Compare commits
2 Commits
master
...
unmanaged-
Author | SHA1 | Date |
---|---|---|
githubixx | 818b55051e | 4 years ago |
githubixx | 9fdcbd9ac7 | 4 years ago |
@ -1,39 +0,0 @@
|
||||
---
|
||||
# This workflow requires a GALAXY_API_KEY secret present in the GitHub
|
||||
# repository or organization.
|
||||
#
|
||||
# See: https://github.com/marketplace/actions/publish-ansible-role-to-galaxy
|
||||
# See: https://github.com/ansible/galaxy/issues/46
|
||||
|
||||
name: Release
|
||||
on:
|
||||
push:
|
||||
tags:
|
||||
- '*'
|
||||
|
||||
defaults:
|
||||
run:
|
||||
working-directory: 'githubixx.ansible_role_wireguard'
|
||||
|
||||
jobs:
|
||||
release:
|
||||
name: Release
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Check out the codebase.
|
||||
uses: actions/checkout@v2
|
||||
with:
|
||||
path: 'githubixx.ansible_role_wireguard'
|
||||
|
||||
- name: Set up Python 3.
|
||||
uses: actions/setup-python@v2
|
||||
with:
|
||||
python-version: '3.x'
|
||||
|
||||
- name: Install Ansible.
|
||||
run: pip3 install ansible-core
|
||||
|
||||
- name: Trigger a new import on Galaxy.
|
||||
run: >-
|
||||
ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }}
|
||||
$(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2)
|
@ -1,4 +0,0 @@
|
||||
# Copyright (C) 2018-2022 Robert Wimmer
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
molecule/kvm/.vagrant
|
@ -1,10 +0,0 @@
|
||||
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
|
||||
Upstream-Name: ansible-role-wireguard
|
||||
Upstream-Contact: Robert Wimmer <>
|
||||
Source: https://github.com/githubixx/ansible-role-wireguard
|
||||
|
||||
# Sample paragraph, commented out:
|
||||
#
|
||||
# Files: src/*
|
||||
# Copyright: $YEAR $NAME <$CONTACT>
|
||||
# License: ...
|
@ -1,9 +0,0 @@
|
||||
---
|
||||
extends: default
|
||||
|
||||
rules:
|
||||
line-length:
|
||||
max: 150
|
||||
level: warning
|
||||
|
||||
comments-indentation: disable
|
@ -1,625 +0,0 @@
|
||||
GNU GENERAL PUBLIC LICENSE
|
||||
|
||||
Version 3, 29 June 2007
|
||||
|
||||
Copyright © 2007 Free Software Foundation, Inc. <https://fsf.org/>
|
||||
|
||||
Everyone is permitted to copy and distribute verbatim copies of this license
|
||||
document, but changing it is not allowed.
|
||||
|
||||
Preamble
|
||||
|
||||
The GNU General Public License is a free, copyleft license for software and
|
||||
other kinds of works.
|
||||
|
||||
The licenses for most software and other practical works are designed to take
|
||||
away your freedom to share and change the works. By contrast, the GNU General
|
||||
Public License is intended to guarantee your freedom to share and change all
|
||||
versions of a program--to make sure it remains free software for all its users.
|
||||
We, the Free Software Foundation, use the GNU General Public License for most
|
||||
of our software; it applies also to any other work released this way by its
|
||||
authors. You can apply it to your programs, too.
|
||||
|
||||
When we speak of free software, we are referring to freedom, not price. Our
|
||||
General Public Licenses are designed to make sure that you have the freedom
|
||||
to distribute copies of free software (and charge for them if you wish), that
|
||||
you receive source code or can get it if you want it, that you can change
|
||||
the software or use pieces of it in new free programs, and that you know you
|
||||
can do these things.
|
||||
|
||||
To protect your rights, we need to prevent others from denying you these rights
|
||||
or asking you to surrender the rights. Therefore, you have certain responsibilities
|
||||
if you distribute copies of the software, or if you modify it: responsibilities
|
||||
to respect the freedom of others.
|
||||
|
||||
For example, if you distribute copies of such a program, whether gratis or
|
||||
for a fee, you must pass on to the recipients the same freedoms that you received.
|
||||
You must make sure that they, too, receive or can get the source code. And
|
||||
you must show them these terms so they know their rights.
|
||||
|
||||
Developers that use the GNU GPL protect your rights with two steps: (1) assert
|
||||
copyright on the software, and (2) offer you this License giving you legal
|
||||
permission to copy, distribute and/or modify it.
|
||||
|
||||
For the developers' and authors' protection, the GPL clearly explains that
|
||||
there is no warranty for this free software. For both users' and authors'
|
||||
sake, the GPL requires that modified versions be marked as changed, so that
|
||||
their problems will not be attributed erroneously to authors of previous versions.
|
||||
|
||||
Some devices are designed to deny users access to install or run modified
|
||||
versions of the software inside them, although the manufacturer can do so.
|
||||
This is fundamentally incompatible with the aim of protecting users' freedom
|
||||
to change the software. The systematic pattern of such abuse occurs in the
|
||||
area of products for individuals to use, which is precisely where it is most
|
||||
unacceptable. Therefore, we have designed this version of the GPL to prohibit
|
||||
the practice for those products. If such problems arise substantially in other
|
||||
domains, we stand ready to extend this provision to those domains in future
|
||||
versions of the GPL, as needed to protect the freedom of users.
|
||||
|
||||
Finally, every program is threatened constantly by software patents. States
|
||||
should not allow patents to restrict development and use of software on general-purpose
|
||||
computers, but in those that do, we wish to avoid the special danger that
|
||||
patents applied to a free program could make it effectively proprietary. To
|
||||
prevent this, the GPL assures that patents cannot be used to render the program
|
||||
non-free.
|
||||
|
||||
The precise terms and conditions for copying, distribution and modification
|
||||
follow.
|
||||
|
||||
TERMS AND CONDITIONS
|
||||
|
||||
0. Definitions.
|
||||
|
||||
"This License" refers to version 3 of the GNU General Public License.
|
||||
|
||||
"Copyright" also means copyright-like laws that apply to other kinds of works,
|
||||
such as semiconductor masks.
|
||||
|
||||
"The Program" refers to any copyrightable work licensed under this License.
|
||||
Each licensee is addressed as "you". "Licensees" and "recipients" may be individuals
|
||||
or organizations.
|
||||
|
||||
To "modify" a work means to copy from or adapt all or part of the work in
|
||||
a fashion requiring copyright permission, other than the making of an exact
|
||||
copy. The resulting work is called a "modified version" of the earlier work
|
||||
or a work "based on" the earlier work.
|
||||
|
||||
A "covered work" means either the unmodified Program or a work based on the
|
||||
Program.
|
||||
|
||||
To "propagate" a work means to do anything with it that, without permission,
|
||||
would make you directly or secondarily liable for infringement under applicable
|
||||
copyright law, except executing it on a computer or modifying a private copy.
|
||||
Propagation includes copying, distribution (with or without modification),
|
||||
making available to the public, and in some countries other activities as
|
||||
well.
|
||||
|
||||
To "convey" a work means any kind of propagation that enables other parties
|
||||
to make or receive copies. Mere interaction with a user through a computer
|
||||
network, with no transfer of a copy, is not conveying.
|
||||
|
||||
An interactive user interface displays "Appropriate Legal Notices" to the
|
||||
extent that it includes a convenient and prominently visible feature that
|
||||
(1) displays an appropriate copyright notice, and (2) tells the user that
|
||||
there is no warranty for the work (except to the extent that warranties are
|
||||
provided), that licensees may convey the work under this License, and how
|
||||
to view a copy of this License. If the interface presents a list of user commands
|
||||
or options, such as a menu, a prominent item in the list meets this criterion.
|
||||
|
||||
1. Source Code.
|
||||
|
||||
The "source code" for a work means the preferred form of the work for making
|
||||
modifications to it. "Object code" means any non-source form of a work.
|
||||
|
||||
A "Standard Interface" means an interface that either is an official standard
|
||||
defined by a recognized standards body, or, in the case of interfaces specified
|
||||
for a particular programming language, one that is widely used among developers
|
||||
working in that language.
|
||||
|
||||
The "System Libraries" of an executable work include anything, other than
|
||||
the work as a whole, that (a) is included in the normal form of packaging
|
||||
a Major Component, but which is not part of that Major Component, and (b)
|
||||
serves only to enable use of the work with that Major Component, or to implement
|
||||
a Standard Interface for which an implementation is available to the public
|
||||
in source code form. A "Major Component", in this context, means a major essential
|
||||
component (kernel, window system, and so on) of the specific operating system
|
||||
(if any) on which the executable work runs, or a compiler used to produce
|
||||
the work, or an object code interpreter used to run it.
|
||||
|
||||
The "Corresponding Source" for a work in object code form means all the source
|
||||
code needed to generate, install, and (for an executable work) run the object
|
||||
code and to modify the work, including scripts to control those activities.
|
||||
However, it does not include the work's System Libraries, or general-purpose
|
||||
tools or generally available free programs which are used unmodified in performing
|
||||
those activities but which are not part of the work. For example, Corresponding
|
||||
Source includes interface definition files associated with source files for
|
||||
the work, and the source code for shared libraries and dynamically linked
|
||||
subprograms that the work is specifically designed to require, such as by
|
||||
intimate data communication or control flow between those subprograms and
|
||||
other parts of the work.
