From c4a21dd0efae3e34d1530c32039a2241279b86cb Mon Sep 17 00:00:00 2001 From: Robin Schneider Date: Sun, 13 Sep 2020 23:00:10 +0200 Subject: [PATCH] Use common namespace "wireguard" for role facts --- tasks/main.yml | 24 ++++++++++++------------ tasks/setup-debian-raspbian.yml | 18 +++++++++--------- tasks/setup-debian.yml | 4 ++-- templates/wg.conf.j2 | 6 +++--- 4 files changed, 26 insertions(+), 26 deletions(-) diff --git a/tasks/main.yml b/tasks/main.yml index 8183456..e79b0fd 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -31,19 +31,19 @@ - name: Register if config/private key already exists on target host stat: path: "{{ wireguard_remote_directory }}/{{ wireguard_interface }}.conf" - register: config_file_stat + register: wireguard__register_config_file tags: - wg-generate-keys - wg-config - name: Get wg subcommands command: "wg --help" - register: wg_subcommands + register: wireguard__register_subcommands changed_when: false - name: Check if wg syncconf subcommand is available set_fact: - wg_syncconf: "{{ 'syncconf:' in wg_subcommands.stdout }}" + wg_syncconf: "{{ 'syncconf:' in wireguard__register_subcommands.stdout }}" - name: Show syncconf subcommand status debug: @@ -52,43 +52,43 @@ - block: - name: Generate WireGuard private key command: "wg genkey" - register: wg_private_key_result + register: wireguard__register_private_key changed_when: false tags: - wg-generate-keys - name: Set private key fact set_fact: - private_key: "{{ wg_private_key_result.stdout }}" + wireguard__fact_private_key: "{{ wireguard__register_private_key.stdout }}" tags: - wg-generate-keys - when: not config_file_stat.stat.exists + when: not wireguard__register_config_file.stat.exists - block: - name: Read WireGuard config file slurp: src: "{{ wireguard_remote_directory }}/{{ wireguard_interface }}.conf" - register: wg_config + register: wireguard__register_config tags: - wg-config - name: Set private key fact set_fact: - private_key: "{{ wg_config['content'] | b64decode | regex_findall('PrivateKey = (.*)') | first }}" + wireguard__fact_private_key: "{{ wireguard__register_config['content'] | b64decode | regex_findall('PrivateKey = (.*)') | first }}" tags: - wg-config - when: config_file_stat.stat.exists + when: wireguard__register_config_file.stat.exists - name: Derive WireGuard public key - shell: "echo '{{ private_key }}' | wg pubkey" # noqa 306 - register: wg_public_key_result + shell: "echo '{{ wireguard__fact_private_key }}' | wg pubkey" # noqa 306 + register: wireguard__register_public_key changed_when: false tags: - wg-config - name: Set public key fact set_fact: - public_key: "{{ wg_public_key_result.stdout }}" + wireguard__fact_public_key: "{{ wireguard__register_public_key.stdout }}" tags: - wg-config diff --git a/tasks/setup-debian-raspbian.yml b/tasks/setup-debian-raspbian.yml index e8fb653..4b2b46b 100644 --- a/tasks/setup-debian-raspbian.yml +++ b/tasks/setup-debian-raspbian.yml @@ -27,7 +27,7 @@ name: - "raspberrypi-kernel" state: latest - register: kernel_update + register: wireguard__register_kernel_update tags: - wg-install @@ -36,21 +36,21 @@ search_paths: ['/lib/molly-guard', '/usr/sbin'] when: - ansible_version.full is version('2.8.0', '>=') - - kernel_update is changed + - wireguard__register_kernel_update is changed tags: - wg-install - name: (Raspbian) Check if molly-guard is installed (Ansible < 2.8) stat: path: /lib/molly-guard/ - register: molly_guard + register: wireguard__register_molly_guard - name: (Raspbian) Reboot after kernel update (Ansible < 2.8, no molly-guard) reboot: when: - ansible_version.full is version('2.8.0', '<') - - kernel_update is changed - - not molly_guard.stat.exists + - wireguard__register_kernel_update is changed + - not wireguard__register_molly_guard.stat.exists tags: - wg-install @@ -61,8 +61,8 @@ ignore_unreachable: yes when: - ansible_version.full is version('2.8.0', '<') - - kernel_update is changed - - molly_guard.stat.exists + - wireguard__register_kernel_update is changed + - wireguard__register_molly_guard.stat.exists tags: - wg-install @@ -70,8 +70,8 @@ wait_for_connection: when: - ansible_version.full is version('2.8.0', '<') - - kernel_update is changed - - molly_guard.stat.exists + - wireguard__register_kernel_update is changed + - wireguard__register_molly_guard.stat.exists tags: - wg-install diff --git a/tasks/setup-debian.yml b/tasks/setup-debian.yml index 62515ad..97253e7 100644 --- a/tasks/setup-debian.yml +++ b/tasks/setup-debian.yml @@ -2,7 +2,7 @@ - include_tasks: "setup-debian-raspbian.yml" when: ansible_lsb.id == "Raspbian" - register: raspbian_setup + register: wireguard__register_raspbian_setup - include_tasks: "setup-debian-vanilla.yml" - when: raspbian_setup is skipped + when: wireguard__register_raspbian_setup is skipped diff --git a/templates/wg.conf.j2 b/templates/wg.conf.j2 index 2e6a15f..e4c8656 100644 --- a/templates/wg.conf.j2 +++ b/templates/wg.conf.j2 @@ -2,8 +2,8 @@ [Interface] # {{ inventory_hostname }} Address = {{hostvars[inventory_hostname].wireguard_address}} -PrivateKey = {{private_key}} -ListenPort = {{wireguard_port}} +PrivateKey = {{ wireguard__fact_private_key }} +ListenPort = {{ wireguard_port }} {% if hostvars[inventory_hostname].wireguard_dns is defined %} DNS = {{hostvars[inventory_hostname].wireguard_dns}} {% endif %} @@ -44,7 +44,7 @@ SaveConfig = true [Peer] # {{ host }} -PublicKey = {{hostvars[host].public_key}} +PublicKey = {{hostvars[host].wireguard__fact_public_key}} {% if hostvars[host].wireguard_allowed_ips is defined %} AllowedIPs = {{hostvars[host].wireguard_allowed_ips}} {% else %}