helix/ansible-role-wireguard
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Fix tag "wg-install" & Add no_log (#110)

Browse source 
* Fixed tag "wg-install" inheritance to included tasks
Fixes #109

* Added no_log to tasks handling private keys - can be explicitly deactivated for debugging by running with verbosity 3 or higher
Fixes #81
This commit is contained in:
Jan Gaßner 2021-07-05 23:31:20 +02:00 committed by GitHub
parent 57340b6c06
commit 871d1e4497
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
13 changed files with 28 additions and 63 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
tasks/main.yml
View file

@ -6,13 +6,19 @@
setup:
# Installing WireGuard [[[1
- include_tasks: "{{ item }}"
- include_tasks:
file: "{{ item }}"
apply:
tags:
- wg-install
with_first_found:
- "setup-{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version }}.yml"
- "setup-{{ ansible_distribution|lower }}-{{ ansible_distribution_version }}.yml"
- "setup-{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
- "setup-{{ ansible_distribution|lower }}.yml"
- "setup-{{ ansible_os_family|lower }}.yml"
tags:
- wg-install
- name: Enable WireGuard kernel module
modprobe:
@ -56,12 +62,14 @@
command: "wg genkey"
register: wireguard__register_private_key
changed_when: false
no_log: '{{ ansible_verbosity < 3 }}'
tags:
- wg-generate-keys
- name: Set private key fact
set_fact:
wireguard_private_key: "{{ wireguard__register_private_key.stdout }}"
no_log: '{{ ansible_verbosity < 3 }}'
tags:
- wg-generate-keys
when:
@ -73,12 +81,14 @@
slurp:
src: "{{ wireguard_remote_directory }}/{{ wireguard_interface }}.conf"
register: wireguard__register_config
no_log: '{{ ansible_verbosity < 3 }}'
tags:
- wg-config
- name: Set private key fact
set_fact:
wireguard_private_key: "{{ wireguard__register_config['content'] | b64decode | regex_findall('PrivateKey = (.*)') | first }}"
no_log: '{{ ansible_verbosity < 3 }}'
tags:
- wg-config
when:
@ -92,6 +102,7 @@
register: wireguard__register_public_key
changed_when: false
check_mode: no
no_log: '{{ ansible_verbosity < 3 }}'
tags:
- wg-config
@ -117,6 +128,7 @@
owner: "{{ wireguard_conf_owner }}"
group: "{{ wireguard_conf_group }}"
mode: "{{ wireguard_conf_mode }}"
no_log: '{{ ansible_verbosity < 3 }}'
tags:
- wg-config
notify:

6
tasks/setup-archlinux.yml
View file

@ -10,8 +10,6 @@
- { name: wireguard-dkms, state: absent }
- { name: wireguard-lts, state: present }
become: yes
tags:
- wg-install
when:
- ansible_kernel is match(".*-lts$")
- ansible_kernel is version('5.6', '<')
@ -21,8 +19,6 @@
name: wireguard-dkms
state: present
become: yes
tags:
- wg-install
when:
- not ansible_kernel is match(".*-lts$")
- ansible_kernel is version('5.6', '<')
@ -31,5 +27,3 @@
pacman:
name: wireguard-tools
state: present
tags:
- wg-install

4
tasks/setup-centos-7.yml
View file

@ -19,8 +19,6 @@
name:
- "wireguard-dkms"
state: absent
tags:
- wg-install
- name: (CentOS 7) Install WireGuard packages
yum:
@ -28,5 +26,3 @@
- "kmod-wireguard"
- "wireguard-tools"
state: present
tags:
- wg-install

4
tasks/setup-centos-8.yml
View file

@ -14,8 +14,6 @@
name:
- "wireguard-dkms"
state: absent
tags:
- wg-install
- name: (CentOS 8) Install WireGuard packages
yum:
@ -23,5 +21,3 @@
- "kmod-wireguard"
- "wireguard-tools"
state: present
tags:
- wg-install

4
tasks/setup-debian-pve-variant.yml
View file

@ -9,8 +9,6 @@
repo: "deb http://deb.debian.org/debian buster-backports main"
state: "{{ 'present' if (ansible_distribution_version | int <= 10) else 'absent' }}"
update_cache: yes
tags:
- wg-install
- name: (Proxmox) Install kernel headers for the currently running kernel to compile WireGuard with DKMS
apt:
@ -23,5 +21,3 @@
name:
- "wireguard"
state: present
tags:
- wg-install