|
||||
|
||||
The Corresponding Source need not include anything that users can regenerate
|
||||
automatically from other parts of the Corresponding Source.
|
||||
|
||||
The Corresponding Source for a work in source code form is that same work.
|
||||
|
||||
2. Basic Permissions.
|
||||
|
||||
All rights granted under this License are granted for the term of copyright
|
||||
on the Program, and are irrevocable provided the stated conditions are met.
|
||||
This License explicitly affirms your unlimited permission to run the unmodified
|
||||
Program. The output from running a covered work is covered by this License
|
||||
only if the output, given its content, constitutes a covered work. This License
|
||||
acknowledges your rights of fair use or other equivalent, as provided by copyright
|
||||
law.
|
||||
|
||||
You may make, run and propagate covered works that you do not convey, without
|
||||
conditions so long as your license otherwise remains in force. You may convey
|
||||
covered works to others for the sole purpose of having them make modifications
|
||||
exclusively for you, or provide you with facilities for running those works,
|
||||
provided that you comply with the terms of this License in conveying all material
|
||||
for which you do not control copyright. Those thus making or running the covered
|
||||
works for you must do so exclusively on your behalf, under your direction
|
||||
and control, on terms that prohibit them from making any copies of your copyrighted
|
||||
material outside their relationship with you.
|
||||
|
||||
Conveying under any other circumstances is permitted solely under the conditions
|
||||
stated below. Sublicensing is not allowed; section 10 makes it unnecessary.
|
||||
|
||||
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
|
||||
|
||||
No covered work shall be deemed part of an effective technological measure
|
||||
under any applicable law fulfilling obligations under article 11 of the WIPO
|
||||
copyright treaty adopted on 20 December 1996, or similar laws prohibiting
|
||||
or restricting circumvention of such measures.
|
||||
|
||||
When you convey a covered work, you waive any legal power to forbid circumvention
|
||||
of technological measures to the extent such circumvention is effected by
|
||||
exercising rights under this License with respect to the covered work, and
|
||||
you disclaim any intention to limit operation or modification of the work
|
||||
as a means of enforcing, against the work's users, your or third parties'
|
||||
legal rights to forbid circumvention of technological measures.
|
||||
|
||||
4. Conveying Verbatim Copies.
|
||||
|
||||
You may convey verbatim copies of the Program's source code as you receive
|
||||
it, in any medium, provided that you conspicuously and appropriately publish
|
||||
on each copy an appropriate copyright notice; keep intact all notices stating
|
||||
that this License and any non-permissive terms added in accord with section
|
||||
7 apply to the code; keep intact all notices of the absence of any warranty;
|
||||
and give all recipients a copy of this License along with the Program.
|
||||
|
||||
You may charge any price or no price for each copy that you convey, and you
|
||||
may offer support or warranty protection for a fee.
|
||||
|
||||
5. Conveying Modified Source Versions.
|
||||
|
||||
You may convey a work based on the Program, or the modifications to produce
|
||||
it from the Program, in the form of source code under the terms of section
|
||||
4, provided that you also meet all of these conditions:
|
||||
|
||||
a) The work must carry prominent notices stating that you modified it, and
|
||||
giving a relevant date.
|
||||
|
||||
b) The work must carry prominent notices stating that it is released under
|
||||
this License and any conditions added under section 7. This requirement modifies
|
||||
the requirement in section 4 to "keep intact all notices".
|
||||
|
||||
c) You must license the entire work, as a whole, under this License to anyone
|
||||
who comes into possession of a copy. This License will therefore apply, along
|
||||
with any applicable section 7 additional terms, to the whole of the work,
|
||||
and all its parts, regardless of how they are packaged. This License gives
|
||||
no permission to license the work in any other way, but it does not invalidate
|
||||
such permission if you have separately received it.
|
||||
|
||||
d) If the work has interactive user interfaces, each must display Appropriate
|
||||
Legal Notices; however, if the Program has interactive interfaces that do
|
||||
not display Appropriate Legal Notices, your work need not make them do so.
|
||||
|
||||
A compilation of a covered work with other separate and independent works,
|
||||
which are not by their nature extensions of the covered work, and which are
|
||||
not combined with it such as to form a larger program, in or on a volume of
|
||||
a storage or distribution medium, is called an "aggregate" if the compilation
|
||||
and its resulting copyright are not used to limit the access or legal rights
|
||||
of the compilation's users beyond what the individual works permit. Inclusion
|
||||
of a covered work in an aggregate does not cause this License to apply to
|
||||
the other parts of the aggregate.
|
||||
|
||||
6. Conveying Non-Source Forms.
|
||||
|
||||
You may convey a covered work in object code form under the terms of sections
|
||||
4 and 5, provided that you also convey the machine-readable Corresponding
|
||||
Source under the terms of this License, in one of these ways:
|
||||
|
||||
a) Convey the object code in, or embodied in, a physical product (including
|
||||
a physical distribution medium), accompanied by the Corresponding Source fixed
|
||||
on a durable physical medium customarily used for software interchange.
|
||||
|
||||
b) Convey the object code in, or embodied in, a physical product (including
|
||||
a physical distribution medium), accompanied by a written offer, valid for
|
||||
at least three years and valid for as long as you offer spare parts or customer
|
||||
support for that product model, to give anyone who possesses the object code
|
||||
either (1) a copy of the Corresponding Source for all the software in the
|
||||
product that is covered by this License, on a durable physical medium customarily
|
||||
used for software interchange, for a price no more than your reasonable cost
|
||||
of physically performing this conveying of source, or (2) access to copy the
|
||||
Corresponding Source from a network server at no charge.
|
||||
|
||||
c) Convey individual copies of the object code with a copy of the written
|
||||
offer to provide the Corresponding Source. This alternative is allowed only
|
||||
occasionally and noncommercially, and only if you received the object code
|
||||
with such an offer, in accord with subsection 6b.
|
||||
|
||||
d) Convey the object code by offering access from a designated place (gratis
|
||||
or for a charge), and offer equivalent access to the Corresponding Source
|
||||
in the same way through the same place at no further charge. You need not
|
||||
require recipients to copy the Corresponding Source along with the object
|
||||
code. If the place to copy the object code is a network server, the Corresponding
|
||||
Source may be on a different server (operated by you or a third party) that
|
||||
supports equivalent copying facilities, provided you maintain clear directions
|
||||
next to the object code saying where to find the Corresponding Source. Regardless
|
||||
of what server hosts the Corresponding Source, you remain obligated to ensure
|
||||
that it is available for as long as needed to satisfy these requirements.
|
||||
|
||||
e) Convey the object code using peer-to-peer transmission, provided you inform
|
||||
other peers where the object code and Corresponding Source of the work are
|
||||
being offered to the general public at no charge under subsection 6d.
|
||||
|
||||
A separable portion of the object code, whose source code is excluded from
|
||||
the Corresponding Source as a System Library, need not be included in conveying
|
||||
the object code work.
|
||||
|
||||
A "User Product" is either (1) a "consumer product", which means any tangible
|
||||
personal property which is normally used for personal, family, or household
|
||||
purposes, or (2) anything designed or sold for incorporation into a dwelling.
|
||||
In determining whether a product is a consumer product, doubtful cases shall
|
||||
be resolved in favor of coverage. For a particular product received by a particular
|
||||
user, "normally used" refers to a typical or common use of that class of product,
|
||||
regardless of the status of the particular user or of the way in which the
|
||||
particular user actually uses, or expects or is expected to use, the product.
|
||||
A product is a consumer product regardless of whether the product has substantial
|
||||
commercial, industrial or non-consumer uses, unless such uses represent the
|
||||
only significant mode of use of the product.
|
||||
|
||||
"Installation Information" for a User Product means any methods, procedures,
|
||||
authorization keys, or other information required to install and execute modified
|
||||
versions of a covered work in that User Product from a modified version of
|
||||
its Corresponding Source. The information must suffice to ensure that the
|
||||
continued functioning of the modified object code is in no case prevented
|
||||
or interfered with solely because modification has been made.
|
||||
|
||||
If you convey an object code work under this section in, or with, or specifically
|
||||
for use in, a User Product, and the conveying occurs as part of a transaction
|
||||
in which the right of possession and use of the User Product is transferred
|
||||
to the recipient in perpetuity or for a fixed term (regardless of how the
|
||||
transaction is characterized), the Corresponding Source conveyed under this
|
||||
section must be accompanied by the Installation Information. But this requirement
|
||||
does not apply if neither you nor any third party retains the ability to install
|
||||
modified object code on the User Product (for example, the work has been installed
|
||||
in ROM).
|
||||
|
||||
The requirement to provide Installation Information does not include a requirement
|
||||
to continue to provide support service, warranty, or updates for a work that
|
||||
has been modified or installed by the recipient, or for the User Product in
|
||||
which it has been modified or installed. Access to a network may be denied
|
||||
when the modification itself materially and adversely affects the operation
|
||||
of the network or violates the rules and protocols for communication across
|
||||
the network.
|
||||
|
||||
Corresponding Source conveyed, and Installation Information provided, in accord
|
||||
with this section must be in a format that is publicly documented (and with
|
||||
an implementation available to the public in source code form), and must require
|
||||
no special password or key for unpacking, reading or copying.
