Commit Graph

54 Commits (4e5adac6911c3f925e68d83e7bfb1c402f044490)

Author SHA1 Message Date
Robert Wimmer 4e5adac691
Change restart handling / add very basic unit test (#156)
* move register if config/private key handling out of wg subcommands block

* allow user to specify WireGuard interface restart behavior

* update README

* numeric values in meta/main.yml should be strings

* update Copyright

* fix indentation in tasks/setup-debian.yml

* update Copyright

* update Copyright

* truthy values should be lowercase

* add namespace key again to meta/main.yml

* add molecule/kvm/verify.yml with a very basic unit test
3 years ago
Stefan Haun 434fe955ca
Specify Raspbian playbook for Buster and below (#119)
* Call Raspbian role only when Release is older than 11 (Bullseye)

* Rename raspbian-role to mark that it is intended for Buster and lower

Wireguard is directly supported by Raspbian 11 (Bullseye) and higher.

* Add a note regarding the scope of the Raspbian playbook
3 years ago
Robert Wimmer 6b5fbe8b32
Updates (#150)
* update CHANGELOG

* fix typo

* fix host groups: el8-dkms -> el8dkms

* remove empty line

* update CHANGELOG
3 years ago
gitouche 59651ccb2a
Add non-standard kernel installation for RockyLinux 8 (#146)
* Add non-standard kernel installation for RockyLinux 8

* Add test VM in molecule tests for Rocky8 non-standard installation method

* Rename non-standard to dkms as an install method

* Automate installation process : kmod if possible, dkms as fallback

* BUGFIX : dmks installation needs EPEL repo for wireguard-tools

* Molecule : install ELRepo mainline kernel for rocky8 dkms installation

* Revert "Automate installation process : kmod if possible, dkms as fallback"

This reverts commit 822fbcbe5d8c484ecd984df57fd170749d6b97c1.

* Molecule : add wireguard_rockylinux8_installation_method variable to test-wg-rocky8-dkms
3 years ago
Robert Wimmer ac98583ab5
Various updates (#142)
* move wireguard_private_key up in variable order in defaults/main.yml

* add opensuse 15.3 to Galaxy metadata

* remove trailing space

* remove blank line

* fix indentation in setup-debian.yml

* rename test-wg-opensuse-leap to test-wg-opensuse-leap-15-2 in molecule.yml

* add OpenSUSE 15.3 to Molecule test

* remove OpenSUSE Leap 15.2 support (EOL)

* remove Fedora 33 support (EOL)

* remove Fedora 33 + openSUSE Leap 15.2 variables from Molecule test

* add Fedora 35 support

* remove CentOS 8 support (EOL) - use AlmaLinux or Rocky Linux instead

* remove tasks/setup-centos-8.yml (CentOS 8 reached EOL)

* fix formatting issues and typos in README + CHANGELOG

* update CHANGELOG

* truthy value should false in tasks/setup-debian-pve-guest-variant.yml

* name task in tasks/main.yml

* name tasks in tasks/setup-debian.yml

* refactor Molecule setup

* remove Proxmox from Molecule test

* update CHANGELOG

* update CHANGELOG

* re-order IP address in Molecule test

* use different wireguard_port values for a few hosts in Molecule test for better testing
3 years ago
Felix Mai c4a5677f72
General improvements (#138)
* Rearrange hooks to match lifecycle order

* Fully qualify module names

BREAKING CHANGE: To use FQCNs at least Ansible 2.9 is required [2].

From the commonly presented note in the Ansible documentation, e. g.
of Ansible's builtin debug module [1]:

  [...] we recommend you use the FQCN for easy linking to the module
  documentation and to avoid conflicting with other collections that
  may have the same module name.

