PiFrame/ansible-role-wireguard
Archived
1
0
Fork 0
Code Pull requests Releases Activity

Compare commits

base: PiFrame:6.3.0
Branches Tags
PiFrame:master
PiFrame:6.3.1
PiFrame:6.3.0
PiFrame:6.2.0
PiFrame:6.1.0
PiFrame:6.0.4
PiFrame:6.0.3
PiFrame:6.0.2
PiFrame:6.0.1
PiFrame:6.0.0
PiFrame:5.0.0
PiFrame:4.2.0
PiFrame:4.1.1
PiFrame:4.1.0
PiFrame:4.0.0
PiFrame:3.2.2
PiFrame:3.2.1
PiFrame:3.2.0
PiFrame:3.1.0
PiFrame:3.0.1
PiFrame:3.0.0
PiFrame:2.0.1
PiFrame:2.0.0
..
compare: PiFrame:master
Branches Tags
PiFrame:master
PiFrame:6.3.1
PiFrame:6.3.0
PiFrame:6.2.0
PiFrame:6.1.0
PiFrame:6.0.4
PiFrame:6.0.3
PiFrame:6.0.2
PiFrame:6.0.1
PiFrame:6.0.0
PiFrame:5.0.0
PiFrame:4.2.0
PiFrame:4.1.1
PiFrame:4.1.0
PiFrame:4.0.0
PiFrame:3.2.2
PiFrame:3.2.1
PiFrame:3.2.0
PiFrame:3.1.0
PiFrame:3.0.1
PiFrame:3.0.0
PiFrame:2.0.1
PiFrame:2.0.0

11 commits
6.3.0 ... master

Author SHA1 Message Date
KemoNine 53efc122e3 Add note about fork 2020-08-04 22:01:34 +00:00
KemoNine 0217d41830 Add s6-svc restart for containers 2020-08-04 20:26:38 +00:00
KemoNine ef8de286b1 Started work on s6-svc restart of wireguard for containerized deployment(s) 2020-08-04 19:27:15 +00:00
KemoNine fbc79beb72 remove unnecessary whitespace from wg.conf template 2020-08-04 19:26:58 +00:00
KemoNine d1ed058fa8 Tweak default variable 2020-08-04 18:42:30 +00:00
KemoNine d00bcb7d6a Add missing default variable 2020-08-04 18:37:51 +00:00
KemoNine 0afb85375e Add containerization skips 2020-08-04 17:49:30 +00:00
KemoNine 1faf8d9f12 Attempt to tweak config generator to include ALL hosts that could have been included in the play, rather than just the ones matching filters (helpful for controller deployments) 2020-08-04 17:39:33 +00:00
KemoNine 8fc7870c76 Tweak wireguard role to ensure the bare-metal tasks can be skipped 2020-08-04 06:37:03 +00:00
Robert Wimmer d5b81cb75e
update CHANGELOG (#57) 
Co-authored-by: githubixx <home@tauceti.net>
 2020-06-14 17:56:46 +02:00
pallinger 1997b9d710
Fix on debian openstack images (#55) 
* on openstack Debian images, the kernel is different, so we need to install different kernel headers, too

* fix syntax error in conditional fact

* remove debug message

Co-authored-by: Peter Pallinger <pallinger@sztaki.hu>
 2020-06-14 17:52:17 +02:00
7 changed files with 50 additions and 31 deletions
Show stats Expand all files Collapse all files

4
CHANGELOG.md
View file

@ -1,6 +1,10 @@
Changelog Changelog
--------- ---------
**6.3.1**
- Support Openstack Debian images (contribution by @pallinger)
**6.3.0** **6.3.0**
- Support Raspbian (contribution by @penguineer) - Support Raspbian (contribution by @penguineer)

2
README.md
View file

@ -1,3 +1,5 @@
# Fork of https://github.com/githubixx/ansible-role-wireguard.git with some minor tweaks to ensure PiFrameFleet can be provisioned properly
ansible-role-wireguard ansible-role-wireguard
====================== ======================

3
defaults/main.yml
View file

@ -12,6 +12,9 @@ wireguard_port: "51820"
# The default interface name that wireguard should use if not specified otherwise. # The default interface name that wireguard should use if not specified otherwise.
wireguard_interface: "wg0" wireguard_interface: "wg0"
# Whether or not WireGuard is running in a container
wireguard_containerized: false
####################################### #######################################
# Settings only relevant for Ubuntu # Settings only relevant for Ubuntu

9
handlers/main.yml
View file

@ -6,7 +6,7 @@
loop: loop:
- stopped - stopped
- started - started
when: not wg_syncconf when: not wg_syncconf and not wireguard_containerized
listen: "reconfigure wireguard" listen: "reconfigure wireguard"
- name: syncconf wireguard - name: syncconf wireguard
@ -19,5 +19,10 @@
exit 0 exit 0
args: args:
executable: "/bin/bash" executable: "/bin/bash"
when: wg_syncconf when: wg_syncconf and not wireguard_containerized
listen: "reconfigure wireguard"
- name: restart wireguard (container)
command: /usr/bin/s6-svc -r /var/run/s6/services/wireguard
when: wireguard_containerized
listen: "reconfigure wireguard" listen: "reconfigure wireguard"