|
||||
|
||||
7. Additional Terms.
|
||||
|
||||
"Additional permissions" are terms that supplement the terms of this License
|
||||
by making exceptions from one or more of its conditions. Additional permissions
|
||||
that are applicable to the entire Program shall be treated as though they
|
||||
were included in this License, to the extent that they are valid under applicable
|
||||
law. If additional permissions apply only to part of the Program, that part
|
||||
may be used separately under those permissions, but the entire Program remains
|
||||
governed by this License without regard to the additional permissions.
|
||||
|
||||
When you convey a copy of a covered work, you may at your option remove any
|
||||
additional permissions from that copy, or from any part of it. (Additional
|
||||
permissions may be written to require their own removal in certain cases when
|
||||
you modify the work.) You may place additional permissions on material, added
|
||||
by you to a covered work, for which you have or can give appropriate copyright
|
||||
permission.
|
||||
|
||||
Notwithstanding any other provision of this License, for material you add
|
||||
to a covered work, you may (if authorized by the copyright holders of that
|
||||
material) supplement the terms of this License with terms:
|
||||
|
||||
a) Disclaiming warranty or limiting liability differently from the terms of
|
||||
sections 15 and 16 of this License; or
|
||||
|
||||
b) Requiring preservation of specified reasonable legal notices or author
|
||||
attributions in that material or in the Appropriate Legal Notices displayed
|
||||
by works containing it; or
|
||||
|
||||
c) Prohibiting misrepresentation of the origin of that material, or requiring
|
||||
that modified versions of such material be marked in reasonable ways as different
|
||||
from the original version; or
|
||||
|
||||
d) Limiting the use for publicity purposes of names of licensors or authors
|
||||
of the material; or
|
||||
|
||||
e) Declining to grant rights under trademark law for use of some trade names,
|
||||
trademarks, or service marks; or
|
||||
|
||||
f) Requiring indemnification of licensors and authors of that material by
|
||||
anyone who conveys the material (or modified versions of it) with contractual
|
||||
assumptions of liability to the recipient, for any liability that these contractual
|
||||
assumptions directly impose on those licensors and authors.
|
||||
|
||||
All other non-permissive additional terms are considered "further restrictions"
|
||||
within the meaning of section 10. If the Program as you received it, or any
|
||||
part of it, contains a notice stating that it is governed by this License
|
||||
along with a term that is a further restriction, you may remove that term.
|
||||
If a license document contains a further restriction but permits relicensing
|
||||
or conveying under this License, you may add to a covered work material governed
|
||||
by the terms of that license document, provided that the further restriction
|
||||
does not survive such relicensing or conveying.
|
||||
|
||||
If you add terms to a covered work in accord with this section, you must place,
|
||||
in the relevant source files, a statement of the additional terms that apply
|
||||
to those files, or a notice indicating where to find the applicable terms.
|
||||
|
||||
Additional terms, permissive or non-permissive, may be stated in the form
|
||||
of a separately written license, or stated as exceptions; the above requirements
|
||||
apply either way.
|
||||
|
||||
8. Termination.
|
||||
|
||||
You may not propagate or modify a covered work except as expressly provided
|
||||
under this License. Any attempt otherwise to propagate or modify it is void,
|
||||
and will automatically terminate your rights under this License (including
|
||||
any patent licenses granted under the third paragraph of section 11).
|
||||
|
||||
However, if you cease all violation of this License, then your license from
|
||||
a particular copyright holder is reinstated (a) provisionally, unless and
|
||||
until the copyright holder explicitly and finally terminates your license,
|
||||
and (b) permanently, if the copyright holder fails to notify you of the violation
|
||||
by some reasonable means prior to 60 days after the cessation.
|
||||
|
||||
Moreover, your license from a particular copyright holder is reinstated permanently
|
||||
if the copyright holder notifies you of the violation by some reasonable means,
|
||||
this is the first time you have received notice of violation of this License
|
||||
(for any work) from that copyright holder, and you cure the violation prior
|
||||
to 30 days after your receipt of the notice.
|
||||
|
||||
Termination of your rights under this section does not terminate the licenses
|
||||
of parties who have received copies or rights from you under this License.
|
||||
If your rights have been terminated and not permanently reinstated, you do
|
||||
not qualify to receive new licenses for the same material under section 10.
|
||||
|
||||
9. Acceptance Not Required for Having Copies.
|
||||
|
||||
You are not required to accept this License in order to receive or run a copy
|
||||
of the Program. Ancillary propagation of a covered work occurring solely as
|
||||
a consequence of using peer-to-peer transmission to receive a copy likewise
|
||||
does not require acceptance. However, nothing other than this License grants
|
||||
you permission to propagate or modify any covered work. These actions infringe
|
||||
copyright if you do not accept this License. Therefore, by modifying or propagating
|
||||
a covered work, you indicate your acceptance of this License to do so.
|
||||
|
||||
10. Automatic Licensing of Downstream Recipients.
|
||||
|
||||
Each time you convey a covered work, the recipient automatically receives
|
||||
a license from the original licensors, to run, modify and propagate that work,
|
||||
subject to this License. You are not responsible for enforcing compliance
|
||||
by third parties with this License.
|
||||
|
||||
An "entity transaction" is a transaction transferring control of an organization,
|
||||
or substantially all assets of one, or subdividing an organization, or merging
|
||||
organizations. If propagation of a covered work results from an entity transaction,
|
||||
each party to that transaction who receives a copy of the work also receives
|
||||
whatever licenses to the work the party's predecessor in interest had or could
|
||||
give under the previous paragraph, plus a right to possession of the Corresponding
|
||||
Source of the work from the predecessor in interest, if the predecessor has
|
||||
it or can get it with reasonable efforts.
|
||||
|
||||
You may not impose any further restrictions on the exercise of the rights
|
||||
granted or affirmed under this License. For example, you may not impose a
|
||||
license fee, royalty, or other charge for exercise of rights granted under
|
||||
this License, and you may not initiate litigation (including a cross-claim
|
||||
or counterclaim in a lawsuit) alleging that any patent claim is infringed
|
||||
by making, using, selling, offering for sale, or importing the Program or
|
||||
any portion of it.
|
||||
|
||||
11. Patents.
|
||||
|
||||
A "contributor" is a copyright holder who authorizes use under this License
|
||||
of the Program or a work on which the Program is based. The work thus licensed
|
||||
is called the contributor's "contributor version".
|
||||
|
||||
A contributor's "essential patent claims" are all patent claims owned or controlled
|
||||
by the contributor, whether already acquired or hereafter acquired, that would
|
||||
be infringed by some manner, permitted by this License, of making, using,
|
||||
or selling its contributor version, but do not include claims that would be
|
||||
infringed only as a consequence of further modification of the contributor
|
||||
version. For purposes of this definition, "control" includes the right to
|
||||
grant patent sublicenses in a manner consistent with the requirements of this
|
||||
License.
|
||||
|
||||
Each contributor grants you a non-exclusive, worldwide, royalty-free patent
|
||||
license under the contributor's essential patent claims, to make, use, sell,
|
||||
offer for sale, import and otherwise run, modify and propagate the contents
|
||||
of its contributor version.
|
||||
|
||||
In the following three paragraphs, a "patent license" is any express agreement
|
||||
or commitment, however denominated, not to enforce a patent (such as an express
|
||||
permission to practice a patent or covenant not to sue for patent infringement).
|
||||
To "grant" such a patent license to a party means to make such an agreement
|
||||
or commitment not to enforce a patent against the party.
|
||||
|
||||
If you convey a covered work, knowingly relying on a patent license, and the
|
||||
Corresponding Source of the work is not available for anyone to copy, free
|
||||
of charge and under the terms of this License, through a publicly available
|
||||
network server or other readily accessible means, then you must either (1)
|
||||
cause the Corresponding Source to be so available, or (2) arrange to deprive
|
||||
yourself of the benefit of the patent license for this particular work, or
|
||||
(3) arrange, in a manner consistent with the requirements of this License,
|
||||
to extend the patent license to downstream recipients. "Knowingly relying"
|
||||
means you have actual knowledge that, but for the patent license, your conveying
|
||||
the covered work in a country, or your recipient's use of the covered work
|
||||
in a country, would infringe one or more identifiable patents in that country
|
||||
that you have reason to believe are valid.
|
||||
|
||||
If, pursuant to or in connection with a single transaction or arrangement,
|
||||
you convey, or propagate by procuring conveyance of, a covered work, and grant
|
||||
a patent license to some of the parties receiving the covered work authorizing
|
||||
them to use, propagate, modify or convey a specific copy of the covered work,
|
||||
then the patent license you grant is automatically extended to all recipients
|
||||
of the covered work and works based on it.
|
||||
|
||||
A patent license is "discriminatory" if it does not include within the scope
|
||||
of its coverage, prohibits the exercise of, or is conditioned on the non-exercise
|
||||
of one or more of the rights that are specifically granted under this License.
|
||||
You may not convey a covered work if you are a party to an arrangement with
|
||||
a third party that is in the business of distributing software, under which
|
||||
you make payment to the third party based on the extent of your activity of
|
||||
conveying the work, and under which the third party grants, to any of the
|
||||
parties who would receive the covered work from you, a discriminatory patent
|
||||
license (a) in connection with copies of the covered work conveyed by you
|
||||
(or copies made from those copies), or (b) primarily for and in connection
|
||||
with specific products or compilations that contain the covered work, unless
|
||||
you entered into that arrangement, or that patent license was granted, prior
|
||||
to 28 March 2007.