[1]: https://docs.ansible.com/ansible/latest/collections/ansible/builtin/debug_module.html
[2]: https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#where-did-all-the-modules-go

* Update changelog
3 years ago
Tobias Richter 5caaea2047
PVE guest and host detection (#127)
* Distinguish between proxmox host and guest setup

* Update CHANGELOG.md
3 years ago
John Potter 4626475a9c
feat: Update CentOS 7 to use signed kernel-plus module (#129)
* feat: Update CentOS 7 to use signed kernel-plus module

* Apply suggestions from code review

Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>

* Update CentOS 7 for optional signed kernel-plus module

Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>
3 years ago
Robert Wimmer 692cce2f55
Add Rocky Linux/AlmaLinux support + Molecule tests (#123)
* Add Rocky Linux/AlmaLinux support + Molecule tests

* update CHANGELOG
3 years ago
Robert Wimmer 527c9ae967
Debian 11 + Fedora 34 support / Fedora 32 support removed (#118)
* add Debian 11 aka Bullseye

* add Debian 11 aka Bullseye to Molecule test

* update README

* added Fedora 34 + removed Fedora 32 support from meta/main.yml

* Debian 11 do not need kernel headers anymore

* remove Fedora 32 from Molecule test / add Fedora 34 + Debian 11 to Molecule test

* add rolename/namespace + make ansible-lint happy in meta/main.yml

* make ansible-lint happy

* (Archlinux) As linux-lts is using kernel 5.10 now there is no need to install wireguard-lts tools any longer (and this package is gone anyway)

* (Debian) fix ansible-lint issues

* update CHANGELOG
3 years ago
Jan Gaßner 871d1e4497
Fix tag "wg-install" & Add no_log (#110)
* Fixed tag "wg-install" inheritance to included tasks
Fixes #109

* Added no_log to tasks handling private keys - can be explicitly deactivated for debugging by running with verbosity 3 or higher
Fixes #81
4 years ago
tjend 2d6e36572b
Allow disabling service (#107) 4 years ago
Robert Wimmer 663d3b9a5f
Support for Proxmox (#99)
* add PVE to the recipe

* Update tasks/setup-debian-pve-variant.yml

Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>

* Update tasks/setup-debian-pve-variant.yml

Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>

* Update tasks/setup-debian-pve-variant.yml

Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>

* Update tasks/setup-debian.yml

Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>

* On Proxmox ansible_lsb.id variable is not set

* change when condition for include task setup-debian-vanilla.yml to a list

* add Molecule test for Proxmox

* use file module to delete /var/lib/apt/lists/lock for Proxmox in Molecule test

Co-authored-by: Steve Fan <29133953+stevefan1999-personal@users.noreply.github.com>
4 years ago
Maxim Burgerhout 0c6c1b8b80
Fix Fedora support (#93)
Fedora 32 still installs the copr repo and the dkms module. I assume
that is still necessary for Fedora 32, though I have no box to test it
with.

If the user is on Fedora 33 or higher, the default setup-fedora.yml is
used, which no longer installs the copr repo, nor the dkms module since
neither are necessary anymore.
4 years ago
Robert Wimmer 4c21076cb2
added support for openSUSE Leap 15.2 (#89) 4 years ago
Stefan Haun 5c0014aa62
Raspberry Pi: Use Backports instead of Debian Unstable (#88)
* Use Debian backports repositories

Use Debian backports instead of unstable to get wireguard. This is a more
stable solution and has less impact on the system.

Unfortunately a reboot is still required.

* Fix boot paths

* Update Changelog, switch to 7.7.0
4 years ago
Julien Reichardt c0e3e13e0a
Add wireguard_private_key variable (#69)
* Fix check mode for Debian

* Add wireguard_private_key variable

* Release 7.6.0

* Fix undefined `wg_syncconf` when using tags
4 years ago
Robert Wimmer 65e94eaebb
Fix Ubuntu 18 install (#85)
* CHANGELOG formatting

* No need to use PPA for Ubuntu 18 any longer

* update CHANGELOG

* Bring back task to install support packages for Ubuntu < 19.10 just to be sure
4 years ago
Robin Schneider db8bec1b0a
REUSE Specification v3.0 and other minor stuff (#76)
* Add editor fold sections

* Remove trailing whitespace

* Make the repo compliant with REUSE Specification v3.0

Closes: #71

Email addresses have all been removed from this commit as requested by
githubixx.

