* move wireguard_private_key up in variable order in defaults/main.yml
* add opensuse 15.3 to Galaxy metadata
* remove trailing space
* remove blank line
* fix indentation in setup-debian.yml
* rename test-wg-opensuse-leap to test-wg-opensuse-leap-15-2 in molecule.yml
* add OpenSUSE 15.3 to Molecule test
* remove OpenSUSE Leap 15.2 support (EOL)
* remove Fedora 33 support (EOL)
* remove Fedora 33 + openSUSE Leap 15.2 variables from Molecule test
* add Fedora 35 support
* remove CentOS 8 support (EOL) - use AlmaLinux or Rocky Linux instead
* remove tasks/setup-centos-8.yml (CentOS 8 reached EOL)
* fix formatting issues and typos in README + CHANGELOG
* update CHANGELOG
* truthy value should false in tasks/setup-debian-pve-guest-variant.yml
* name task in tasks/main.yml
* name tasks in tasks/setup-debian.yml
* refactor Molecule setup
* remove Proxmox from Molecule test
* update CHANGELOG
* update CHANGELOG
* re-order IP address in Molecule test
* use different wireguard_port values for a few hosts in Molecule test for better testing
* feat: Update CentOS 7 to use signed kernel-plus module
* Apply suggestions from code review
Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>
* Update CentOS 7 for optional signed kernel-plus module
Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>
* add Debian 11 aka Bullseye
* add Debian 11 aka Bullseye to Molecule test
* update README
* added Fedora 34 + removed Fedora 32 support from meta/main.yml
* Debian 11 do not need kernel headers anymore
* remove Fedora 32 from Molecule test / add Fedora 34 + Debian 11 to Molecule test
* add rolename/namespace + make ansible-lint happy in meta/main.yml
* make ansible-lint happy
* (Archlinux) As linux-lts is using kernel 5.10 now there is no need to install wireguard-lts tools any longer (and this package is gone anyway)
* (Debian) fix ansible-lint issues
* update CHANGELOG
* Fixed tag "wg-install" inheritance to included tasks
Fixes#109
* Added no_log to tasks handling private keys - can be explicitly deactivated for debugging by running with verbosity 3 or higher
Fixes#81
* add PVE to the recipe
* Update tasks/setup-debian-pve-variant.yml
Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>
* Update tasks/setup-debian-pve-variant.yml
Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>
* Update tasks/setup-debian-pve-variant.yml
Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>
* Update tasks/setup-debian.yml
Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>
* On Proxmox ansible_lsb.id variable is not set
* change when condition for include task setup-debian-vanilla.yml to a list
* add Molecule test for Proxmox
* use file module to delete /var/lib/apt/lists/lock for Proxmox in Molecule test
Co-authored-by: Steve Fan <29133953+stevefan1999-personal@users.noreply.github.com>
Fedora 32 still installs the copr repo and the dkms module. I assume
that is still necessary for Fedora 32, though I have no box to test it
with.
If the user is on Fedora 33 or higher, the default setup-fedora.yml is
used, which no longer installs the copr repo, nor the dkms module since
neither are necessary anymore.
* Use Debian backports repositories
Use Debian backports instead of unstable to get wireguard. This is a more
stable solution and has less impact on the system.
Unfortunately a reboot is still required.
* Fix boot paths
* Update Changelog, switch to 7.7.0
* CHANGELOG formatting
* No need to use PPA for Ubuntu 18 any longer
* update CHANGELOG
* Bring back task to install support packages for Ubuntu < 19.10 just to be sure
* Add editor fold sections
* Remove trailing whitespace
* Make the repo compliant with REUSE Specification v3.0
Closes: #71
Email addresses have all been removed from this commit as requested by
githubixx.
* Use common namespace "wireguard" for role facts
* Fix typo
* Explicitly state that GPL-3.0-or-later applies
Closes: #72
It does not serve any function anymore after support for module
reloading has been removed from the postinst script in 0.0.20200215-2 on
2020-02-24. A module update is properly signaled via
/run/reboot-required so that the admin can (automatically) schedule a
reboot when convenient. This will also be more in line with future Debian
releases because starting with Debian bullseye, the kernel ships the
module.