18
tasks/setup-debian-raspbian.yml
View file

@ -16,16 +16,12 @@
with_items:
- "04EE7237B7D453EC"
- "648ACFD622F3D138"
tags:
- wg-install
- name: (Raspbian) Add Debian Buster Backports repository for WireGuard
apt_repository:
repo: "deb http://deb.debian.org/debian buster-backports main"
state: present
update_cache: yes
tags:
- wg-install
- name: (Raspbian) Install latest kernel
apt:
@ -33,8 +29,6 @@
- "raspberrypi-kernel"
state: latest
register: wireguard__register_kernel_update
tags:
- wg-install
- name: (Raspbian) Reboot after kernel update (Ansible >= 2.8)
reboot:
@ -42,8 +36,6 @@
when:
- ansible_version.full is version('2.8.0', '>=')
- wireguard__register_kernel_update is changed
tags:
- wg-install
- name: (Raspbian) Check if molly-guard is installed (Ansible < 2.8)
stat:
@ -56,8 +48,6 @@
- ansible_version.full is version('2.8.0', '<')
- wireguard__register_kernel_update is changed
- not wireguard__register_molly_guard.stat.exists
tags:
- wg-install
- name: (Raspbian) Reboot after kernel update (Ansible < 2.8, with molly-guard)
command: /lib/molly-guard/shutdown -r now
@ -68,8 +58,6 @@
- ansible_version.full is version('2.8.0', '<')
- wireguard__register_kernel_update is changed
- wireguard__register_molly_guard.stat.exists
tags:
- wg-install
- name: (Raspbian) Waiting for host to be available (Ansible < 2.8, with molly-guard)
wait_for_connection:
@ -77,16 +65,12 @@
- ansible_version.full is version('2.8.0', '<')
- wireguard__register_kernel_update is changed
- wireguard__register_molly_guard.stat.exists
tags:
- wg-install
- name: (Raspbian) Install latest kernel headers to compile Wireguard with DKMS
apt:
name:
- "raspberrypi-kernel-headers"
state: latest
tags:
- wg-install
- name: (Raspbian) Install WireGuard packages
apt:
@ -94,5 +78,3 @@
- "wireguard-dkms"
- "wireguard-tools"
state: present
tags:
- wg-install

4
tasks/setup-debian-vanilla.yml
View file

@ -8,8 +8,6 @@
repo: "deb http://deb.debian.org/debian buster-backports main"
state: "{{ 'present' if (ansible_distribution_version | int <= 10) else 'absent' }}"
update_cache: yes
tags:
- wg-install
- name: (Debian) Install kernel headers for the currently running kernel to compile Wireguard with DKMS
apt:
@ -35,5 +33,3 @@
name:
- "wireguard"
state: present
tags:
- wg-install

18
tasks/setup-debian.yml
View file

@ -3,15 +3,27 @@
# Copyright (C) 2021 Steve Fan
# SPDX-License-Identifier: GPL-3.0-or-later
- include_tasks: "setup-debian-raspbian.yml"
- include_tasks:
file: "setup-debian-raspbian.yml"
apply:
tags:
- wg-install
when: ansible_lsb.id is defined and ansible_lsb.id == "Raspbian"
register: wireguard__register_raspbian_setup
- include_tasks: "setup-debian-pve-variant.yml"
- include_tasks:
file: "setup-debian-pve-variant.yml"
apply:
tags:
- wg-install
when: ansible_kernel.find("pve") != -1
register: wireguard__register_pve_variant_setup
- include_tasks: "setup-debian-vanilla.yml"
- include_tasks:
file: "setup-debian-vanilla.yml"
apply:
tags:
- wg-install
when:
- wireguard__register_raspbian_setup is skipped
- wireguard__register_pve_variant_setup is skipped

2
tasks/setup-fedora-32.yml
View file

@ -16,5 +16,3 @@
- "wireguard-dkms"
- "wireguard-tools"
state: present
tags:
- wg-install

2
tasks/setup-fedora.yml
View file

@ -7,5 +7,3 @@
name:
- "wireguard-tools"
state: present
tags:
- wg-install

4
tasks/setup-macosx.yml
View file

@ -7,12 +7,8 @@
name: wireguard-go
state: present
become: yes
tags:
- wg-install
- name: (MacOS) Install wireguard-tools package
package:
name: wireguard-tools
state: present
tags:
- wg-install

3
tasks/setup-opensuse leap.yml
View file

@ -8,6 +8,3 @@
name:
- "wireguard-tools"
state: present
tags:
- wg-install

8
tasks/setup-ubuntu.yml
View file

@ -6,8 +6,6 @@
apt:
update_cache: "{{ wireguard_ubuntu_update_cache }}"
cache_valid_time: "{{ wireguard_ubuntu_cache_valid_time }}"
tags:
- wg-install
- block:
- name: (Ubuntu) Install support packages needed for Wireguard (for Ubuntu < 19.10)
@ -18,8 +16,6 @@
packages:
- software-properties-common
- linux-headers-{{ ansible_kernel }}
tags:
- wg-install
when:
- ansible_lsb.major_release is version('19.10', '<')
@ -28,12 +24,8 @@
name:
- "wireguard-dkms"
state: absent
tags:
- wg-install
- name: (Ubuntu) Install wireguard package
apt:
name: "wireguard"
state: present
tags:
- wg-install