* Use common namespace "wireguard" for role facts

* Fix typo

* Explicitly state that GPL-3.0-or-later applies

Closes: #72
4 years ago
Ruben Di Battista 47885d8db9
Remove useless block for single task (#82) 4 years ago
Robin Schneider 0eac8789aa
Debian only: Ensure DKMS builds for the currently running kernel
Closes: #62
4 years ago
Robin Schneider 739c9de73e
Move wireguard_ip template code to template where it belongs
Instead of redundant set_fact task.
4 years ago
Robin Schneider a27f805d2d
Ensure that buster-backports will be absent on Debian 11+ 4 years ago
Robin Schneider 2309abf09e
Remove forgotten gnupg pkg that is not needed anymore for Debian vanilla
It was once needed for the apt_key tasks.
4 years ago
Robin Schneider c1049ab647
Debian stretch is not currently supported by the role (anymore)
It once was supported by an "unstable" workaround which has since been
dropped in favor of Debian buster.
4 years ago
Robin Schneider 5d68b0f97f
Prefer the metapackage "wireguard" for later Debian bullseye support 4 years ago
Robin Schneider 8b1ae7d4c2
Remove obsolete .reload-module-on-update file
It does not serve any function anymore after support for module
reloading has been removed from the postinst script in 0.0.20200215-2 on
2020-02-24. A module update is properly signaled via
/run/reboot-required so that the admin can (automatically) schedule a
reboot when convenient. This will also be more in line with future Debian
releases because starting with Debian bullseye, the kernel ships the
module.
4 years ago
Robin Schneider e7588cd047
Fix ansible-lint warning [502] All tasks should be named
Just drop the redundant task
4 years ago
Robin Schneider 81c371c6a2
Solve ansible-lint [201] Trailing whitespace 4 years ago
Robin Schneider a56a4d6600
Properly solve ansible-lint 306 warning about shell task with pipe
Do not ignore such warnings! They are there for a reason!
4 years ago
Robin Schneider 713a7683ef
Move template into it’s fhs place 4 years ago
Robin Schneider c4a21dd0ef
Use common namespace "wireguard" for role facts 4 years ago
Robin Schneider 7a1af464b1
Move condition code into Jinja instead of having two set_fact tasks 4 years ago
Robin Schneider f3c590665d
WireGuard should be written "WireGuard" 4 years ago
Ruben Di Battista 3ef759edbb
Add basic support for macOS (#61)
Add macOS details in the README

Fix Archlinux spelling

Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>

Remove additional linux.yml file, use conditional block instead

Add CHANGELOG entry

Bump to 7.2.0 in CHANGELOG

Invert OS check on Darwin instead of Linux
Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>

Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>
4 years ago
Roman Danko c1f413f966
Switched to ELRepo for Centos (#59)
* Switched to ELRepo for Centos (#50)
- added switch to differentiate setup of Centos7/8
- replaced old repository by officialy recomended
- added step to remove old dkms wireguard package
- switched to install KMOD wireguard package

* Updated CHANGELOG after switching to ELRepo for Centos

* Update CHANGELOG.md

Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>

* Updted CHANGELOG: added notice about old wireguard Centos repository removal

Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>
4 years ago
pallinger 1997b9d710
Fix on debian openstack images (#55)
* on openstack Debian images, the kernel is different, so we need to install different kernel headers, too

* fix syntax error in conditional fact

* remove debug message

Co-authored-by: Peter Pallinger <pallinger@sztaki.hu>
5 years ago
Stefan Haun 2ef11ac648
Add a role for Raspbian (#54)
* Rename debian-setup role to point to vanilla Debian

* Add a specific setup role for Raspbian

This role will fail for now, Raspbian is not supported by this role as it is.