2
tasks/main.yml
View file

@ -3,6 +3,7 @@
setup: setup:
- include_tasks: "setup-{{ ansible_distribution|lower }}.yml" - include_tasks: "setup-{{ ansible_distribution|lower }}.yml"
when: not wireguard_containerized
- name: Enable WireGuard kernel module - name: Enable WireGuard kernel module
modprobe: modprobe:
@ -129,3 +130,4 @@
name: "wg-quick@{{ wireguard_interface }}" name: "wg-quick@{{ wireguard_interface }}"
state: started state: started
enabled: yes enabled: yes
when: not wireguard_containerized

5
tasks/setup-debian-vanilla.yml
View file

@ -18,10 +18,13 @@
register: dpkg_arch register: dpkg_arch
changed_when: False changed_when: False
- set_fact:
kernel_header_version: "{{ ('-cloud-' in ansible_kernel) | ternary(ansible_kernel,dpkg_arch.stdout) }}"
- name: (Debian) Install kernel headers to compile Wireguard with DKMS - name: (Debian) Install kernel headers to compile Wireguard with DKMS
apt: apt:
name: name:
- "linux-headers-{{ dpkg_arch.stdout }}" - "linux-headers-{{ kernel_header_version }}"
state: present state: present
- name: (Debian) Install wireguard packages - name: (Debian) Install wireguard packages

54
templates/wg.conf.j2
View file

@ -39,32 +39,32 @@ PostDown = {{ wg_postdown }}
{% if hostvars[inventory_hostname].wireguard_save_config is defined %} {% if hostvars[inventory_hostname].wireguard_save_config is defined %}
SaveConfig = true SaveConfig = true
{% endif %} {% endif %}
{% for host in ansible_play_hosts %} {% for host in ansible_play_hosts_all %}
{% if host != inventory_hostname %} {% if host != inventory_hostname %}
[Peer] [Peer]
# {{ host }} # {{ host }}
PublicKey = {{hostvars[host].public_key}} PublicKey = {{hostvars[host].public_key}}
{% if hostvars[host].wireguard_allowed_ips is defined %} {% if hostvars[host].wireguard_allowed_ips is defined %}
AllowedIPs = {{hostvars[host].wireguard_allowed_ips}} AllowedIPs = {{hostvars[host].wireguard_allowed_ips}}
{% else %} {% else %}
AllowedIPs = {{hostvars[host].wireguard_ip}}/32 AllowedIPs = {{hostvars[host].wireguard_ip}}/32
{% endif %} {% endif %}
{% if hostvars[host].wireguard_persistent_keepalive is defined %} {% if hostvars[host].wireguard_persistent_keepalive is defined %}
PersistentKeepalive = {{hostvars[host].wireguard_persistent_keepalive}} PersistentKeepalive = {{hostvars[host].wireguard_persistent_keepalive}}
{% endif %} {% endif %}
{% if hostvars[host].wireguard_port is defined and hostvars[host].wireguard_port is number %} {% if hostvars[host].wireguard_port is defined and hostvars[host].wireguard_port is number %}
{% if hostvars[host].wireguard_endpoint is defined and hostvars[host].wireguard_endpoint != "" %} {% if hostvars[host].wireguard_endpoint is defined and hostvars[host].wireguard_endpoint != "" %}
Endpoint = {{hostvars[host].wireguard_endpoint}}:{{hostvars[host].wireguard_port}} Endpoint = {{hostvars[host].wireguard_endpoint}}:{{hostvars[host].wireguard_port}}
{% else %} {% else %}
Endpoint = {{host}}:{{hostvars[host].wireguard_port}} Endpoint = {{host}}:{{hostvars[host].wireguard_port}}
{% endif %} {% endif %}
{% elif hostvars[host].wireguard_endpoint is defined and hostvars[host].wireguard_endpoint != "" %} {% elif hostvars[host].wireguard_endpoint is defined and hostvars[host].wireguard_endpoint != "" %}
Endpoint = {{hostvars[host].wireguard_endpoint}}:{{wireguard_port}} Endpoint = {{hostvars[host].wireguard_endpoint}}:{{wireguard_port}}
{% elif hostvars[host].wireguard_endpoint == "" %} {% elif hostvars[host].wireguard_endpoint == "" %}
# No endpoint defined for this peer # No endpoint defined for this peer
{% else %} {% else %}
Endpoint = {{host}}:{{wireguard_port}} Endpoint = {{host}}:{{wireguard_port}}
{% endif %} {% endif %}
{% endif %} {% endif %}
{% endfor %} {% endfor %}