Compare commits
No commits in common. "master" and "6.2.0" have entirely different histories.
|
@ -1,14 +1,6 @@
|
||||||
Changelog
|
Changelog
|
||||||
---------
|
---------
|
||||||
|
|
||||||
**6.3.1**
|
|
||||||
|
|
||||||
- Support Openstack Debian images (contribution by @pallinger)
|
|
||||||
|
|
||||||
**6.3.0**
|
|
||||||
|
|
||||||
- Support Raspbian (contribution by @penguineer)
|
|
||||||
|
|
||||||
**6.2.0**
|
**6.2.0**
|
||||||
|
|
||||||
- Support Ubuntu 20.04 (Focal Fossa)
|
- Support Ubuntu 20.04 (Focal Fossa)
|
||||||
|
|
|
@ -1,5 +1,3 @@
|
||||||
# Fork of https://github.com/githubixx/ansible-role-wireguard.git with some minor tweaks to ensure PiFrameFleet can be provisioned properly
|
|
||||||
|
|
||||||
ansible-role-wireguard
|
ansible-role-wireguard
|
||||||
======================
|
======================
|
||||||
|
|
||||||
|
|
|
@ -12,9 +12,6 @@ wireguard_port: "51820"
|
||||||
# The default interface name that wireguard should use if not specified otherwise.
|
# The default interface name that wireguard should use if not specified otherwise.
|
||||||
wireguard_interface: "wg0"
|
wireguard_interface: "wg0"
|
||||||
|
|
||||||
# Whether or not WireGuard is running in a container
|
|
||||||
wireguard_containerized: false
|
|
||||||
|
|
||||||
|
|
||||||
#######################################
|
#######################################
|
||||||
# Settings only relevant for Ubuntu
|
# Settings only relevant for Ubuntu
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
loop:
|
loop:
|
||||||
- stopped
|
- stopped
|
||||||
- started
|
- started
|
||||||
when: not wg_syncconf and not wireguard_containerized
|
when: not wg_syncconf
|
||||||
listen: "reconfigure wireguard"
|
listen: "reconfigure wireguard"
|
||||||
|
|
||||||
- name: syncconf wireguard
|
- name: syncconf wireguard
|
||||||
|
@ -19,10 +19,5 @@
|
||||||
exit 0
|
exit 0
|
||||||
args:
|
args:
|
||||||
executable: "/bin/bash"
|
executable: "/bin/bash"
|
||||||
when: wg_syncconf and not wireguard_containerized
|
when: wg_syncconf
|
||||||
listen: "reconfigure wireguard"
|
|
||||||
|
|
||||||
- name: restart wireguard (container)
|
|
||||||
command: /usr/bin/s6-svc -r /var/run/s6/services/wireguard
|
|
||||||
when: wireguard_containerized
|
|
||||||
listen: "reconfigure wireguard"
|
listen: "reconfigure wireguard"
|
||||||
|
|
|
@ -3,7 +3,6 @@
|
||||||
setup:
|
setup:
|
||||||
|
|
||||||
- include_tasks: "setup-{{ ansible_distribution|lower }}.yml"
|
- include_tasks: "setup-{{ ansible_distribution|lower }}.yml"
|
||||||
when: not wireguard_containerized
|
|
||||||
|
|
||||||
- name: Enable WireGuard kernel module
|
- name: Enable WireGuard kernel module
|
||||||
modprobe:
|
modprobe:
|
||||||
|
@ -130,4 +129,3 @@
|
||||||
name: "wg-quick@{{ wireguard_interface }}"
|
name: "wg-quick@{{ wireguard_interface }}"
|
||||||
state: started
|
state: started
|
||||||
enabled: yes
|
enabled: yes
|
||||||
when: not wireguard_containerized
|
|
||||||
|
|
|
@ -1,93 +0,0 @@
|
||||||
---
|
|
||||||
|
|
||||||
- name: (Raspbian) Install GPG - required to add wireguard key
|
|
||||||
apt:
|
|
||||||
name: gnupg
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: (Raspbian) Add Debian repository key
|
|
||||||
apt_key:
|
|
||||||
keyserver: "keyserver.ubuntu.com"
|
|
||||||
id: "04EE7237B7D453EC"
|
|
||||||
state: present
|
|
||||||
when: ansible_lsb.id == "Raspbian"
|
|
||||||
tags:
|
|
||||||
- wg-install
|
|
||||||
|
|
||||||
- name: (Raspbian) Add Debian Unstable repository for WireGuard
|
|
||||||
apt_repository:
|
|
||||||
repo: "deb http://deb.debian.org/debian unstable main"
|
|
||||||
state: present
|
|
||||||
update_cache: yes
|
|
||||||
tags:
|
|
||||||
- wg-install
|
|
||||||
|
|
||||||
- name: (Raspbian) Install latest kernel
|
|
||||||
apt:
|
|
||||||
name:
|
|
||||||
