* feat: Update CentOS 7 to use signed kernel-plus module
* Apply suggestions from code review
Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>
* Update CentOS 7 for optional signed kernel-plus module
Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>
* add Debian 11 aka Bullseye
* add Debian 11 aka Bullseye to Molecule test
* update README
* added Fedora 34 + removed Fedora 32 support from meta/main.yml
* Debian 11 do not need kernel headers anymore
* remove Fedora 32 from Molecule test / add Fedora 34 + Debian 11 to Molecule test
* add rolename/namespace + make ansible-lint happy in meta/main.yml
* make ansible-lint happy
* (Archlinux) As linux-lts is using kernel 5.10 now there is no need to install wireguard-lts tools any longer (and this package is gone anyway)
* (Debian) fix ansible-lint issues
* update CHANGELOG
* Fixed tag "wg-install" inheritance to included tasks
Fixes#109
* Added no_log to tasks handling private keys - can be explicitly deactivated for debugging by running with verbosity 3 or higher
Fixes#81
* add PVE to the recipe
* Update tasks/setup-debian-pve-variant.yml
Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>
* Update tasks/setup-debian-pve-variant.yml
Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>
* Update tasks/setup-debian-pve-variant.yml
Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>
* Update tasks/setup-debian.yml
Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>
* On Proxmox ansible_lsb.id variable is not set
* change when condition for include task setup-debian-vanilla.yml to a list
* add Molecule test for Proxmox
* use file module to delete /var/lib/apt/lists/lock for Proxmox in Molecule test
Co-authored-by: Steve Fan <29133953+stevefan1999-personal@users.noreply.github.com>
Fedora 32 still installs the copr repo and the dkms module. I assume
that is still necessary for Fedora 32, though I have no box to test it
with.
If the user is on Fedora 33 or higher, the default setup-fedora.yml is
used, which no longer installs the copr repo, nor the dkms module since
neither are necessary anymore.
* Use Debian backports repositories
Use Debian backports instead of unstable to get wireguard. This is a more
stable solution and has less impact on the system.
Unfortunately a reboot is still required.
* Fix boot paths
* Update Changelog, switch to 7.7.0
* CHANGELOG formatting
* No need to use PPA for Ubuntu 18 any longer
* update CHANGELOG
* Bring back task to install support packages for Ubuntu < 19.10 just to be sure
* Add editor fold sections
* Remove trailing whitespace
* Make the repo compliant with REUSE Specification v3.0
Closes: #71
Email addresses have all been removed from this commit as requested by
githubixx.
* Use common namespace "wireguard" for role facts
* Fix typo
* Explicitly state that GPL-3.0-or-later applies
Closes: #72
Those variables are directly in the namespace. Using the long form is
uncommon. A case could have been made if the later section of the config
(which uses `hostvars[host]`) has similar semantics but that is not the
case as those are peer sections.
It does not serve any function anymore after support for module
reloading has been removed from the postinst script in 0.0.20200215-2 on
2020-02-24. A module update is properly signaled via
/run/reboot-required so that the admin can (automatically) schedule a
reboot when convenient. This will also be more in line with future Debian
releases because starting with Debian bullseye, the kernel ships the
module.
Add macOS details in the README
Fix Archlinux spelling
Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>
Remove additional linux.yml file, use conditional block instead
Add CHANGELOG entry
Bump to 7.2.0 in CHANGELOG
Invert OS check on Darwin instead of Linux
Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>
Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>
* Add support for unmanaged WireGuard peers
Add variable wireguard_extra_peer_config that is raw WireGuard
configuration appended to the peers section. Value is a string
containing arbitrary wg-quick syntax.
This closes#41, and closes#45.
* update CHANGELOG (#63)
* Change unmanaged peers to dictionary instead of string
Based on review comment by @j8r in #63.
* README: update preshared_key example
Update wireguard_unmanaged_peers example for preshared_key.
Make it a comment to highlight it is optional and should probably be handled
like other secrets.
* Clean up jinja2 syntax
Based on review comments.
* Remove unneeded if of required public_key
The public_key is required for a wireguard peer so remove the if from
wireguard_unmanaged_peers public_key. The effect is that it is a syntax
error from Ansible rather than failing config validation when the config
has already been written and fails to load.
* Switched to ELRepo for Centos (#50)
- added switch to differentiate setup of Centos7/8
- replaced old repository by officialy recomended
- added step to remove old dkms wireguard package
- switched to install KMOD wireguard package
* Updated CHANGELOG after switching to ELRepo for Centos
* Update CHANGELOG.md
Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>
* Updted CHANGELOG: added notice about old wireguard Centos repository removal
Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>