg
-    state: present
 
-- name: (Debian) Add WireGuard repository on buster or earlier
-  apt_repository:
-    repo: "deb http://deb.debian.org/debian buster-backports main"
-    state: present
-    update_cache: yes
-  when: ansible_distribution_version | int <= 10
-  tags:
-    - wg-install
+- include_tasks: "setup-debian-raspbian.yml"
+  when: ansible_lsb.id == "Raspbian"
+  register: raspbian_setup
 
-- name: (Debian) Get architecture
-  command: "dpkg --print-architecture"
-  register: dpkg_arch
-  changed_when: False
-
-- name: (Debian) Install kernel headers to compile Wireguard with DKMS
-  apt:
-    name:
-      - "linux-headers-{{ dpkg_arch.stdout }}"
-    state: present
-
-- name: (Debian) Install wireguard packages
-  apt:
-    name:
-      - "wireguard-dkms"
-      - "wireguard-tools"
-    state: present
-  tags:
-    - wg-install
+- include_tasks: "setup-debian-vanilla.yml"
+  when: raspbian_setup is skipped

templates/wg.conf.j2

@@ -39,32 +39,32 @@ PostDown = {{ wg_postdown }}
 {% if hostvars[inventory_hostname].wireguard_save_config is defined %}
 SaveConfig = true
 {% endif %}
-{% for host in ansible_play_hosts %}
-  {% if host != inventory_hostname %}
-  
-    [Peer]
-    # {{ host }}
-    PublicKey = {{hostvars[host].public_key}}
-    {% if hostvars[host].wireguard_allowed_ips is defined %}
-    AllowedIPs = {{hostvars[host].wireguard_allowed_ips}}
-    {% else %}
-    AllowedIPs = {{hostvars[host].wireguard_ip}}/32
-    {% endif %}
-    {% if hostvars[host].wireguard_persistent_keepalive is defined %}
-    PersistentKeepalive = {{hostvars[host].wireguard_persistent_keepalive}}
-    {% endif %}
-    {% if hostvars[host].wireguard_port is defined and hostvars[host].wireguard_port is number %}
-      {% if hostvars[host].wireguard_endpoint is defined and hostvars[host].wireguard_endpoint != "" %}
-    Endpoint = {{hostvars[host].wireguard_endpoint}}:{{hostvars[host].wireguard_port}}
-      {% else %}
-    Endpoint = {{host}}:{{hostvars[host].wireguard_port}}
-      {% endif %}
-    {% elif hostvars[host].wireguard_endpoint is defined and hostvars[host].wireguard_endpoint != "" %}
-    Endpoint = {{hostvars[host].wireguard_endpoint}}:{{wireguard_port}}
-    {% elif hostvars[host].wireguard_endpoint == "" %}
-    # No endpoint defined for this peer
-    {% else %}
-    Endpoint = {{host}}:{{wireguard_port}}
-    {% endif %}
-  {% endif %}
+{% for host in ansible_play_hosts_all %}
+{% if host != inventory_hostname %}
+
+[Peer]
+# {{ host }}
+PublicKey = {{hostvars[host].public_key}}
+{% if hostvars[host].wireguard_allowed_ips is defined %}
+AllowedIPs = {{hostvars[host].wireguard_allowed_ips}}
+{% else %}
+AllowedIPs = {{hostvars[host].wireguard_ip}}/32
+{% endif %}
+{% if hostvars[host].wireguard_persistent_keepalive is defined %}
+PersistentKeepalive = {{hostvars[host].wireguard_persistent_keepalive}}
+{% endif %}
+{% if hostvars[host].wireguard_port is defined and hostvars[host].wireguard_port is number %}
+{% if hostvars[host].wireguard_endpoint is defined and hostvars[host].wireguard_endpoint != "" %}
+Endpoint = {{hostvars[host].wireguard_endpoint}}:{{hostvars[host].wireguard_port}}
+{% else %}
+Endpoint = {{host}}:{{hostvars[host].wireguard_port}}
+{% endif %}
+{% elif hostvars[host].wireguard_endpoint is defined and hostvars[host].wireguard_endpoint != "" %}
+Endpoint = {{hostvars[host].wireguard_endpoint}}:{{wireguard_port}}
+{% elif hostvars[host].wireguard_endpoint == "" %}
+# No endpoint defined for this peer
+{% else %}
+Endpoint = {{host}}:{{wireguard_port}}
+{% endif %}
+{% endif %}
 {% endfor %}