- "raspberrypi-kernel"
|
|
||||||
state: latest
|
|
||||||
register: kernel_update
|
|
||||||
tags:
|
|
||||||
- wg-install
|
|
||||||
|
|
||||||
- name: (Raspbian) Reboot after kernel update (Ansible >= 2.8)
|
|
||||||
reboot:
|
|
||||||
search_paths: ['/lib/molly-guard', '/usr/sbin']
|
|
||||||
when:
|
|
||||||
- ansible_version.full is version('2.8.0', '>=')
|
|
||||||
- kernel_update is changed
|
|
||||||
tags:
|
|
||||||
- wg-install
|
|
||||||
|
|
||||||
- name: (Raspbian) Check if molly-guard is installed (Ansible < 2.8)
|
|
||||||
stat:
|
|
||||||
path: /lib/molly-guard/
|
|
||||||
register: molly_guard
|
|
||||||
|
|
||||||
- name: (Raspbian) Reboot after kernel update (Ansible < 2.8, no molly-guard)
|
|
||||||
reboot:
|
|
||||||
when:
|
|
||||||
- ansible_version.full is version('2.8.0', '<')
|
|
||||||
- kernel_update is changed
|
|
||||||
- not molly_guard.stat.exists
|
|
||||||
tags:
|
|
||||||
- wg-install
|
|
||||||
|
|
||||||
- name: (Raspbian) Reboot after kernel update (Ansible < 2.8, with molly-guard)
|
|
||||||
command: /lib/molly-guard/shutdown -r now
|
|
||||||
async: 1
|
|
||||||
poll: 0
|
|
||||||
ignore_unreachable: yes
|
|
||||||
when:
|
|
||||||
- ansible_version.full is version('2.8.0', '<')
|
|
||||||
- kernel_update is changed
|
|
||||||
- molly_guard.stat.exists
|
|
||||||
tags:
|
|
||||||
- wg-install
|
|
||||||
|
|
||||||
- name: (Raspbian) Waiting for host to be available (Ansible < 2.8, with molly-guard)
|
|
||||||
wait_for_connection:
|
|
||||||
when:
|
|
||||||
- ansible_version.full is version('2.8.0', '<')
|
|
||||||
- kernel_update is changed
|
|
||||||
- molly_guard.stat.exists
|
|
||||||
tags:
|
|
||||||
- wg-install
|
|
||||||
|
|
||||||
- name: (Raspbian) Install latest kernel headers to compile Wireguard with DKMS
|
|
||||||
apt:
|
|
||||||
name:
|
|
||||||
- "raspberrypi-kernel-headers"
|
|
||||||
state: latest
|
|
||||||
tags:
|
|
||||||
- wg-install
|
|
||||||
|
|
||||||
- name: (Raspbian) Install wireguard packages
|
|
||||||
apt:
|
|
||||||
name:
|
|
||||||
- "wireguard-dkms"
|
|
||||||
- "wireguard-tools"
|
|
||||||
state: present
|
|
||||||
tags:
|
|
||||||
- wg-install
|
|
|
@ -1,37 +0,0 @@
|
||||||
---
|
|
||||||
- name: (Debian) Install GPG - required to add wireguard key
|
|
||||||
apt:
|
|
||||||
name: gnupg
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: (Debian) Add WireGuard repository on buster or earlier
|
|
||||||
apt_repository:
|
|
||||||
repo: "deb http://deb.debian.org/debian buster-backports main"
|
|
||||||
state: present
|
|
||||||
update_cache: yes
|
|
||||||
when: ansible_distribution_version | int <= 10
|
|
||||||
tags:
|
|
||||||
- wg-install
|
|
||||||
|
|
||||||
- name: (Debian) Get architecture
|
|
||||||
command: "dpkg --print-architecture"
|
|
||||||
register: dpkg_arch
|
|
||||||
changed_when: False
|
|
||||||
|
|
||||||
- set_fact:
|
|
||||||
kernel_header_version: "{{ ('-cloud-' in ansible_kernel) | ternary(ansible_kernel,dpkg_arch.stdout) }}"
|
|
||||||
|
|
||||||
- name: (Debian) Install kernel headers to compile Wireguard with DKMS
|
|
||||||
apt:
|
|
||||||
name:
|
|
||||||
- "linux-headers-{{ kernel_header_version }}"
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: (Debian) Install wireguard packages
|
|
||||||
apt:
|
|
||||||
name:
|
|
||||||
- "wireguard-dkms"
|
|
||||||
- "wireguard-tools"
|
|
||||||
state: present
|
|
||||||
tags:
|
|
||||||
- wg-install
|
|
|
@ -1,8 +1,34 @@
|
||||||
---
|
---
|
||||||
|
- name: (Debian) Install GPG - required to add wireguard key
|
||||||
|
apt:
|
||||||
|
name: gnupg
|
||||||
|
state: present
|
||||||
|
|
||||||
- include_tasks: "setup-debian-raspbian.yml"
|
- name: (Debian) Add WireGuard repository on buster or earlier
|
||||||
when: ansible_lsb.id == "Raspbian"
|
apt_repository:
|
||||||
register: raspbian_setup
|
