* add EL9 to meta/main.yml
* require Ansible >= 2.11 as Rocky Linux is only supported with this version or above
* ansible-lint: use community.general.pacman module instead of ansible.builtin.pacman for Archlinux setup
* add support for Rocky Linux 9 and AlmaLinux 9
* add openSUSE Leap 15.4 to README.md
* update CHANGELOG.md
* remove support for Fedora 35 / add support for Fedora 36
* remove Fedora 34 + add Fedora 36 to Molecule test
* fix Jinja2 spacing
* fix Jinja2 spacing
* improve the task key order to: name, when, tags, block
* handlers/main.yml: names should start with an uppercase letter
* tasks/main.yml: names should start with an uppercase letter
* add .yamllint
* add Github release action to push new release to Ansible Galaxy
* add Molecule setup for openSUSE 15.4
* molecule/kvm-single-server: add verify.yml / enable verifier
* update CHANGELOG
* move wireguard_private_key up in variable order in defaults/main.yml
* add opensuse 15.3 to Galaxy metadata
* remove trailing space
* remove blank line
* fix indentation in setup-debian.yml
* rename test-wg-opensuse-leap to test-wg-opensuse-leap-15-2 in molecule.yml
* add OpenSUSE 15.3 to Molecule test
* remove OpenSUSE Leap 15.2 support (EOL)
* remove Fedora 33 support (EOL)
* remove Fedora 33 + openSUSE Leap 15.2 variables from Molecule test
* add Fedora 35 support
* remove CentOS 8 support (EOL) - use AlmaLinux or Rocky Linux instead
* remove tasks/setup-centos-8.yml (CentOS 8 reached EOL)
* fix formatting issues and typos in README + CHANGELOG
* update CHANGELOG
* truthy value should false in tasks/setup-debian-pve-guest-variant.yml
* name task in tasks/main.yml
* name tasks in tasks/setup-debian.yml
* refactor Molecule setup
* remove Proxmox from Molecule test
* update CHANGELOG
* update CHANGELOG
* re-order IP address in Molecule test
* use different wireguard_port values for a few hosts in Molecule test for better testing
* feat: Update CentOS 7 to use signed kernel-plus module
* Apply suggestions from code review
Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>
* Update CentOS 7 for optional signed kernel-plus module
Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>
* add Debian 11 aka Bullseye
* add Debian 11 aka Bullseye to Molecule test
* update README
* added Fedora 34 + removed Fedora 32 support from meta/main.yml
* Debian 11 do not need kernel headers anymore
* remove Fedora 32 from Molecule test / add Fedora 34 + Debian 11 to Molecule test
* add rolename/namespace + make ansible-lint happy in meta/main.yml
* make ansible-lint happy
* (Archlinux) As linux-lts is using kernel 5.10 now there is no need to install wireguard-lts tools any longer (and this package is gone anyway)
* (Debian) fix ansible-lint issues
* update CHANGELOG
* Use Debian backports repositories
Use Debian backports instead of unstable to get wireguard. This is a more
stable solution and has less impact on the system.
Unfortunately a reboot is still required.
* Fix boot paths
* Update Changelog, switch to 7.7.0
* CHANGELOG formatting
* No need to use PPA for Ubuntu 18 any longer
* update CHANGELOG
* Bring back task to install support packages for Ubuntu < 19.10 just to be sure
* Add editor fold sections
* Remove trailing whitespace
* Make the repo compliant with REUSE Specification v3.0
Closes: #71
Email addresses have all been removed from this commit as requested by
githubixx.
* Use common namespace "wireguard" for role facts
* Fix typo
* Explicitly state that GPL-3.0-or-later applies
Closes: #72
Add macOS details in the README
Fix Archlinux spelling
Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>
Remove additional linux.yml file, use conditional block instead
Add CHANGELOG entry
Bump to 7.2.0 in CHANGELOG
Invert OS check on Darwin instead of Linux
Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>
Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>
* Add support for unmanaged WireGuard peers
Add variable wireguard_extra_peer_config that is raw WireGuard
configuration appended to the peers section. Value is a string
containing arbitrary wg-quick syntax.
This closes#41, and closes#45.
* update CHANGELOG (#63)
* Change unmanaged peers to dictionary instead of string
Based on review comment by @j8r in #63.
* README: update preshared_key example
Update wireguard_unmanaged_peers example for preshared_key.
Make it a comment to highlight it is optional and should probably be handled
like other secrets.
* Clean up jinja2 syntax
Based on review comments.
* Remove unneeded if of required public_key
The public_key is required for a wireguard peer so remove the if from
wireguard_unmanaged_peers public_key. The effect is that it is a syntax
error from Ansible rather than failing config validation when the config
has already been written and fails to load.
* Switched to ELRepo for Centos (#50)
- added switch to differentiate setup of Centos7/8
- replaced old repository by officialy recomended
- added step to remove old dkms wireguard package
- switched to install KMOD wireguard package
* Updated CHANGELOG after switching to ELRepo for Centos
* Update CHANGELOG.md
Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>
* Updted CHANGELOG: added notice about old wireguard Centos repository removal
Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>
* Changes wireguard apt repo to buster-backports
* Add repo only on buster or earlier
* No apt pin needed, backports has lower priority than main distribution
* Update CHANGELOG.md
Co-Authored-By: Robert Wimmer <2039811+githubixx@users.noreply.github.com>
* Clarify effects of updating on system state
Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>
* merge stateless with no storage of local priv key
* Delete locally stored private key
* add reload module on update config file
* privatekey template is not used anymore
* remove all local keys priv and public
* use ansible_play_hosts instead of hardcoded vpn grp
should use the group in the play calling the role.
works fine when hosts bellong to several groups
* Clean tasks names
* add tag, and cleanup
* fix private key creation
* Support for mutliple wireguard vpn on same host
add inventory exemple in readme
* fix typo, add some comment on inventory
* add wg-config tag to Check config:
allow run with -t - wg-config
* Update tasks/main.yml
Co-Authored-By: Robert Wimmer <2039811+githubixx@users.noreply.github.com>
* remove trailing whitespace
* Update templates/wg.conf.j2
Co-Authored-By: Robert Wimmer <2039811+githubixx@users.noreply.github.com>
* Update templates/wg.conf.j2
Co-Authored-By: Robert Wimmer <2039811+githubixx@users.noreply.github.com>
* changes after githubixx code review
* readd new line to separate peers in config
Robert Wimmer