Commit Graph

28 Commits (11.0.0)

Author SHA1 Message Date
Robert Wimmer 3821005839
v10.0.0 (#162)
* remove support for Fedora 35 / add support for Fedora 36

* remove Fedora 34 + add Fedora 36 to Molecule test

* fix Jinja2 spacing

* fix Jinja2 spacing

* improve the task key order to: name, when, tags, block

* handlers/main.yml: names should start with an uppercase letter

* tasks/main.yml: names should start with an uppercase letter

* add .yamllint

* add Github release action to push new release to Ansible Galaxy

* add Molecule setup for openSUSE 15.4

* molecule/kvm-single-server: add verify.yml / enable verifier

* update CHANGELOG
2 years ago
Robert Wimmer 4e5adac691
Change restart handling / add very basic unit test (#156)
* move register if config/private key handling out of wg subcommands block

* allow user to specify WireGuard interface restart behavior

* update README

* numeric values in meta/main.yml should be strings

* update Copyright

* fix indentation in tasks/setup-debian.yml

* update Copyright

* update Copyright

* truthy values should be lowercase

* add namespace key again to meta/main.yml

* add molecule/kvm/verify.yml with a very basic unit test
3 years ago
Robert Wimmer ac98583ab5
Various updates (#142)
* move wireguard_private_key up in variable order in defaults/main.yml

* add opensuse 15.3 to Galaxy metadata

* remove trailing space

* remove blank line

* fix indentation in setup-debian.yml

* rename test-wg-opensuse-leap to test-wg-opensuse-leap-15-2 in molecule.yml

* add OpenSUSE 15.3 to Molecule test

* remove OpenSUSE Leap 15.2 support (EOL)

* remove Fedora 33 support (EOL)

* remove Fedora 33 + openSUSE Leap 15.2 variables from Molecule test

* add Fedora 35 support

* remove CentOS 8 support (EOL) - use AlmaLinux or Rocky Linux instead

* remove tasks/setup-centos-8.yml (CentOS 8 reached EOL)

* fix formatting issues and typos in README + CHANGELOG

* update CHANGELOG

* truthy value should false in tasks/setup-debian-pve-guest-variant.yml

* name task in tasks/main.yml

* name tasks in tasks/setup-debian.yml

* refactor Molecule setup

* remove Proxmox from Molecule test

* update CHANGELOG

* update CHANGELOG

* re-order IP address in Molecule test

* use different wireguard_port values for a few hosts in Molecule test for better testing
3 years ago
Felix Mai c4a5677f72
General improvements (#138)
* Rearrange hooks to match lifecycle order

* Fully qualify module names

BREAKING CHANGE: To use FQCNs at least Ansible 2.9 is required [2].

From the commonly presented note in the Ansible documentation, e. g.
of Ansible's builtin debug module [1]:

  [...] we recommend you use the FQCN for easy linking to the module
  documentation and to avoid conflicting with other collections that
  may have the same module name.

[1]: https://docs.ansible.com/ansible/latest/collections/ansible/builtin/debug_module.html
[2]: https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#where-did-all-the-modules-go

* Update changelog
3 years ago
Robert Wimmer 527c9ae967
Debian 11 + Fedora 34 support / Fedora 32 support removed (#118)
* add Debian 11 aka Bullseye

* add Debian 11 aka Bullseye to Molecule test

* update README

* added Fedora 34 + removed Fedora 32 support from meta/main.yml

* Debian 11 do not need kernel headers anymore

* remove Fedora 32 from Molecule test / add Fedora 34 + Debian 11 to Molecule test

* add rolename/namespace + make ansible-lint happy in meta/main.yml

* make ansible-lint happy

* (Archlinux) As linux-lts is using kernel 5.10 now there is no need to install wireguard-lts tools any longer (and this package is gone anyway)

* (Debian) fix ansible-lint issues

* update CHANGELOG
3 years ago
Jan Gaßner 871d1e4497
Fix tag "wg-install" & Add no_log (#110)
* Fixed tag "wg-install" inheritance to included tasks
Fixes #109

* Added no_log to tasks handling private keys - can be explicitly deactivated for debugging by running with verbosity 3 or higher
Fixes #81
3 years ago
tjend 2d6e36572b
Allow disabling service (#107) 4 years ago
Julien Reichardt c0e3e13e0a
Add wireguard_private_key variable (#69)
* Fix check mode for Debian

* Add wireguard_private_key variable

* Release 7.6.0

* Fix undefined `wg_syncconf` when using tags
4 years ago
Robin Schneider db8bec1b0a
REUSE Specification v3.0 and other minor stuff (#76)
* Add editor fold sections

* Remove trailing whitespace

* Make the repo compliant with REUSE Specification v3.0

Closes: #71

Email addresses have all been removed from this commit as requested by
githubixx.