|
||||
|
||||
Nothing in this License shall be construed as excluding or limiting any implied
|
||||
license or other defenses to infringement that may otherwise be available
|
||||
to you under applicable patent law.
|
||||
|
||||
12. No Surrender of Others' Freedom.
|
||||
|
||||
If conditions are imposed on you (whether by court order, agreement or otherwise)
|
||||
that contradict the conditions of this License, they do not excuse you from
|
||||
the conditions of this License. If you cannot convey a covered work so as
|
||||
to satisfy simultaneously your obligations under this License and any other
|
||||
pertinent obligations, then as a consequence you may not convey it at all.
|
||||
For example, if you agree to terms that obligate you to collect a royalty
|
||||
for further conveying from those to whom you convey the Program, the only
|
||||
way you could satisfy both those terms and this License would be to refrain
|
||||
entirely from conveying the Program.
|
||||
|
||||
13. Use with the GNU Affero General Public License.
|
||||
|
||||
Notwithstanding any other provision of this License, you have permission to
|
||||
link or combine any covered work with a work licensed under version 3 of the
|
||||
GNU Affero General Public License into a single combined work, and to convey
|
||||
the resulting work. The terms of this License will continue to apply to the
|
||||
part which is the covered work, but the special requirements of the GNU Affero
|
||||
General Public License, section 13, concerning interaction through a network
|
||||
will apply to the combination as such.
|
||||
|
||||
14. Revised Versions of this License.
|
||||
|
||||
The Free Software Foundation may publish revised and/or new versions of the
|
||||
GNU General Public License from time to time. Such new versions will be similar
|
||||
in spirit to the present version, but may differ in detail to address new
|
||||
problems or concerns.
|
||||
|
||||
Each version is given a distinguishing version number. If the Program specifies
|
||||
that a certain numbered version of the GNU General Public License "or any
|
||||
later version" applies to it, you have the option of following the terms and
|
||||
conditions either of that numbered version or of any later version published
|
||||
by the Free Software Foundation. If the Program does not specify a version
|
||||
number of the GNU General Public License, you may choose any version ever
|
||||
published by the Free Software Foundation.
|
||||
|
||||
If the Program specifies that a proxy can decide which future versions of
|
||||
the GNU General Public License can be used, that proxy's public statement
|
||||
of acceptance of a version permanently authorizes you to choose that version
|
||||
for the Program.
|
||||
|
||||
Later license versions may give you additional or different permissions. However,
|
||||
no additional obligations are imposed on any author or copyright holder as
|
||||
a result of your choosing to follow a later version.
|
||||
|
||||
15. Disclaimer of Warranty.
|
||||
|
||||
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE
|
||||
LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
|
||||
OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER
|
||||
EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
||||
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
|
||||
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM
|
||||
PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR
|
||||
CORRECTION.
|
||||
|
||||
16. Limitation of Liability.
|
||||
|
||||
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL
|
||||
ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM
|
||||
AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL,
|
||||
INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO
|
||||
USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED
|
||||
INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE
|
||||
PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER
|
||||
PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
|
||||
|
||||
17. Interpretation of Sections 15 and 16.
|
||||
|
||||
If the disclaimer of warranty and limitation of liability provided above cannot
|
||||
be given local legal effect according to their terms, reviewing courts shall
|
||||
apply local law that most closely approximates an absolute waiver of all civil
|
||||
liability in connection with the Program, unless a warranty or assumption
|
||||
of liability accompanies a copy of the Program in return for a fee. END OF
|
||||
TERMS AND CONDITIONS
|
||||
|
||||
How to Apply These Terms to Your New Programs
|
||||
|
||||
If you develop a new program, and you want it to be of the greatest possible
|
||||
use to the public, the best way to achieve this is to make it free software
|
||||
which everyone can redistribute and change under these terms.
|
||||
|
||||
To do so, attach the following notices to the program. It is safest to attach
|
||||
them to the start of each source file to most effectively state the exclusion
|
||||
of warranty; and each file should have at least the "copyright" line and a
|
||||
pointer to where the full notice is found.
|
||||
|
||||
<one line to give the program's name and a brief idea of what it does.>
|
||||
|
||||
Copyright (C) <year> <name of author>
|
||||
|
||||
This program is free software: you can redistribute it and/or modify it under
|
||||
the terms of the GNU General Public License as published by the Free Software
|
||||
Foundation, either version 3 of the License, or (at your option) any later
|
||||
version.
|
||||
|
||||
This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License along with
|
||||
this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
|
||||
Also add information on how to contact you by electronic and paper mail.
|
||||
|
||||
If the program does terminal interaction, make it output a short notice like
|
||||
this when it starts in an interactive mode:
|
||||
|
||||
<program> Copyright (C) <year> <name of author>
|
||||
|
||||
This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
|
||||
|
||||
This is free software, and you are welcome to redistribute it under certain
|
||||
conditions; type `show c' for details.
|
||||
|
||||
The hypothetical commands `show w' and `show c' should show the appropriate
|
||||
parts of the General Public License. Of course, your program's commands might
|
||||
be different; for a GUI interface, you would use an "about box".
|
||||
|
||||
You should also get your employer (if you work as a programmer) or school,
|
||||
if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
more information on this, and how to apply and follow the GNU GPL, see <https://www.gnu.org/licenses/>.
|
||||
|
||||
The GNU General Public License does not permit incorporating your program
|
||||
into proprietary programs. If your program is a subroutine library, you may
|
||||
consider it more useful to permit linking proprietary applications with the
|
||||
library. If this is what you want to do, use the GNU Lesser General Public
|
||||
License instead of this License. But first, please read <https://www.gnu.org/
|
||||
licenses /why-not-lgpl.html>.
|
@ -1,32 +1,23 @@
|
||||
---
|
||||
# Copyright (C) 2018-2022 Robert Wimmer
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
- name: Restart wireguard
|
||||
ansible.builtin.service:
|
||||
- name: restart wireguard
|
||||
service:
|
||||
name: "wg-quick@{{ wireguard_interface }}"
|
||||
state: "{{ item }}"
|
||||
loop:
|
||||
- stopped
|
||||
- started
|
||||
when:
|
||||
- wireguard__restart_interface
|
||||
- not ansible_os_family == 'Darwin'
|
||||
- wireguard_service_enabled == "yes"
|
||||
- stopped
|