repo: "deb http://deb.debian.org/debian buster-backports main"
|
||||||
|
state: present
|
||||||
|
update_cache: yes
|
||||||
|
when: ansible_distribution_version | int <= 10
|
||||||
|
tags:
|
||||||
|
- wg-install
|
||||||
|
|
||||||
- include_tasks: "setup-debian-vanilla.yml"
|
- name: (Debian) Get architecture
|
||||||
when: raspbian_setup is skipped
|
command: "dpkg --print-architecture"
|
||||||
|
register: dpkg_arch
|
||||||
|
changed_when: False
|
||||||
|
|
||||||
|
- name: (Debian) Install kernel headers to compile Wireguard with DKMS
|
||||||
|
apt:
|
||||||
|
name:
|
||||||
|
- "linux-headers-{{ dpkg_arch.stdout }}"
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: (Debian) Install wireguard packages
|
||||||
|
apt:
|
||||||
|
name:
|
||||||
|
- "wireguard-dkms"
|
||||||
|
- "wireguard-tools"
|
||||||
|
state: present
|
||||||
|
tags:
|
||||||
|
- wg-install
|
||||||
|
|
|
@ -39,32 +39,32 @@ PostDown = {{ wg_postdown }}
|
||||||
{% if hostvars[inventory_hostname].wireguard_save_config is defined %}
|
{% if hostvars[inventory_hostname].wireguard_save_config is defined %}
|
||||||
SaveConfig = true
|
SaveConfig = true
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% for host in ansible_play_hosts_all %}
|
{% for host in ansible_play_hosts %}
|
||||||
{% if host != inventory_hostname %}
|
{% if host != inventory_hostname %}
|
||||||
|
|
||||||
[Peer]
|
[Peer]
|
||||||
# {{ host }}
|
# {{ host }}
|
||||||
PublicKey = {{hostvars[host].public_key}}
|
PublicKey = {{hostvars[host].public_key}}
|
||||||
{% if hostvars[host].wireguard_allowed_ips is defined %}
|
{% if hostvars[host].wireguard_allowed_ips is defined %}
|
||||||
AllowedIPs = {{hostvars[host].wireguard_allowed_ips}}
|
AllowedIPs = {{hostvars[host].wireguard_allowed_ips}}
|
||||||
{% else %}
|
{% else %}
|
||||||
AllowedIPs = {{hostvars[host].wireguard_ip}}/32
|
AllowedIPs = {{hostvars[host].wireguard_ip}}/32
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if hostvars[host].wireguard_persistent_keepalive is defined %}
|
{% if hostvars[host].wireguard_persistent_keepalive is defined %}
|
||||||
PersistentKeepalive = {{hostvars[host].wireguard_persistent_keepalive}}
|
PersistentKeepalive = {{hostvars[host].wireguard_persistent_keepalive}}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if hostvars[host].wireguard_port is defined and hostvars[host].wireguard_port is number %}
|
{% if hostvars[host].wireguard_port is defined and hostvars[host].wireguard_port is number %}
|
||||||
{% if hostvars[host].wireguard_endpoint is defined and hostvars[host].wireguard_endpoint != "" %}
|
{% if hostvars[host].wireguard_endpoint is defined and hostvars[host].wireguard_endpoint != "" %}
|
||||||
Endpoint = {{hostvars[host].wireguard_endpoint}}:{{hostvars[host].wireguard_port}}
|
Endpoint = {{hostvars[host].wireguard_endpoint}}:{{hostvars[host].wireguard_port}}
|
||||||
{% else %}
|
{% else %}
|
||||||
Endpoint = {{host}}:{{hostvars[host].wireguard_port}}
|
Endpoint = {{host}}:{{hostvars[host].wireguard_port}}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% elif hostvars[host].wireguard_endpoint is defined and hostvars[host].wireguard_endpoint != "" %}
|
{% elif hostvars[host].wireguard_endpoint is defined and hostvars[host].wireguard_endpoint != "" %}
|
||||||
Endpoint = {{hostvars[host].wireguard_endpoint}}:{{wireguard_port}}
|
Endpoint = {{hostvars[host].wireguard_endpoint}}:{{wireguard_port}}
|
||||||
{% elif hostvars[host].wireguard_endpoint == "" %}
|
{% elif hostvars[host].wireguard_endpoint == "" %}
|
||||||
# No endpoint defined for this peer
|
# No endpoint defined for this peer
|
||||||
{% else %}
|
{% else %}
|
||||||
Endpoint = {{host}}:{{wireguard_port}}
|
Endpoint = {{host}}:{{wireguard_port}}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
Reference in a new issue