* Use common namespace "wireguard" for role facts

* Fix typo

* Explicitly state that GPL-3.0-or-later applies

Closes: #72
4 years ago
Ruben Di Battista 47885d8db9
Remove useless block for single task (#82) 4 years ago
Robin Schneider 739c9de73e
Move wireguard_ip template code to template where it belongs
Instead of redundant set_fact task.
4 years ago
Robin Schneider 8b1ae7d4c2
Remove obsolete .reload-module-on-update file
It does not serve any function anymore after support for module
reloading has been removed from the postinst script in 0.0.20200215-2 on
2020-02-24. A module update is properly signaled via
/run/reboot-required so that the admin can (automatically) schedule a
reboot when convenient. This will also be more in line with future Debian
releases because starting with Debian bullseye, the kernel ships the
module.
4 years ago
Robin Schneider a56a4d6600
Properly solve ansible-lint 306 warning about shell task with pipe
Do not ignore such warnings! They are there for a reason!
4 years ago
Robin Schneider 713a7683ef
Move template into it’s fhs place 4 years ago
Robin Schneider c4a21dd0ef
Use common namespace "wireguard" for role facts 4 years ago
Robin Schneider 7a1af464b1
Move condition code into Jinja instead of having two set_fact tasks 4 years ago
Ruben Di Battista 3ef759edbb
Add basic support for macOS (#61)
Add macOS details in the README

Fix Archlinux spelling

Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>

Remove additional linux.yml file, use conditional block instead

Add CHANGELOG entry

Bump to 7.2.0 in CHANGELOG

Invert OS check on Darwin instead of Linux
Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>

Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>
4 years ago
Roman Danko c1f413f966
Switched to ELRepo for Centos (#59)
* Switched to ELRepo for Centos (#50)
- added switch to differentiate setup of Centos7/8
- replaced old repository by officialy recomended
- added step to remove old dkms wireguard package
- switched to install KMOD wireguard package

* Updated CHANGELOG after switching to ELRepo for Centos

* Update CHANGELOG.md

Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>

* Updted CHANGELOG: added notice about old wireguard Centos repository removal

Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>
4 years ago
Robert Wimmer 9f76b8baf5
Support Ubuntu 20.04 (#52)
* update Ansible Galaxy meta info (added Ubunut Focal Fossa / Debian Buster)

* update CHANGELOG (Ubuntu 20.04 support)

* move OS package installation to OS specific subtasks

* update README

* update CHANGELOG

Co-authored-by: githubixx <home@tauceti.net>
5 years ago
Jürgen Hötzel 04843b5394
Use Arch Linux specific package list (#48)
Arch Linux ships a Linux kernel > 5.6 and doesn't require DKMS.

Move the package list variable to (distribution-specific) var files.

For the Arch Linux LTS kernel (5.4) a binary wireguard-lts package is
provided in [core].
5 years ago
Robert Wimmer 8e7ed9e702
Use "wg syncconf" if available (#38)
* use wg syncconf if available

* use boolean as variable type for wg_syncconf

* update CHANGELOG

* update README
5 years ago
fbourqui a357e5fab1 Merge stateless idea with no local storage of public and private keys, support multiple interface per hosts using several groups (#29)
* merge stateless with no storage of local priv key

* Delete locally stored private key

* add reload module on update config file

* privatekey template is not used anymore

* remove all local keys priv and public

* use ansible_play_hosts instead of hardcoded vpn grp
should use the group in the play calling the role.
works fine when hosts bellong to several groups

* Clean tasks names

* add tag, and cleanup

* fix private key creation

* Support for mutliple wireguard vpn on same host
add inventory exemple in readme

* fix typo, add some comment on inventory

* add  wg-config tag to Check config:
allow  run  with -t - wg-config

* Update tasks/main.yml

Co-Authored-By: Robert Wimmer <2039811+githubixx@users.noreply.github.com>

* remove trailing whitespace

* Update templates/wg.conf.j2

Co-Authored-By: Robert Wimmer <2039811+githubixx@users.noreply.github.com>

* Update templates/wg.conf.j2

Co-Authored-By: Robert Wimmer <2039811+githubixx@users.noreply.github.com>

* changes after githubixx code review

* readd new line to separate peers in config
5 years ago
Robert Wimmer 9a0e70ee25
remove unneeded with_inventory_hostnames loops (#27)
* remove unneeded with_inventory_hostnames loops

* update CHANGELOG
5 years ago
Alex Hanselka 59eac1706c update tasks to use the new preferred looping syntax (#10) 6 years ago
Ties de Kock 3a8d3260c4 feat(debian) enable module to work on debian (#6)
* feat(debian) enable module to work on debian

Add support for Debian based on the documentation in debian wiki
and discussion in [0].

[0]: https://github.com/githubixx/ansible-role-wireguard/issues/5

* remove run_once for debian

* Install kernel headers on debian

There is no equivalent package of linux-headers-generic on debian.
Package installation needs to specify the architecture (i.e. amd64),
which is captured from dpkg output.

* Only use include_tasks to differentiate distributions

Before Archlinux was split out using ansible_os_family. But since
ansible_os_family overlaps for Debian and Ubuntu, two when
statements were used to split out these cases:

  - All arch derivations
  - Debian
  - Ubuntu

New style is cleaner. Arch derivations can still be used by
overiding ansible_distribution in inventory.

* incorporate feedback: move pin file, other changed_when syntax
6 years ago
githubixx c9dc3cfff5 make Ansible linter happy 6 years ago
githubixx 7605a76a03 make Ansible linter happy / changelog to separate file / new versioning scheme 6 years ago
Robert Wimmer d197bd980d
Inital implementation (#1)
* initial implementation - part 1

* first working version

* add handler

* separate includes for Debian based and Archlinux OS

* refactor

* update

* add meta tag

* added ArchLinux to galaxy meta info

* rename file / add more Wiregurad config options

* fix typo

* update README

* update README

* fixed typos

* update README / variable rename: wireguard_ip -> wireguard_address
6 years ago