||||
- started
|
||||
when: not wg_syncconf
|
||||
listen: "reconfigure wireguard"
|
||||
|
||||
- name: Syncconf wireguard
|
||||
ansible.builtin.shell: |
|
||||
set -o errexit
|
||||
set -o pipefail
|
||||
set -o nounset
|
||||
systemctl is-active wg-quick@{{ wireguard_interface | quote }} || systemctl start wg-quick@{{ wireguard_interface | quote }}
|
||||
wg syncconf {{ wireguard_interface | quote }} <(wg-quick strip /etc/wireguard/{{ wireguard_interface | quote }}.conf)
|
||||
exit 0
|
||||
- name: syncconf wireguard
|
||||
shell: |
|
||||
set -o errexit
|
||||
set -o pipefail
|
||||
set -o nounset
|
||||
systemctl is-active wg-quick@wg-quick@{{ wireguard_interface|quote }} || systemctl start wg-quick@{{ wireguard_interface|quote }}
|
||||
wg syncconf {{ wireguard_interface|quote }} <(wg-quick strip /etc/wireguard/{{ wireguard_interface|quote }}.conf)
|
||||
exit 0
|
||||
args:
|
||||
executable: "/bin/bash"
|
||||
when:
|
||||
- not wireguard__restart_interface
|
||||
- not ansible_os_family == 'Darwin'
|
||||
- wireguard_service_enabled == "yes"
|
||||
when: wg_syncconf
|
||||
listen: "reconfigure wireguard"
|
||||
|
@ -1,12 +0,0 @@
|
||||
---
|
||||
# Copyright (C) 2022 Robert Wimmer
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
- hosts: all
|
||||
remote_user: vagrant
|
||||
become: true
|
||||
gather_facts: true
|
||||
tasks:
|
||||
- name: Include WireGuard role
|
||||
ansible.builtin.include_role:
|
||||
name: githubixx.ansible_role_wireguard
|
@ -1,95 +0,0 @@
|
||||
---
|
||||
# Copyright (C) 2022 Robert Wimmer
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
dependency:
|
||||
name: galaxy
|
||||
|
||||
driver:
|
||||
name: vagrant
|
||||
provider:
|
||||
name: libvirt
|
||||
type: libvirt
|
||||
options:
|
||||
memory: 192
|
||||
cpus: 2
|
||||
|
||||
platforms:
|
||||
- name: test-wg-ubuntu2004
|
||||
box: generic/ubuntu2004
|
||||
interfaces:
|
||||
- auto_config: true
|
||||
network_name: private_network
|
||||
type: static
|
||||
ip: 192.168.10.10
|
||||
groups:
|
||||
- vpn
|
||||
- ubuntu
|
||||
- name: test-wg-ubuntu1804
|
||||
box: generic/ubuntu1804
|
||||
interfaces:
|
||||
- auto_config: true
|
||||
network_name: private_network
|
||||
type: static
|
||||
ip: 192.168.10.20
|
||||
groups:
|
||||
- vpn
|
||||
- ubuntu
|
||||
- name: test-wg-debian11
|
||||
box: generic/debian11
|
||||
interfaces:
|
||||
- auto_config: true
|
||||
network_name: private_network
|
||||
type: static
|
||||
ip: 192.168.10.30
|
||||
groups:
|
||||
- vpn
|
||||
- debian
|
||||
- name: test-wg-ubuntu2204
|
||||
box: alvistack/ubuntu-22.04
|
||||
interfaces:
|
||||
- auto_config: true
|
||||
network_name: private_network
|
||||
type: static
|
||||
ip: 192.168.10.40
|
||||
groups:
|
||||
- vpn
|
||||
- ubuntu
|
||||
|
||||
provisioner:
|
||||
name: ansible
|
||||
connection_options:
|
||||
ansible_ssh_user: vagrant
|
||||
ansible_become: true
|
||||
log: true
|
||||
lint:
|
||||
name: ansible-lint
|
||||
inventory:
|
||||
host_vars:
|
||||
test-wg-ubuntu2004:
|
||||
wireguard_address: "10.10.10.10/24"
|
||||
wireguard_port: 51820
|
||||
wireguard_persistent_keepalive: "30"
|
||||
wireguard_endpoint: "192.168.10.10"
|
||||
test-wg-ubuntu1804:
|
||||
wireguard_address: "10.10.10.20/24"
|
||||
wireguard_persistent_keepalive: "30"
|
||||
wireguard_endpoint: ""
|
||||
test-wg-debian11:
|
||||
wireguard_address: "10.10.10.30/24"
|
||||
wireguard_persistent_keepalive: "30"
|
||||
wireguard_endpoint: ""
|
||||
ansible_python_interpreter: "/usr/bin/python3"
|
||||
test-wg-ubuntu2204:
|
||||
wireguard_address: "10.10.10.40/24"
|
||||
wireguard_persistent_keepalive: "30"
|
||||
wireguard_endpoint: ""
|
||||
|
||||
scenario:
|
||||
name: kvm-single-server
|
||||
test_sequence:
|
||||
- prepare
|
||||
- converge
|
||||
|
||||
verifier:
|
||||
name: ansible
|
@ -1,13 +0,0 @@
|
||||
---
|
||||
# Copyright (C) 2022 Robert Wimmer
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
- hosts: ubuntu
|
||||
remote_user: vagrant
|
||||
become: true
|
||||
gather_facts: true
|
||||
tasks:
|
||||
- name: Update APT package cache
|
||||
ansible.builtin.apt:
|
||||
update_cache: true
|
||||
cache_valid_time: 3600
|
@ -1,33 +0,0 @@
|
||||
---
|
||||
# Copyright (C) 2022 Robert Wimmer
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
- name: Verify setup
|
||||
hosts: all
|
||||
vars:
|
||||
hosts_count: "{{ groups['vpn'] | length }}"
|
||||
tasks:
|
||||
- name: Count WireGuard interfaces
|
||||
ansible.builtin.shell: |
|
||||
set -o errexit
|
||||
set -o pipefail
|
||||
set -o nounset
|
||||
wg | grep "peer: " | wc -l
|
||||
exit 0
|
||||
args:
|
||||
executable: "/bin/bash"
|
||||
register: wireguard__interfaces_count
|
||||
changed_when: false
|
||||
|
||||
- name: Print WireGuard interface count
|
||||
ansible.builtin.debug:
|
||||
var: wireguard__interfaces_count.stdout
|
||||
|
||||
- name: Print hosts count in vpn group
|
||||
ansible.builtin.debug:
|
||||
var: hosts_count
|
||||
|
||||
- name: There should be as much WireGuard interfaces as hosts in vpn group minus one
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- "hosts_count|int -1 == wireguard__interfaces_count.stdout|int"
|
@ -1,12 +0,0 @@
|
||||
---
|
||||
# Copyright (C) 2020-2022 Robert Wimmer
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
- hosts: all
|
||||
remote_user: vagrant
|
||||
become: true
|
||||
gather_facts: true
|
||||
tasks:
|
||||
- name: Include WireGuard role
|
||||
ansible.builtin.include_role:
|
||||
name: githubixx.ansible_role_wireguard
|
@ -1,297 +0,0 @@
|
||||
---
|
||||
# Copyright (C) 2020-2022 Robert Wimmer
|
||||
# Copyright (C) 2020 Pierre Ozoux
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
dependency:
|
||||
name: galaxy
|
||||
|
||||
driver:
|
||||
name: vagrant
|
||||
provider:
|
||||
name: libvirt
|
||||
type: libvirt
|
||||
|
||||
platforms:
|
||||
- name: test-wg-ubuntu2004
|
||||
box: generic/ubuntu2004
|
||||
memory: 1024
|
||||
cpus: 2
|
||||
interfaces:
|
||||
- auto_config: true
|
||||
network_name: private_network
|
||||
type: static
|
||||
ip: 192.168.10.10
|
||||
groups:
|
||||
- vpn
|
||||
- ubuntu
|
||||
- name: test-wg-ubuntu1804
|
||||
box: generic/ubuntu1804
|
||||
memory: 1024
|
||||
cpus: 2
|
||||
interfaces:
|
||||
- auto_config: true
|
||||
network_name: private_network
|
||||
type: static
|
||||
ip: 192.168.10.20
|
||||
groups:
|
||||
- vpn
|
||||
- ubuntu
|
||||
- name: test-wg-fedora36
|
||||
box: generic/fedora36
|
||||
memory: 1024
|
||||
cpus: 2
|
||||
interfaces:
|
||||
- auto_config: true
|
||||
network_name: private_network
|
||||
type: static
|
||||
ip: 192.168.10.40
|
||||
groups:
|
||||
- vpn
|
||||
- fedora
|
||||
- name: test-wg-centos7
|
||||
box: generic/centos7
|
||||
memory: 1024
|
||||
cpus: 2
|
||||
interfaces:
|
||||
- auto_config: true
|
||||
network_name: private_network
|
||||
type: static
|
||||
ip: 192.168.10.50
|
||||
groups:
|
||||
- vpn
|
||||
- el7
|
||||
- name: test-wg-arch
|
||||
box: archlinux/archlinux
|
||||
memory: 1024
|
||||
cpus: 2
|
||||
interfaces:
|
||||
- auto_config: true
|
||||
network_name: private_network
|
||||
type: static
|
||||
ip: 192.168.10.60
|
||||
groups:
|
||||
- vpn
|
||||
- archlinux
|
||||
- name: test-wg-debian11
|
||||
box: generic/debian11
|
||||
memory: 1024
|
||||
cpus: 2
|
||||
interfaces:
|
||||
- auto_config: true
|
||||
network_name: private_network
|
||||
type: static
|
||||
ip: 192.168.10.70
|
||||
groups:
|
||||
- vpn
|
||||
- debian
|
||||
- name: test-wg-rocky8
|
||||
box: generic/rocky8
|
||||
memory: 1024
|
||||
cpus: 2
|
||||
interfaces:
|
||||
- auto_config: true
|
||||
network_name: private_network
|
||||
type: static
|
||||
ip: 192.168.10.80
|
||||
groups:
|
||||
- vpn
|
||||
- el8
|
