helix
/
ansible-role-wireguard
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix tag "wg-install" & Add no_log (#110)

Browse Source 
* Fixed tag "wg-install" inheritance to included tasks
Fixes #109

* Added no_log to tasks handling private keys - can be explicitly deactivated for debugging by running with verbosity 3 or higher
Fixes #81
master
Jan Gaßner 3 years ago committed by GitHub
parent 57340b6c06
commit 871d1e4497
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 28 additions and 63 deletions
Show Stats Download Patch File Download Diff File

14
tasks/main.yml
Unescape Escape View File

@ -6,13 +6,19 @@
setup: setup:
# Installing WireGuard [[[1 # Installing WireGuard [[[1
- include_tasks: "{{ item }}" - include_tasks:
file: "{{ item }}"
apply:
tags:
- wg-install
with_first_found: with_first_found:
- "setup-{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version }}.yml" - "setup-{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version }}.yml"
- "setup-{{ ansible_distribution|lower }}-{{ ansible_distribution_version }}.yml" - "setup-{{ ansible_distribution|lower }}-{{ ansible_distribution_version }}.yml"
- "setup-{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml" - "setup-{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
- "setup-{{ ansible_distribution|lower }}.yml" - "setup-{{ ansible_distribution|lower }}.yml"
- "setup-{{ ansible_os_family|lower }}.yml" - "setup-{{ ansible_os_family|lower }}.yml"
tags:
- wg-install
- name: Enable WireGuard kernel module - name: Enable WireGuard kernel module
modprobe: modprobe:
@ -56,12 +62,14 @@
command: "wg genkey" command: "wg genkey"
register: wireguard__register_private_key register: wireguard__register_private_key
changed_when: false changed_when: false
no_log: '{{ ansible_verbosity < 3 }}'
tags: tags:
- wg-generate-keys - wg-generate-keys
- name: Set private key fact - name: Set private key fact
set_fact: set_fact:
wireguard_private_key: "{{ wireguard__register_private_key.stdout }}" wireguard_private_key: "{{ wireguard__register_private_key.stdout }}"
no_log: '{{ ansible_verbosity < 3 }}'
tags: tags:
- wg-generate-keys - wg-generate-keys
when: when:
@ -73,12 +81,14 @@
slurp: slurp:
src: "{{ wireguard_remote_directory }}/{{ wireguard_interface }}.conf" src: "{{ wireguard_remote_directory }}/{{ wireguard_interface }}.conf"
register: wireguard__register_config register: wireguard__register_config
no_log: '{{ ansible_verbosity < 3 }}'
tags: tags:
- wg-config - wg-config
- name: Set private key fact - name: Set private key fact
set_fact: set_fact:
wireguard_private_key: "{{ wireguard__register_config['content'] | b64decode | regex_findall('PrivateKey = (.*)') | first }}" wireguard_private_key: "{{ wireguard__register_config['content'] | b64decode | regex_findall('PrivateKey = (.*)') | first }}"
no_log: '{{ ansible_verbosity < 3 }}'
tags: tags:
- wg-config - wg-config
when: when:
@ -92,6 +102,7 @@
register: wireguard__register_public_key register: wireguard__register_public_key
changed_when: false changed_when: false
check_mode: no check_mode: no
no_log: '{{ ansible_verbosity < 3 }}'
tags: tags:
- wg-config - wg-config
@ -117,6 +128,7 @@
owner: "{{ wireguard_conf_owner }}" owner: "{{ wireguard_conf_owner }}"
group: "{{ wireguard_conf_group }}" group: "{{ wireguard_conf_group }}"
mode: "{{ wireguard_conf_mode }}" mode: "{{ wireguard_conf_mode }}"
no_log: '{{ ansible_verbosity < 3 }}'
tags: tags:
- wg-config - wg-config
notify: notify:

6
tasks/setup-archlinux.yml
Unescape Escape View File

@ -10,8 +10,6 @@
- { name: wireguard-dkms, state: absent } - { name: wireguard-dkms, state: absent }
- { name: wireguard-lts, state: present } - { name: wireguard-lts, state: present }
become: yes become: yes
tags:
- wg-install
when: when:
- ansible_kernel is match(".*-lts$") - ansible_kernel is match(".*-lts$")
- ansible_kernel is version('5.6', '<') - ansible_kernel is version('5.6', '<')
@ -21,8 +19,6 @@
name: wireguard-dkms name: wireguard-dkms
state: present state: present
become: yes become: yes
tags:
- wg-install
when: when:
- not ansible_kernel is match(".*-lts$") - not ansible_kernel is match(".*-lts$")
- ansible_kernel is version('5.6', '<') - ansible_kernel is version('5.6', '<')
@ -31,5 +27,3 @@
pacman: pacman:
name: wireguard-tools name: wireguard-tools
state: present state: present
tags:
- wg-install

4
tasks/setup-centos-7.yml
Unescape Escape View File

@ -19,8 +19,6 @@
name: name:
- "wireguard-dkms" - "wireguard-dkms"
state: absent state: absent
tags:
- wg-install
- name: (CentOS 7) Install WireGuard packages - name: (CentOS 7) Install WireGuard packages
yum: yum:
@ -28,5 +26,3 @@
- "kmod-wireguard" - "kmod-wireguard"
- "wireguard-tools" - "wireguard-tools"
state: present state: present
tags:
- wg-install

