PiFrame/ansible-role-wireguard
Archived
1
0
Fork 0
Code Pull requests Releases Activity

Compare commits

base: PiFrame:master
Branches Tags
PiFrame:master
PiFrame:6.3.1
PiFrame:6.3.0
PiFrame:6.2.0
PiFrame:6.1.0
PiFrame:6.0.4
PiFrame:6.0.3
PiFrame:6.0.2
PiFrame:6.0.1
PiFrame:6.0.0
PiFrame:5.0.0
PiFrame:4.2.0
PiFrame:4.1.1
PiFrame:4.1.0
PiFrame:4.0.0
PiFrame:3.2.2
PiFrame:3.2.1
PiFrame:3.2.0
PiFrame:3.1.0
PiFrame:3.0.1
PiFrame:3.0.0
PiFrame:2.0.1
PiFrame:2.0.0
..
compare: PiFrame:6.2.0
Branches Tags
PiFrame:master
PiFrame:6.3.1
PiFrame:6.3.0
PiFrame:6.2.0
PiFrame:6.1.0
PiFrame:6.0.4
PiFrame:6.0.3
PiFrame:6.0.2
PiFrame:6.0.1
PiFrame:6.0.0
PiFrame:5.0.0
PiFrame:4.2.0
PiFrame:4.1.1
PiFrame:4.1.0
PiFrame:4.0.0
PiFrame:3.2.2
PiFrame:3.2.1
PiFrame:3.2.0
PiFrame:3.1.0
PiFrame:3.0.1
PiFrame:3.0.0
PiFrame:2.0.1
PiFrame:2.0.0

No commits in common. "master" and "6.2.0" have entirely different histories.
master ... 6.2.0

9 changed files with 61 additions and 185 deletions
Show stats Expand all files Collapse all files

8
CHANGELOG.md
View file

@ -1,14 +1,6 @@
Changelog Changelog
--------- ---------
**6.3.1**
- Support Openstack Debian images (contribution by @pallinger)
**6.3.0**
- Support Raspbian (contribution by @penguineer)
**6.2.0** **6.2.0**
- Support Ubuntu 20.04 (Focal Fossa) - Support Ubuntu 20.04 (Focal Fossa)

2
README.md
View file

@ -1,5 +1,3 @@
# Fork of https://github.com/githubixx/ansible-role-wireguard.git with some minor tweaks to ensure PiFrameFleet can be provisioned properly
ansible-role-wireguard ansible-role-wireguard
====================== ======================

3
defaults/main.yml
View file

@ -12,9 +12,6 @@ wireguard_port: "51820"
# The default interface name that wireguard should use if not specified otherwise. # The default interface name that wireguard should use if not specified otherwise.
wireguard_interface: "wg0" wireguard_interface: "wg0"
# Whether or not WireGuard is running in a container
wireguard_containerized: false
####################################### #######################################
# Settings only relevant for Ubuntu # Settings only relevant for Ubuntu

9
handlers/main.yml
View file

@ -6,7 +6,7 @@
loop: loop:
- stopped - stopped
- started - started
when: not wg_syncconf and not wireguard_containerized when: not wg_syncconf
listen: "reconfigure wireguard" listen: "reconfigure wireguard"
- name: syncconf wireguard - name: syncconf wireguard
@ -19,10 +19,5 @@
exit 0 exit 0
args: args:
executable: "/bin/bash" executable: "/bin/bash"
when: wg_syncconf and not wireguard_containerized when: wg_syncconf
listen: "reconfigure wireguard"
- name: restart wireguard (container)
command: /usr/bin/s6-svc -r /var/run/s6/services/wireguard
when: wireguard_containerized
listen: "reconfigure wireguard" listen: "reconfigure wireguard"

2
tasks/main.yml
View file

@ -3,7 +3,6 @@
setup: setup:
- include_tasks: "setup-{{ ansible_distribution|lower }}.yml" - include_tasks: "setup-{{ ansible_distribution|lower }}.yml"
when: not wireguard_containerized
- name: Enable WireGuard kernel module - name: Enable WireGuard kernel module
modprobe: modprobe:
@ -130,4 +129,3 @@
name: "wg-quick@{{ wireguard_interface }}" name: "wg-quick@{{ wireguard_interface }}"
state: started state: started
enabled: yes enabled: yes
when: not wireguard_containerized