||||
- name: test-wg-alma8
|
||||
box: generic/alma8
|
||||
memory: 1024
|
||||
cpus: 2
|
||||
interfaces:
|
||||
- auto_config: true
|
||||
network_name: private_network
|
||||
type: static
|
||||
ip: 192.168.10.90
|
||||
groups:
|
||||
- vpn
|
||||
- el8
|
||||
- name: test-wg-centos7-kernel-plus
|
||||
box: generic/centos7
|
||||
memory: 1024
|
||||
cpus: 2
|
||||
interfaces:
|
||||
- auto_config: true
|
||||
network_name: private_network
|
||||
type: static
|
||||
ip: 192.168.10.100
|
||||
groups:
|
||||
- vpn
|
||||
- el7
|
||||
- name: test-wg-rocky8-dkms
|
||||
box: generic/rocky8
|
||||
memory: 1024
|
||||
cpus: 2
|
||||
interfaces:
|
||||
- auto_config: true
|
||||
network_name: private_network
|
||||
type: static
|
||||
ip: 192.168.10.130
|
||||
groups:
|
||||
- vpn
|
||||
- el8
|
||||
- el8dkms
|
||||
- name: test-wg-ubuntu2204
|
||||
box: generic/ubuntu2004
|
||||
memory: 1024
|
||||
cpus: 2
|
||||
interfaces:
|
||||
- auto_config: true
|
||||
network_name: private_network
|
||||
type: static
|
||||
ip: 192.168.10.140
|
||||
groups:
|
||||
- vpn
|
||||
- ubuntu
|
||||
- name: test-wg-opensuse-leap-15-4
|
||||
box: opensuse/Leap-15.4.x86_64
|
||||
memory: 1024
|
||||
cpus: 2
|
||||
interfaces:
|
||||
- auto_config: true
|
||||
network_name: private_network
|
||||
type: static
|
||||
ip: 192.168.10.150
|
||||
groups:
|
||||
- vpn
|
||||
- opensuse
|
||||
- name: test-wg-rocky9
|
||||
box: generic/rocky9
|
||||
memory: 1024
|
||||
cpus: 2
|
||||
interfaces:
|
||||
- auto_config: true
|
||||
network_name: private_network
|
||||
type: static
|
||||
ip: 192.168.10.160
|
||||
groups:
|
||||
- vpn
|
||||
- el9
|
||||
- name: test-wg-alma9
|
||||
box: generic/alma9
|
||||
memory: 1024
|
||||
cpus: 2
|
||||
interfaces:
|
||||
- auto_config: true
|
||||
network_name: private_network
|
||||
type: static
|
||||
ip: 192.168.10.170
|
||||
groups:
|
||||
- vpn
|
||||
- el9
|
||||
- name: test-wg-oracle9
|
||||
box: generic/oracle9
|
||||
memory: 1024
|
||||
cpus: 2
|
||||
interfaces:
|
||||
- auto_config: true
|
||||
network_name: private_network
|
||||
type: static
|
||||
ip: 192.168.10.180
|
||||
groups:
|
||||
- vpn
|
||||
- el9
|
||||
|
||||
provisioner:
|
||||
name: ansible
|
||||
connection_options:
|
||||
ansible_ssh_user: vagrant
|
||||
ansible_become: true
|
||||
log: true
|
||||
lint:
|
||||
name: ansible-lint
|
||||
inventory:
|
||||
host_vars:
|
||||
test-wg-ubuntu2004:
|
||||
wireguard_address: "10.10.10.10/24"
|
||||
wireguard_port: 51820
|
||||
wireguard_persistent_keepalive: "30"
|
||||
wireguard_endpoint: "192.168.10.10"
|
||||
test-wg-ubuntu1804:
|
||||
wireguard_address: "10.10.10.20/24"
|
||||
wireguard_port: 51820
|
||||
wireguard_persistent_keepalive: "30"
|
||||
wireguard_endpoint: "192.168.10.20"
|
||||
test-wg-fedora36:
|
||||
wireguard_address: "10.10.10.40/24"
|
||||
wireguard_port: 51820
|
||||
wireguard_persistent_keepalive: "30"
|
||||
wireguard_endpoint: "192.168.10.40"
|
||||
wireguard_interface_restart: true
|
||||
test-wg-centos7:
|
||||
wireguard_address: "10.10.10.50/24"
|
||||
wireguard_port: 51820
|
||||
wireguard_persistent_keepalive: "30"
|
||||
wireguard_endpoint: "192.168.10.50"
|
||||
wireguard_interface_restart: true
|
||||
test-wg-arch:
|
||||
wireguard_address: "10.10.10.60/24"
|
||||
wireguard_port: 51820
|
||||
wireguard_persistent_keepalive: "30"
|
||||
wireguard_endpoint: "192.168.10.60"
|
||||
ansible_python_interpreter: "/usr/bin/python"
|
||||
test-wg-debian11:
|
||||
wireguard_address: "10.10.10.70/24"
|
||||
wireguard_port: 51820
|
||||
wireguard_persistent_keepalive: "30"
|
||||
wireguard_endpoint: "192.168.10.70"
|
||||
ansible_python_interpreter: "/usr/bin/python3"
|
||||
test-wg-rocky8:
|
||||
wireguard_address: "10.10.10.80/24"
|
||||
wireguard_port: 51820
|
||||
wireguard_persistent_keepalive: "30"
|
||||
wireguard_endpoint: "192.168.10.80"
|
||||
test-wg-alma8:
|
||||
wireguard_address: "10.10.10.90/24"
|
||||
wireguard_port: 51820
|
||||
wireguard_persistent_keepalive: "30"
|
||||
wireguard_endpoint: "192.168.10.90"
|
||||
test-wg-centos7-kernel-plus:
|
||||
wireguard_address: "10.10.10.100/24"
|
||||
wireguard_port: 51821
|
||||
wireguard_persistent_keepalive: "30"
|
||||
wireguard_endpoint: "192.168.10.100"
|
||||
wireguard_centos7_installation_method: "kernel-plus"
|
||||
test-wg-rocky8-dkms:
|
||||
wireguard_address: "10.10.10.130/24"
|
||||
wireguard_port: 51820
|
||||
wireguard_persistent_keepalive: "30"
|
||||
wireguard_endpoint: "192.168.10.130"
|
||||
wireguard_rockylinux8_installation_method: "dkms"
|
||||
test-wg-ubuntu2204:
|
||||
wireguard_address: "10.10.10.140/24"
|
||||
wireguard_port: 51820
|
||||
wireguard_persistent_keepalive: "30"
|
||||
wireguard_endpoint: "192.168.10.140"
|
||||
test-wg-opensuse-leap-15-4:
|
||||
wireguard_address: "10.10.10.150/24"
|
||||
wireguard_port: 51820
|
||||
wireguard_persistent_keepalive: "30"
|
||||
wireguard_endpoint: "192.168.10.150"
|
||||
test-wg-rocky9:
|
||||
wireguard_address: "10.10.10.160/24"
|
||||
wireguard_port: 51820
|
||||
wireguard_persistent_keepalive: "30"
|
||||
wireguard_endpoint: "192.168.10.160"
|
||||
test-wg-alma9:
|
||||
wireguard_address: "10.10.10.170/24"
|
||||
wireguard_port: 51820
|
||||
wireguard_persistent_keepalive: "30"
|
||||
wireguard_endpoint: "192.168.10.170"
|
||||
test-wg-oracle9:
|
||||
wireguard_address: "10.10.10.180/24"
|
||||
wireguard_port: 51820
|
||||
wireguard_persistent_keepalive: "30"
|
||||
wireguard_endpoint: "192.168.10.180"
|
||||
|
||||
scenario:
|
||||
name: kvm
|
||||
test_sequence:
|
||||
- prepare
|
||||
- converge
|
||||
|
||||
verifier:
|
||||
name: ansible
|
@ -1,70 +0,0 @@
|
||||
---
|
||||
# Copyright (C) 2021-2023 Robert Wimmer
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
- hosts: opensuse
|
||||
remote_user: vagrant
|
||||
become: true
|
||||
gather_facts: true
|
||||
tasks:
|
||||
- name: Remove backports repositories
|
||||
ansible.builtin.raw: |
|
||||
zypper rr repo-backports-debug-update
|
||||
zypper rr repo-backports-update
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
|
||||
- hosts: archlinux
|
||||
remote_user: vagrant
|
||||
become: true
|
||||
gather_facts: false
|
||||
tasks:
|
||||
- name: Init pacman
|
||||
ansible.builtin.raw: |
|
||||
pacman-key --init
|
||||
pacman-key --populate archlinux
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
|
||||
- name: Updating pacman cache
|
||||
raw: pacman -Sy
|
||||
|
||||
- name: Install Python
|
||||
ansible.builtin.raw: |
|
||||
pacman -S --noconfirm python
|
||||
args:
|
||||
executable: /bin/bash
|
||||
changed_when: false
|
||||
|
||||
- hosts: proxmox
|
||||
remote_user: vagrant
|
||||
become: true
|
||||
gather_facts: true
|
||||
tasks:
|
||||
- name: (Proxmox) Delete /var/lib/apt/lists/lock
|
||||
ansible.builtin.file:
|
||||
name: /var/lib/apt/lists/lock
|
||||
state: absent
|
||||
|
||||
- hosts: ubuntu
|
||||
remote_user: vagrant
|
||||
become: true
|
||||
gather_facts: true
|
||||
tasks:
|
||||
- name: Update APT package cache
|
||||
ansible.builtin.apt:
|
||||
update_cache: true
|
||||
cache_valid_time: 3600
|
||||
|
||||
- hosts: el8dkms
|
||||
remote_user: vagrant
|
||||
become: true
|
||||
gather_facts: true
|
||||
tasks:
|
||||
- name: Install ELRepo mainline kernel
|
||||
ansible.builtin.raw: |
|
||||
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
|
||||
dnf install -y https://www.elrepo.org/elrepo-release-8.el8.elrepo.noarch.rpm
|
||||
dnf --enablerepo=elrepo-kernel install -y kernel-ml
|
||||
changed_when: false
|
||||
failed_when: false
|
@ -1,33 +0,0 @@
|
||||
---
|
||||
# Copyright (C) 2022 Robert Wimmer
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
- name: Verify setup
|
||||
hosts: all
|
||||
vars:
|