4
tasks/setup-centos-8.yml
Unescape Escape View File

@ -14,8 +14,6 @@
name: name:
- "wireguard-dkms" - "wireguard-dkms"
state: absent state: absent
tags:
- wg-install
- name: (CentOS 8) Install WireGuard packages - name: (CentOS 8) Install WireGuard packages
yum: yum:
@ -23,5 +21,3 @@
- "kmod-wireguard" - "kmod-wireguard"
- "wireguard-tools" - "wireguard-tools"
state: present state: present
tags:
- wg-install

4
tasks/setup-debian-pve-variant.yml
Unescape Escape View File

@ -9,8 +9,6 @@
repo: "deb http://deb.debian.org/debian buster-backports main" repo: "deb http://deb.debian.org/debian buster-backports main"
state: "{{ 'present' if (ansible_distribution_version | int <= 10) else 'absent' }}" state: "{{ 'present' if (ansible_distribution_version | int <= 10) else 'absent' }}"
update_cache: yes update_cache: yes
tags:
- wg-install
- name: (Proxmox) Install kernel headers for the currently running kernel to compile WireGuard with DKMS - name: (Proxmox) Install kernel headers for the currently running kernel to compile WireGuard with DKMS
apt: apt:
@ -23,5 +21,3 @@
name: name:
- "wireguard" - "wireguard"
state: present state: present
tags:
- wg-install

18
tasks/setup-debian-raspbian.yml
Unescape Escape View File

@ -16,16 +16,12 @@
with_items: with_items:
- "04EE7237B7D453EC" - "04EE7237B7D453EC"
- "648ACFD622F3D138" - "648ACFD622F3D138"
tags:
- wg-install
- name: (Raspbian) Add Debian Buster Backports repository for WireGuard - name: (Raspbian) Add Debian Buster Backports repository for WireGuard
apt_repository: apt_repository:
repo: "deb http://deb.debian.org/debian buster-backports main" repo: "deb http://deb.debian.org/debian buster-backports main"
state: present state: present
update_cache: yes update_cache: yes
tags:
- wg-install
- name: (Raspbian) Install latest kernel - name: (Raspbian) Install latest kernel
apt: apt:
@ -33,8 +29,6 @@
- "raspberrypi-kernel" - "raspberrypi-kernel"
state: latest state: latest
register: wireguard__register_kernel_update register: wireguard__register_kernel_update
tags:
- wg-install
- name: (Raspbian) Reboot after kernel update (Ansible >= 2.8) - name: (Raspbian) Reboot after kernel update (Ansible >= 2.8)
reboot: reboot:
@ -42,8 +36,6 @@
when: when:
- ansible_version.full is version('2.8.0', '>=') - ansible_version.full is version('2.8.0', '>=')
- wireguard__register_kernel_update is changed - wireguard__register_kernel_update is changed
tags:
- wg-install
- name: (Raspbian) Check if molly-guard is installed (Ansible < 2.8) - name: (Raspbian) Check if molly-guard is installed (Ansible < 2.8)
stat: stat:
@ -56,8 +48,6 @@
- ansible_version.full is version('2.8.0', '<') - ansible_version.full is version('2.8.0', '<')
- wireguard__register_kernel_update is changed - wireguard__register_kernel_update is changed
- not wireguard__register_molly_guard.stat.exists - not wireguard__register_molly_guard.stat.exists
tags:
- wg-install
- name: (Raspbian) Reboot after kernel update (Ansible < 2.8, with molly-guard) - name: (Raspbian) Reboot after kernel update (Ansible < 2.8, with molly-guard)
command: /lib/molly-guard/shutdown -r now command: /lib/molly-guard/shutdown -r now
@ -68,8 +58,6 @@
- ansible_version.full is version('2.8.0', '<') - ansible_version.full is version('2.8.0', '<')
- wireguard__register_kernel_update is changed - wireguard__register_kernel_update is changed
- wireguard__register_molly_guard.stat.exists - wireguard__register_molly_guard.stat.exists
tags:
- wg-install
- name: (Raspbian) Waiting for host to be available (Ansible < 2.8, with molly-guard) - name: (Raspbian) Waiting for host to be available (Ansible < 2.8, with molly-guard)
wait_for_connection: wait_for_connection:
@ -77,16 +65,12 @@
- ansible_version.full is version('2.8.0', '<') - ansible_version.full is version('2.8.0', '<')
- wireguard__register_kernel_update is changed - wireguard__register_kernel_update is changed
- wireguard__register_molly_guard.stat.exists - wireguard__register_molly_guard.stat.exists
tags:
- wg-install
- name: (Raspbian) Install latest kernel headers to compile Wireguard with DKMS - name: (Raspbian) Install latest kernel headers to compile Wireguard with DKMS
apt: apt:
name: name:
- "raspberrypi-kernel-headers" - "raspberrypi-kernel-headers"
state: latest state: latest
tags:
- wg-install
- name: (Raspbian) Install WireGuard packages - name: (Raspbian) Install WireGuard packages
apt: apt:
@ -94,5 +78,3 @@
- "wireguard-dkms" - "wireguard-dkms"
- "wireguard-tools" - "wireguard-tools"
state: present state: present
tags:
- wg-install