* Add a switch for Raspbian

* Add Raspbian role for installing WireGuard

* Raspbian: Handle reboot with molly-guard and older Ansible versions
5 years ago
Robert Wimmer 9f76b8baf5
Support Ubuntu 20.04 (#52)
* update Ansible Galaxy meta info (added Ubunut Focal Fossa / Debian Buster)

* update CHANGELOG (Ubuntu 20.04 support)

* move OS package installation to OS specific subtasks

* update README

* update CHANGELOG

Co-authored-by: githubixx <home@tauceti.net>
5 years ago
Robert Wimmer 97f566ad85
cleanup (#51)
* update CHANGELOG

* fix typo

* update CHANGELOG

Co-authored-by: githubixx <home@tauceti.net>
5 years ago
Jürgen Hötzel 04843b5394
Use Arch Linux specific package list (#48)
Arch Linux ships a Linux kernel > 5.6 and doesn't require DKMS.

Move the package list variable to (distribution-specific) var files.

For the Arch Linux LTS kernel (5.4) a binary wireguard-lts package is
provided in [core].
5 years ago
Ties de Kock 13621d4d68
Use wireguard from buster-backports on debian if needed (#49)
* Changes wireguard apt repo to buster-backports

* Add repo only on buster or earlier

* No apt pin needed, backports has lower priority than main distribution

* Update CHANGELOG.md

Co-Authored-By: Robert Wimmer <2039811+githubixx@users.noreply.github.com>

* Clarify effects of updating on system state

Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>
5 years ago
James Kiefer a7ada33e73
Bugfix: Install gnupg instead of gpg for debian (#43) 5 years ago
Robert Wimmer 8e7ed9e702
Use "wg syncconf" if available (#38)
* use wg syncconf if available

* use boolean as variable type for wg_syncconf

* update CHANGELOG

* update README
5 years ago
Ties de Kock 7826119ea7 Add basic fedora support (#32)
* Add basic fedora support

* Add Fedora to metadata, update Changelog
5 years ago
Ties de Kock 3af06352ae Install GPG to be able to import WireGuard key (#31) 5 years ago
fbourqui a357e5fab1 Merge stateless idea with no local storage of public and private keys, support multiple interface per hosts using several groups (#29)
* merge stateless with no storage of local priv key

* Delete locally stored private key

* add reload module on update config file

* privatekey template is not used anymore

* remove all local keys priv and public

* use ansible_play_hosts instead of hardcoded vpn grp
should use the group in the play calling the role.
works fine when hosts bellong to several groups

* Clean tasks names

* add tag, and cleanup

* fix private key creation

* Support for mutliple wireguard vpn on same host
add inventory exemple in readme

* fix typo, add some comment on inventory

* add  wg-config tag to Check config:
allow  run  with -t - wg-config

* Update tasks/main.yml

Co-Authored-By: Robert Wimmer <2039811+githubixx@users.noreply.github.com>

* remove trailing whitespace

* Update templates/wg.conf.j2

Co-Authored-By: Robert Wimmer <2039811+githubixx@users.noreply.github.com>

* Update templates/wg.conf.j2

Co-Authored-By: Robert Wimmer <2039811+githubixx@users.noreply.github.com>

* changes after githubixx code review

* readd new line to separate peers in config
5 years ago
Robert Wimmer 9a0e70ee25
remove unneeded with_inventory_hostnames loops (#27)
* remove unneeded with_inventory_hostnames loops

* update CHANGELOG
5 years ago
Alex Hanselka 21706b822a add CentOS support (#9) 6 years ago
Alex Hanselka 59eac1706c update tasks to use the new preferred looping syntax (#10) 6 years ago