||||
hosts_count: "{{ groups['vpn'] | length }}"
|
||||
tasks:
|
||||
- name: Count WireGuard interfaces
|
||||
ansible.builtin.shell: |
|
||||
set -o errexit
|
||||
set -o pipefail
|
||||
set -o nounset
|
||||
wg | grep "peer: " | wc -l
|
||||
exit 0
|
||||
args:
|
||||
executable: "/bin/bash"
|
||||
register: wireguard__interfaces_count
|
||||
changed_when: false
|
||||
|
||||
- name: Print WireGuard interface count
|
||||
ansible.builtin.debug:
|
||||
var: wireguard__interfaces_count.stdout
|
||||
|
||||
- name: Print hosts count in vpn group
|
||||
ansible.builtin.debug:
|
||||
var: hosts_count
|
||||
|
||||
- name: There should be as much WireGuard interfaces as hosts in vpn group minus one
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- "hosts_count|int -1 == wireguard__interfaces_count.stdout|int"
|
@ -1,23 +0,0 @@
|
||||
---
|
||||
# Copyright (C) 2021-2022 Robert Wimmer
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
- name: (AlmaLinux 8) Install EPEL & ELRepo repository
|
||||
ansible.builtin.yum:
|
||||
name:
|
||||
- epel-release
|
||||
- elrepo-release
|
||||
update_cache: "{{ wireguard_update_cache }}"
|
||||
|
||||
- name: (AlmaLinux 8) Ensure WireGuard DKMS package is removed
|
||||
ansible.builtin.yum:
|
||||
name:
|
||||
- "wireguard-dkms"
|
||||
state: absent
|
||||
|
||||
- name: (AlmaLinux 8) Install WireGuard packages
|
||||
ansible.builtin.yum:
|
||||
name:
|
||||
- "kmod-wireguard"
|
||||
- "wireguard-tools"
|
||||
state: present
|
@ -1,9 +0,0 @@
|
||||
---
|
||||
# Copyright (C) 2022 Robert Wimmer
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
- name: (AlmaLinux) Install wireguard-tools package
|
||||
ansible.builtin.yum:
|
||||
name: wireguard-tools
|
||||
state: present
|
||||
update_cache: "{{ wireguard_update_cache }}"
|
@ -1,12 +1,32 @@
|
||||
---
|
||||
# Copyright (C) 2018-2022 Robert Wimmer
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
- name: (Archlinux) Install wireguard-lts package
|
||||
pacman:
|
||||
name: "{{ item.name }}"
|
||||
state: "{{ item.state }}"
|
||||
with_items:
|
||||
- { name: wireguard-dkms, state: absent }
|
||||
- { name: wireguard-lts, state: present }
|
||||
become: yes
|
||||
tags:
|
||||
- wg-install
|
||||
when:
|
||||
- ansible_kernel is match(".*-lts$")
|
||||
- ansible_kernel is version('5.6', '<')
|
||||
|
||||
- name: (Archlinux) Refresh the master package lists
|
||||
community.general.pacman:
|
||||
update_cache: "{{ wireguard_update_cache }}"
|
||||
- name: (Archlinux) Install wireguard-dkms package
|
||||
pacman:
|
||||
name: wireguard-dkms
|
||||
state: present
|
||||
become: yes
|
||||
tags:
|
||||
- wg-install
|
||||
when:
|
||||
- not ansible_kernel is match(".*-lts$")
|
||||
- ansible_kernel is version('5.6', '<')
|
||||
|
||||
- name: (Archlinux) Install wireguard-tools package
|
||||
community.general.pacman:
|
||||
pacman:
|
||||
name: wireguard-tools
|
||||
state: present
|
||||
tags:
|
||||
- wg-install
|
||||
|
@ -1,77 +0,0 @@
|
||||
---
|
||||
# Copyright (C) 2020 Roman Danko
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
- name: (CentOS 7) Tasks for standard kernel
|
||||
when:
|
||||
- wireguard_centos7_installation_method == "standard"
|
||||
block:
|
||||
- name: (CentOS 7) Install EPEL & ELRepo repository
|
||||
ansible.builtin.yum:
|
||||
name:
|
||||
- epel-release
|
||||
- https://www.elrepo.org/elrepo-release-7.el7.elrepo.noarch.rpm
|
||||
update_cache: "{{ wireguard_update_cache }}"
|
||||
|
||||
- name: (CentOS 7) Install yum-plugin-elrepo
|
||||
ansible.builtin.yum:
|
||||
name: yum-plugin-elrepo
|
||||
update_cache: "{{ wireguard_update_cache }}"
|
||||
|
||||
- name: (CentOS 7) Install WireGuard packages
|
||||
ansible.builtin.yum:
|
||||
name:
|
||||
- "kmod-wireguard"
|
||||
- "wireguard-tools"
|
||||
state: present
|
||||
register: wireguard__centos7_yum_updates
|
||||
|
||||
- name: (CentOS 7) Reboot Instance to update kernel
|
||||
when:
|
||||
- wireguard_centos7_standard_reboot
|
||||
- wireguard__centos7_yum_updates.changed
|
||||
ansible.builtin.reboot:
|
||||
reboot_timeout: "{{ wireguard_centos7_standard_reboot_timeout }}"
|
||||
|
||||
- name: (CentOS 7) Ensure WireGuard DKMS package is removed
|
||||
ansible.builtin.yum:
|
||||
name:
|
||||
- "wireguard-dkms"
|
||||
state: absent
|
||||
|
||||
- name: (CentOS 7 - kernel-plus) Tasks for kernel-plus
|
||||
when:
|
||||
- wireguard_centos7_installation_method == "kernel-plus"
|
||||
block:
|
||||
- name: (CentOS 7) Install EPEL repository & yum utils
|
||||
ansible.builtin.yum:
|
||||
name:
|
||||
- epel-release
|
||||
- yum-utils
|
||||
update_cache: "{{ wireguard_update_cache }}"
|
||||
|
||||
- name: (CentOS 7 - kernel-plus) Enable CentosPlus repo
|
||||
ansible.builtin.command: yum-config-manager --setopt=centosplus.includepkgs=kernel-plus --enablerepo=centosplus --save
|
||||
changed_when: false
|
||||
|
||||
- name: (CentOS 7 - kernel-plus) Update to kernel-plus
|
||||
ansible.builtin.replace:
|
||||
path: /etc/sysconfig/kernel
|
||||
regexp: '^DEFAULTKERNEL=kernel$'
|
||||
replace: 'DEFAULTKERNEL=kernel-plus'
|
||||
|
||||
- name: (CentOS 7 - kernel-plus) Install WireGuard packages
|
||||
ansible.builtin.yum:
|
||||
name:
|
||||
- "kernel-plus"
|
||||
- "wireguard-tools"
|
||||
state: present
|
||||
register: wireguard__centos7_yum_updates
|
||||
|
||||
- name: (CentOS 7 - kernel-plus) Reboot Instance to update kernel
|
||||
when:
|
||||
- wireguard_centos7_kernel_plus_reboot
|
||||
- wireguard__centos7_yum_updates.changes is defined
|
||||
- wireguard__centos7_yum_updates.changes.installed|flatten|select('regex', '^kernel-plus$') is any
|
||||
ansible.builtin.reboot:
|
||||
reboot_timeout: "{{ wireguard_centos7_kernel_plus_reboot_timeout }}"
|
@ -0,0 +1,19 @@
|
||||
---
|
||||
- name: (CentOS) Add WireGuard repository
|
||||
get_url:
|
||||
url: https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo
|
||||
dest: /etc/yum.repos.d/wireguard.repo
|
||||
|
||||
- name: (CentOS) Install EPEL repository
|
||||
yum:
|
||||
name: epel-release
|
||||
update_cache: yes
|
||||
|
||||
- name: (CentOS) Install wireguard packages
|
||||
yum:
|
||||
name:
|
||||
- "wireguard-dkms"
|
||||
- "wireguard-tools"
|
||||
state: present
|
||||
tags:
|
||||
- wg-install
|
@ -1,16 +0,0 @@
|
||||
---
|
||||
# Copyright (C) 2021 Tobias Richter
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
- name: (Proxmox) Add WireGuard repository
|
||||
ansible.builtin.apt_repository:
|
||||
repo: "deb http://deb.debian.org/debian buster-backports main"
|
||||
state: "{{ 'present' if (ansible_distribution_version | int <= 10) else 'absent' }}"
|
||||
update_cache: "{{ wireguard_update_cache }}"
|
||||
|
||||
- name: (Proxmox lxc) Install wireguard-tools.
|
||||
ansible.builtin.apt:
|
||||
install_recommends: false
|
||||
name:
|
||||
- wireguard-tools
|
||||
state: present
|
@ -1,23 +0,0 @@
|
||||
---
|
||||
# Copyright (C) 2018-2022 Robert Wimmer
|
||||
# Copyright (C) 2019-2020 Ties de Kock
|
||||
# Copyright (C) 2021 Steve Fan
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
- name: (Proxmox) Add WireGuard repository
|
||||
ansible.builtin.apt_repository:
|
||||
repo: "deb http://deb.debian.org/debian buster-backports main"
|
||||
state: "{{ 'present' if (ansible_distribution_version | int <= 10) else 'absent' }}"
|
||||
update_cache: "{{ wireguard_update_cache }}"
|
||||
|
||||
- name: (Proxmox) Install kernel headers for the currently running kernel to compile WireGuard with DKMS
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
- "pve-headers-{{ ansible_kernel }}"
|
||||
state: present
|
||||
|
||||
- name: (Proxmox) Install WireGuard packages
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
- "wireguard"
