From 4082794706fb1b6c9efea4df5eb1b5b466a87a7d Mon Sep 17 00:00:00 2001 From: Robert Wimmer <2039811+githubixx@users.noreply.github.com> Date: Wed, 23 Sep 2020 00:06:53 +0200 Subject: [PATCH] update README/CHANGELOG (#75) --- CHANGELOG.md | 5 +++++ README.md | 24 +++++++++++++++++------- 2 files changed, 22 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ec6cf07..ba340e1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,8 +1,13 @@ Changelog --------- + **7.2.0** - Basic MacOS X support (contribution by @rubendibattista) +- Introduce variables `wireguard_conf_owner`, `wireguard_conf_group` and `wireguard_conf_mode` (contribution by @rubendibattista) +- Fixed a typo bug in `handlers/main.yml` (contribution by @gabriel-v). But it looks like this had no impact on the "sync/restart" functionality. +- Proper formatting of WireGuard configuration file (`wg0.conf` by default). This will most probably change the WireGuard configuration file but only the formatting. But since the Ansible registers this file as changed Ansible will sync/restart WireGuard service. For newer WireGuard versions (since Nov. 2019) this isn't a problem normally as `wg syncconf` command is used (also see `handlers/main.yml`). +- Introduce `wireguard_dc` variable. This is an alpha feature and subject to change and may be even removed in future releases again. Therefore no documentation for this variable yet. **7.1.0** diff --git a/README.md b/README.md index bca8835..226171d 100644 --- a/README.md +++ b/README.md @@ -7,10 +7,11 @@ I used [PeerVPN](https://peervpn.net/) before but that wasn't updated for a whil In general WireGuard is a network tunnel (VPN) for IPv4 and IPv6 that uses UDP. If you need more information about [WireGuard](https://www.wireguard.io/) you can find a good introduction here: [Installing WireGuard, the Modern VPN](https://research.kudelskisecurity.com/2017/06/07/installing-wireguard-the-modern-vpn/). -This role is tested with Ubuntu 18.04 (Bionic Beaver), Ubuntu 20 (Focal Fossa) and Archlinux. Ubuntu 16.04 (Xenial Xerus), Debian 9 (Stretch), Debian 10 (Buster), Fedora 31 (or later) and CentOS 7 might also work or other distributions but haven't tested it (code for this operating systems was submitted by other contributors). If someone tested it let me please know if it works or send a pull request to make it work ;-) +This role is tested with Ubuntu 18.04 (Bionic Beaver), Ubuntu 20.04 (Focal Fossa) and Archlinux. Ubuntu 16.04 (Xenial Xerus), Debian 9 (Stretch), Debian 10 (Buster), Fedora 31 (or later), CentOS 7 and partially MacOS (see below) might also work or other distributions but haven't tested it (code for this operating systems was submitted by other contributors). If someone tested it let me please know if it works or send a pull request to make it work ;-) -### Running the VPN on macOS -While this playbook configures, enables and starts a `systemd` service on Linux in a such a way that no additional action is needed, on macOS it installs the required packages and it just generates the correct `wg0.conf` file that is then placed in the specified `wireguard_remote_directory` (`/opt/local/etc/wireguard` by default). In order to run the VPN, then, you need to: +### Running the VPN on MacOS + +While this playbook configures, enables and starts a `systemd` service on Linux in a such a way that no additional action is needed, on MacOS it installs the required packages and it just generates the correct `wg0.conf` file that is then placed in the specified `wireguard_remote_directory` (`/opt/local/etc/wireguard` by default). In order to run the VPN, then, you need to: ``` sudo wg-quick up wg0 @@ -43,21 +44,30 @@ see [CHANGELOG.md](https://github.com/githubixx/ansible-role-wireguard/blob/mast Role Variables -------------- -These variables can be changed in `group_vars/`: +These variables can be changed in `group_vars/` e.g.: ```yaml # Directory to store WireGuard configuration on the remote hosts -wireguard_remote_directory: "/etc/wireguard" # On Linux -# wireguard_remote_directory: "/opt/local/etc/wireguard" # On macOS +wireguard_remote_directory: "/etc/wireguard" # On Linux +# wireguard_remote_directory: "/opt/local/etc/wireguard" # On MacOS # The default port WireGuard will listen if not specified otherwise. wireguard_port: "51820" # The default interface name that wireguard should use if not specified otherwise. wireguard_interface: "wg0" + +# The default owner of the wg.conf file +wireguard_conf_owner: root + +# The default group of the wg.conf file +wireguard_conf_group: "{{ 'root' if not ansible_os_family == 'Darwin' else 'wheel' }}" + +# The default mode of the wg.conf file +wireguard_conf_mode: 0600 ``` -The following variable is mandatory and needs to be configured for every host in `host_vars/`: +The following variable is mandatory and needs to be configured for every host in `host_vars/` e.g.: ```yaml wireguard_address: "10.8.0.101/24"