4
tasks/setup-debian-vanilla.yml
Unescape Escape View File

@ -8,8 +8,6 @@
repo: "deb http://deb.debian.org/debian buster-backports main" repo: "deb http://deb.debian.org/debian buster-backports main"
state: "{{ 'present' if (ansible_distribution_version | int <= 10) else 'absent' }}" state: "{{ 'present' if (ansible_distribution_version | int <= 10) else 'absent' }}"
update_cache: yes update_cache: yes
tags:
- wg-install
- name: (Debian) Install kernel headers for the currently running kernel to compile Wireguard with DKMS - name: (Debian) Install kernel headers for the currently running kernel to compile Wireguard with DKMS
apt: apt:
@ -35,5 +33,3 @@
name: name:
- "wireguard" - "wireguard"
state: present state: present
tags:
- wg-install

18
tasks/setup-debian.yml
Unescape Escape View File

@ -3,15 +3,27 @@
# Copyright (C) 2021 Steve Fan # Copyright (C) 2021 Steve Fan
# SPDX-License-Identifier: GPL-3.0-or-later # SPDX-License-Identifier: GPL-3.0-or-later
- include_tasks: "setup-debian-raspbian.yml" - include_tasks:
file: "setup-debian-raspbian.yml"
apply:
tags:
- wg-install
when: ansible_lsb.id is defined and ansible_lsb.id == "Raspbian" when: ansible_lsb.id is defined and ansible_lsb.id == "Raspbian"
register: wireguard__register_raspbian_setup register: wireguard__register_raspbian_setup
- include_tasks: "setup-debian-pve-variant.yml" - include_tasks:
file: "setup-debian-pve-variant.yml"
apply:
tags:
- wg-install
when: ansible_kernel.find("pve") != -1 when: ansible_kernel.find("pve") != -1
register: wireguard__register_pve_variant_setup register: wireguard__register_pve_variant_setup
- include_tasks: "setup-debian-vanilla.yml" - include_tasks:
file: "setup-debian-vanilla.yml"
apply:
tags:
- wg-install
when: when:
- wireguard__register_raspbian_setup is skipped - wireguard__register_raspbian_setup is skipped
- wireguard__register_pve_variant_setup is skipped - wireguard__register_pve_variant_setup is skipped

2
tasks/setup-fedora-32.yml
Unescape Escape View File

@ -16,5 +16,3 @@
- "wireguard-dkms" - "wireguard-dkms"
- "wireguard-tools" - "wireguard-tools"
state: present state: present
tags:
- wg-install

2
tasks/setup-fedora.yml
Unescape Escape View File

@ -7,5 +7,3 @@
name: name:
- "wireguard-tools" - "wireguard-tools"
state: present state: present
tags:
- wg-install

4
tasks/setup-macosx.yml
Unescape Escape View File

@ -7,12 +7,8 @@
name: wireguard-go name: wireguard-go
state: present state: present
become: yes become: yes
tags:
- wg-install
- name: (MacOS) Install wireguard-tools package - name: (MacOS) Install wireguard-tools package
package: package:
name: wireguard-tools name: wireguard-tools
state: present state: present
tags:
- wg-install

3
tasks/setup-opensuse leap.yml
Unescape Escape View File

@ -8,6 +8,3 @@
name: name:
- "wireguard-tools" - "wireguard-tools"
state: present state: present
tags:
- wg-install

8
tasks/setup-ubuntu.yml
Unescape Escape View File

@ -6,8 +6,6 @@
apt: apt:
update_cache: "{{ wireguard_ubuntu_update_cache }}" update_cache: "{{ wireguard_ubuntu_update_cache }}"
cache_valid_time: "{{ wireguard_ubuntu_cache_valid_time }}" cache_valid_time: "{{ wireguard_ubuntu_cache_valid_time }}"
tags:
- wg-install
- block: - block:
- name: (Ubuntu) Install support packages needed for Wireguard (for Ubuntu < 19.10) - name: (Ubuntu) Install support packages needed for Wireguard (for Ubuntu < 19.10)
@ -18,8 +16,6 @@
packages: packages:
- software-properties-common - software-properties-common
- linux-headers-{{ ansible_kernel }} - linux-headers-{{ ansible_kernel }}
tags:
- wg-install
when: when:
- ansible_lsb.major_release is version('19.10', '<') - ansible_lsb.major_release is version('19.10', '<')
@ -28,12 +24,8 @@
name: name:
- "wireguard-dkms" - "wireguard-dkms"
state: absent state: absent
tags:
- wg-install
- name: (Ubuntu) Install wireguard package - name: (Ubuntu) Install wireguard package
apt: apt:
name: "wireguard" name: "wireguard"
state: present state: present
tags:
- wg-install

Write Preview
Loading…
Cancel
Save