93
tasks/setup-debian-raspbian.yml
View file

@ -1,93 +0,0 @@
---
- name: (Raspbian) Install GPG - required to add wireguard key
apt:
name: gnupg
state: present
- name: (Raspbian) Add Debian repository key
apt_key:
keyserver: "keyserver.ubuntu.com"
id: "04EE7237B7D453EC"
state: present
when: ansible_lsb.id == "Raspbian"
tags:
- wg-install
- name: (Raspbian) Add Debian Unstable repository for WireGuard
apt_repository:
repo: "deb http://deb.debian.org/debian unstable main"
state: present
update_cache: yes
tags:
- wg-install
- name: (Raspbian) Install latest kernel
apt:
name:
- "raspberrypi-kernel"
state: latest
register: kernel_update
tags:
- wg-install
- name: (Raspbian) Reboot after kernel update (Ansible >= 2.8)
reboot:
search_paths: ['/lib/molly-guard', '/usr/sbin']
when:
- ansible_version.full is version('2.8.0', '>=')
- kernel_update is changed
tags:
- wg-install
- name: (Raspbian) Check if molly-guard is installed (Ansible < 2.8)
stat:
path: /lib/molly-guard/
register: molly_guard
- name: (Raspbian) Reboot after kernel update (Ansible < 2.8, no molly-guard)
reboot:
when:
- ansible_version.full is version('2.8.0', '<')
- kernel_update is changed
- not molly_guard.stat.exists
tags:
- wg-install
- name: (Raspbian) Reboot after kernel update (Ansible < 2.8, with molly-guard)
command: /lib/molly-guard/shutdown -r now
async: 1
poll: 0
ignore_unreachable: yes
when:
- ansible_version.full is version('2.8.0', '<')
- kernel_update is changed
- molly_guard.stat.exists
tags:
- wg-install
- name: (Raspbian) Waiting for host to be available (Ansible < 2.8, with molly-guard)
wait_for_connection:
when:
- ansible_version.full is version('2.8.0', '<')
- kernel_update is changed
- molly_guard.stat.exists
tags:
- wg-install
- name: (Raspbian) Install latest kernel headers to compile Wireguard with DKMS
apt:
name:
- "raspberrypi-kernel-headers"
state: latest
tags:
- wg-install
- name: (Raspbian) Install wireguard packages
apt:
name:
- "wireguard-dkms"
- "wireguard-tools"
state: present
tags:
- wg-install

37
tasks/setup-debian-vanilla.yml
View file

@ -1,37 +0,0 @@
---
- name: (Debian) Install GPG - required to add wireguard key
apt:
name: gnupg
state: present
- name: (Debian) Add WireGuard repository on buster or earlier
apt_repository:
repo: "deb http://deb.debian.org/debian buster-backports main"
state: present
update_cache: yes
when: ansible_distribution_version | int <= 10
tags:
- wg-install
- name: (Debian) Get architecture
command: "dpkg --print-architecture"
register: dpkg_arch
changed_when: False
- set_fact:
kernel_header_version: "{{ ('-cloud-' in ansible_kernel) | ternary(ansible_kernel,dpkg_arch.stdout) }}"
- name: (Debian) Install kernel headers to compile Wireguard with DKMS
apt:
name:
- "linux-headers-{{ kernel_header_version }}"
state: present
- name: (Debian) Install wireguard packages
apt:
name:
- "wireguard-dkms"
- "wireguard-tools"
state: present
tags:
- wg-install

36
tasks/setup-debian.yml
View file

@ -1,8 +1,34 @@
--- ---
- name: (Debian) Install GPG - required to add wireguard key
apt:
name: gnupg
state: present
- include_tasks: "setup-debian-raspbian.yml" - name: (Debian) Add WireGuard repository on buster or earlier
when: ansible_lsb.id == "Raspbian" apt_repository:
register: raspbian_setup repo: "deb http://deb.debian.org/debian buster-backports main"
state: present
update_cache: yes
when: ansible_distribution_version | int <= 10
tags:
- wg-install
- include_tasks: "setup-debian-vanilla.yml" - name: (Debian) Get architecture
when: raspbian_setup is skipped command: "dpkg --print-architecture"
register: dpkg_arch
changed_when: False
- name: (Debian) Install kernel headers to compile Wireguard with DKMS
apt:
name:
- "linux-headers-{{ dpkg_arch.stdout }}"
state: present
- name: (Debian) Install wireguard packages
apt:
name:
- "wireguard-dkms"
- "wireguard-tools"
state: present
tags:
- wg-install

2
templates/wg.conf.j2
View file

@ -39,7 +39,7 @@ PostDown = {{ wg_postdown }}
{% if hostvars[inventory_hostname].wireguard_save_config is defined %} {% if hostvars[inventory_hostname].wireguard_save_config is defined %}
SaveConfig = true SaveConfig = true
{% endif %} {% endif %}
{% for host in ansible_play_hosts_all %} {% for host in ansible_play_hosts %}
{% if host != inventory_hostname %} {% if host != inventory_hostname %}
[Peer] [Peer]