From 9fdcbd9ac7e43117649016ce465fb7f9889d7b47 Mon Sep 17 00:00:00 2001 From: githubixx <2039811+githubixx@users.noreply.github.com> Date: Fri, 7 Aug 2020 21:47:41 +0200 Subject: [PATCH] skeleton for unmanged hosts --- defaults/main.yml | 25 +++++++++++++++++++++---- tasks/main.yml | 22 ++++++++++++++++++---- templates/wg-unmanaged.conf.j2 | 14 ++++++++++++++ vars/mobile01.yml | 4 ++++ vars/tablet01.yml | 4 ++++ 5 files changed, 61 insertions(+), 8 deletions(-) create mode 100644 templates/wg-unmanaged.conf.j2 create mode 100644 vars/mobile01.yml create mode 100644 vars/tablet01.yml diff --git a/defaults/main.yml b/defaults/main.yml index 966b62b..85f3725 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,7 +1,7 @@ --- -####################################### +################################################################################ # General settings -####################################### +################################################################################ # Directory to store WireGuard configuration on the remote hosts wireguard_remote_directory: "/etc/wireguard" @@ -13,9 +13,26 @@ wireguard_port: "51820" wireguard_interface: "wg0" -####################################### +################################################################################ +# Settings for devices like laptops, tablets, mobiles, etc. not managed by +# Ansible. If you don't have such devices just leave the variables commented. +################################################################################ + +# Directory to store configurations for unmanaged hosts +wireguard_unmanaged_hosts_directory: "{{ '~/wireguard_unmanaged_hosts' | expanduser }}" + +# +wireguard_unmanaged_hosts_list: + - tablet01 + - mobile01 + +# +wireguard_unmanaged_delegate_to: "127.0.0.1" + + +############################################################################### # Settings only relevant for Ubuntu -####################################### +############################################################################### # Set to "false" if package cache should not be updated wireguard_ubuntu_update_cache: "true" diff --git a/tasks/main.yml b/tasks/main.yml index ac056c0..08e7488 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,8 +1,22 @@ --- -- name: Gather instance facts - setup: - -- include_tasks: "setup-{{ ansible_distribution|lower }}.yml" +#- name: Gather instance facts +# setup: + +#- name: Include distribution specific tasks +# include_tasks: "setup-{{ ansible_distribution|lower }}.yml" + +- name: Include unmanaged hosts variables + include_vars: + name: wireguard_unmanaged_host_{{ item }} + dir: vars + extensions: + - yml + - yaml + loop: "{{ wireguard_unmanaged_hosts_list }}" + when: wireguard_unmanaged_hosts_list is defined + +- debug: var=wireguard_unmanaged_host_{{ item }} + loop: "{{ wireguard_unmanaged_hosts_list }}" - name: Enable WireGuard kernel module modprobe: diff --git a/templates/wg-unmanaged.conf.j2 b/templates/wg-unmanaged.conf.j2 new file mode 100644 index 0000000..1f6f14f --- /dev/null +++ b/templates/wg-unmanaged.conf.j2 @@ -0,0 +1,14 @@ +{{ ansible_managed | comment }} +# For unmanaged host {{ item.item.host }} +# qrencode -t ansiutf8 < /etc/wireguard/{{ item.item.host }}.conf +[Interface] +PrivateKey = {{ item.stdout }} +Address = {{ item.item.allowed_ips }} +{% if item.item.dns is defined %} +DNS = {{ item.item.dns }} +{% endif %} + +[Peer] +Endpoint = {{ wireguard_endpoint }}:{{ wireguard_port }} +PublicKey = {{ public_key }} +AllowedIPs = 0.0.0.0/0, ::/0 diff --git a/vars/mobile01.yml b/vars/mobile01.yml new file mode 100644 index 0000000..71eba42 --- /dev/null +++ b/vars/mobile01.yml @@ -0,0 +1,4 @@ +wireguard_address: "10.8.0.11" +wireguard_port: "51820" +wireguard_dns: "1.1.1.1" +wireguard_mtu: "1492" diff --git a/vars/tablet01.yml b/vars/tablet01.yml new file mode 100644 index 0000000..62a2da6 --- /dev/null +++ b/vars/tablet01.yml @@ -0,0 +1,4 @@ +wireguard_address: "10.8.0.10" +wireguard_port: "51820" +wireguard_dns: "1.1.1.1" +wireguard_mtu: "1492"