Add macOS details in the README
Fix Archlinux spelling
Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>
Remove additional linux.yml file, use conditional block instead
Add CHANGELOG entry
Bump to 7.2.0 in CHANGELOG
Invert OS check on Darwin instead of Linux
Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>
Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>
* Switched to ELRepo for Centos (#50)
- added switch to differentiate setup of Centos7/8
- replaced old repository by officialy recomended
- added step to remove old dkms wireguard package
- switched to install KMOD wireguard package
* Updated CHANGELOG after switching to ELRepo for Centos
* Update CHANGELOG.md
Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>
* Updted CHANGELOG: added notice about old wireguard Centos repository removal
Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>
* on openstack Debian images, the kernel is different, so we need to install different kernel headers, too
* fix syntax error in conditional fact
* remove debug message
Co-authored-by: Peter Pallinger <pallinger@sztaki.hu>
* Rename debian-setup role to point to vanilla Debian
* Add a specific setup role for Raspbian
This role will fail for now, Raspbian is not supported by this role as it is.
* Add a switch for Raspbian
* Add Raspbian role for installing WireGuard
* Raspbian: Handle reboot with molly-guard and older Ansible versions
Arch Linux ships a Linux kernel > 5.6 and doesn't require DKMS.
Move the package list variable to (distribution-specific) var files.
For the Arch Linux LTS kernel (5.4) a binary wireguard-lts package is
provided in [core].
* Changes wireguard apt repo to buster-backports
* Add repo only on buster or earlier
* No apt pin needed, backports has lower priority than main distribution
* Update CHANGELOG.md
Co-Authored-By: Robert Wimmer <2039811+githubixx@users.noreply.github.com>
* Clarify effects of updating on system state
Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>
* merge stateless with no storage of local priv key
* Delete locally stored private key
* add reload module on update config file
* privatekey template is not used anymore
* remove all local keys priv and public
* use ansible_play_hosts instead of hardcoded vpn grp
should use the group in the play calling the role.
works fine when hosts bellong to several groups
* Clean tasks names
* add tag, and cleanup
* fix private key creation
* Support for mutliple wireguard vpn on same host
add inventory exemple in readme
* fix typo, add some comment on inventory
* add wg-config tag to Check config:
allow run with -t - wg-config
* Update tasks/main.yml
Co-Authored-By: Robert Wimmer <2039811+githubixx@users.noreply.github.com>
* remove trailing whitespace
* Update templates/wg.conf.j2
Co-Authored-By: Robert Wimmer <2039811+githubixx@users.noreply.github.com>
* Update templates/wg.conf.j2
Co-Authored-By: Robert Wimmer <2039811+githubixx@users.noreply.github.com>
* changes after githubixx code review
* readd new line to separate peers in config
* feat(debian) enable module to work on debian
Add support for Debian based on the documentation in debian wiki
and discussion in [0].
[0]: https://github.com/githubixx/ansible-role-wireguard/issues/5
* remove run_once for debian
* Install kernel headers on debian
There is no equivalent package of linux-headers-generic on debian.
Package installation needs to specify the architecture (i.e. amd64),
which is captured from dpkg output.
* Only use include_tasks to differentiate distributions
Before Archlinux was split out using ansible_os_family. But since
ansible_os_family overlaps for Debian and Ubuntu, two when
statements were used to split out these cases:
- All arch derivations
- Debian
- Ubuntu
New style is cleaner. Arch derivations can still be used by
overiding ansible_distribution in inventory.
* incorporate feedback: move pin file, other changed_when syntax
* initial implementation - part 1
* first working version
* add handler
* separate includes for Debian based and Archlinux OS
* refactor
* update
* add meta tag
* added ArchLinux to galaxy meta info
* rename file / add more Wiregurad config options
* fix typo
* update README
* update README
* fixed typos
* update README / variable rename: wireguard_ip -> wireguard_address