|
||||
state: present
|
@ -1,87 +0,0 @@
|
||||
---
|
||||
# Copyright (C) 2020 Stefan Haun
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
# Note: This setup is called for Raspbian 10 (Buster) and lower.
|
||||
# Since Raspbian 11 (Bullseye) wireguard is supported out
|
||||
# of the box.
|
||||
# Any Raspbian-related changes for Bullseye and above need to
|
||||
# go to a separate playbook.
|
||||
|
||||
- name: (Raspbian) Install GPG - required to add WireGuard key
|
||||
ansible.builtin.apt:
|
||||
name: gnupg
|
||||
state: present
|
||||
|
||||
- name: (Raspbian) Add Debian repository keys
|
||||
ansible.builtin.apt_key:
|
||||
keyserver: "keyserver.ubuntu.com"
|
||||
id: "{{ item }}"
|
||||
state: present
|
||||
when: ansible_lsb.id == "Raspbian"
|
||||
with_items:
|
||||
- "04EE7237B7D453EC"
|
||||
- "648ACFD622F3D138"
|
||||
|
||||
- name: (Raspbian) Add Debian Buster Backports repository for WireGuard
|
||||
ansible.builtin.apt_repository:
|
||||
repo: "deb http://deb.debian.org/debian buster-backports main"
|
||||
state: present
|
||||
update_cache: "{{ wireguard_update_cache }}"
|
||||
|
||||
- name: (Raspbian) Install latest kernel
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
- "raspberrypi-kernel"
|
||||
state: latest # noqa package-latest
|
||||
register: wireguard__register_kernel_update
|
||||
|
||||
- name: (Raspbian) Reboot after kernel update (Ansible >= 2.8)
|
||||
ansible.builtin.reboot:
|
||||
search_paths: ['/lib/molly-guard', '/usr/sbin', '/sbin']
|
||||
when:
|
||||
- ansible_version.full is version('2.8.0', '>=')
|
||||
- wireguard__register_kernel_update is changed
|
||||
|
||||
- name: (Raspbian) Check if molly-guard is installed (Ansible < 2.8)
|
||||
ansible.builtin.stat:
|
||||
path: /lib/molly-guard/
|
||||
register: wireguard__register_molly_guard
|
||||
|
||||
- name: (Raspbian) Reboot after kernel update (Ansible < 2.8, no molly-guard)
|
||||
ansible.builtin.reboot:
|
||||
when:
|
||||
- ansible_version.full is version('2.8.0', '<')
|
||||
- wireguard__register_kernel_update is changed
|
||||
- not wireguard__register_molly_guard.stat.exists
|
||||
|
||||
- name: (Raspbian) Reboot after kernel update (Ansible < 2.8, with molly-guard)
|
||||
ansible.builtin.command: /lib/molly-guard/shutdown -r now
|
||||
async: 1
|
||||
poll: 0
|
||||
ignore_unreachable: true
|
||||
changed_when: false
|
||||
when:
|
||||
- ansible_version.full is version('2.8.0', '<')
|
||||
- wireguard__register_kernel_update is changed
|
||||
- wireguard__register_molly_guard.stat.exists
|
||||
|
||||
- name: (Raspbian) Waiting for host to be available (Ansible < 2.8, with molly-guard)
|
||||
ansible.builtin.wait_for_connection:
|
||||
when:
|
||||
- ansible_version.full is version('2.8.0', '<')
|
||||
- wireguard__register_kernel_update is changed
|
||||
- wireguard__register_molly_guard.stat.exists
|
||||
|
||||
- name: (Raspbian) Install latest kernel headers to compile Wireguard with DKMS
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
- "raspberrypi-kernel-headers"
|
||||
state: latest # noqa package-latest
|
||||
|
||||
- name: (Raspbian) Install WireGuard packages
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
- "wireguard-dkms"
|
||||
- "wireguard-tools"
|
||||
state: present
|
@ -0,0 +1,93 @@
|
||||
---
|
||||
|
||||
- name: (Raspbian) Install GPG - required to add wireguard key
|
||||
apt:
|
||||
name: gnupg
|
||||
state: present
|
||||
|
||||
- name: (Raspbian) Add Debian repository key
|
||||
apt_key:
|
||||
keyserver: "keyserver.ubuntu.com"
|
||||
id: "04EE7237B7D453EC"
|
||||
state: present
|
||||
when: ansible_lsb.id == "Raspbian"
|
||||
tags:
|
||||
- wg-install
|
||||
|
||||
- name: (Raspbian) Add Debian Unstable repository for WireGuard
|
||||
apt_repository:
|
||||
repo: "deb http://deb.debian.org/debian unstable main"
|
||||
state: present
|
||||
update_cache: yes
|
||||
tags:
|
||||
- wg-install
|
||||
|
||||
- name: (Raspbian) Install latest kernel
|
||||
apt:
|
||||
name:
|
||||
- "raspberrypi-kernel"
|
||||
state: latest
|
||||
register: kernel_update
|
||||
tags:
|
||||
- wg-install
|
||||
|
||||
- name: (Raspbian) Reboot after kernel update (Ansible >= 2.8)
|
||||
reboot:
|
||||
search_paths: ['/lib/molly-guard', '/usr/sbin']
|
||||
when:
|
||||
- ansible_version.full is version('2.8.0', '>=')
|
||||
- kernel_update is changed
|
||||
tags:
|
||||
- wg-install
|
||||
|
||||
- name: (Raspbian) Check if molly-guard is installed (Ansible < 2.8)
|
||||
stat:
|
||||
path: /lib/molly-guard/
|
||||
register: molly_guard
|
||||
|
||||
- name: (Raspbian) Reboot after kernel update (Ansible < 2.8, no molly-guard)
|
||||
reboot:
|
||||
when:
|
||||
- ansible_version.full is version('2.8.0', '<')
|
||||
- kernel_update is changed
|
||||
- not molly_guard.stat.exists
|
||||
tags:
|
||||
- wg-install
|
||||
|
||||
- name: (Raspbian) Reboot after kernel update (Ansible < 2.8, with molly-guard)
|
||||
command: /lib/molly-guard/shutdown -r now
|
||||
async: 1
|
||||
poll: 0
|
||||
ignore_unreachable: yes
|
||||
when:
|
||||
- ansible_version.full is version('2.8.0', '<')
|
||||
- kernel_update is changed
|
||||
- molly_guard.stat.exists
|
||||
tags:
|
||||
- wg-install
|
||||
|
||||
- name: (Raspbian) Waiting for host to be available (Ansible < 2.8, with molly-guard)
|
||||
wait_for_connection:
|
||||
when:
|
||||
- ansible_version.full is version('2.8.0', '<')
|
||||
- kernel_update is changed
|
||||
- molly_guard.stat.exists
|
||||
tags:
|
||||
- wg-install
|
||||
|
||||
- name: (Raspbian) Install latest kernel headers to compile Wireguard with DKMS
|
||||
apt:
|
||||
name:
|
||||
- "raspberrypi-kernel-headers"
|
||||
state: latest
|
||||
tags:
|
||||
- wg-install
|
||||
|
||||
- name: (Raspbian) Install wireguard packages
|
||||
apt:
|
||||
name:
|
||||
- "wireguard-dkms"
|
||||
- "wireguard-tools"
|
||||
state: present
|
||||
tags:
|
||||
- wg-install
|
@ -1,11 +1,37 @@
|
||||
---
|
||||
# Copyright (C) 2018-2022 Robert Wimmer
|
||||
# Copyright (C) 2019-2020 Ties de Kock
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
- name: (Debian) Install GPG - required to add wireguard key
|
||||
apt:
|
||||
name: gnupg
|
||||
state: present
|
||||
|
||||
- name: (Debian) Add WireGuard repository on buster or earlier
|
||||
apt_repository:
|
||||
repo: "deb http://deb.debian.org/debian buster-backports main"
|
||||
state: present
|
||||
update_cache: yes
|
||||
when: ansible_distribution_version | int <= 10
|
||||
tags:
|
||||
- wg-install
|
||||
|
||||
- name: (Debian) Get architecture
|
||||
command: "dpkg --print-architecture"
|
||||
register: dpkg_arch
|
||||
changed_when: False
|
||||
|
||||
- set_fact:
|
||||
kernel_header_version: "{{ ('-cloud-' in ansible_kernel) | ternary(ansible_kernel,dpkg_arch.stdout) }}"
|
||||
|
||||
- name: (Debian) Install kernel headers to compile Wireguard with DKMS
|
||||
apt:
|
||||
name:
|
||||
- "linux-headers-{{ kernel_header_version }}"
|
||||
state: present
|
||||
|
||||
- name: (Debian) Install WireGuard packages
|
||||
ansible.builtin.apt:
|
||||
- name: (Debian) Install wireguard packages
|
||||
apt:
|
||||
name:
|
||||
- "wireguard"
|
||||
- "wireguard-dkms"
|
||||
- "wireguard-tools"
|
||||
state: present
|
||||
update_cache: "{{ wireguard_update_cache }}"
|
||||
tags:
|
||||
- wg-install
|
||||
|
@ -1,51 +1,8 @@
|
||||
---
|
||||
# Copyright (C) 2020 Stefan Haun
|
||||
# Copyright (C) 2021 Steve Fan
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
- name: Setup for Raspbian
|
||||
ansible.builtin.include_tasks:
|
||||
file: "setup-debian-raspbian-buster.yml"
|
||||
apply:
|
||||
tags:
|
||||
- wg-install
|
||||
when:
|
||||
- ansible_lsb.id is defined
|
||||
- ansible_lsb.id == "Raspbian"
|
||||
- ansible_lsb.major_release is version('11', '<')
|
||||
register: wireguard__register_raspbian_setup
|
||||
- include_tasks: "setup-debian-raspbian.yml"
|
||||
when: ansible_lsb.id == "Raspbian"
|
||||
register: raspbian_setup
|
||||
|
||||
- name: Setup for Proxmox VE variants
|
||||
when:
|
||||
- ansible_kernel.find("pve") != -1
|
||||
block:
|
||||
- name: Setup Proxmox VE host
|
||||
ansible.builtin.include_tasks:
|
||||
file: "setup-debian-pve-host-variant.yml"
|
||||
apply:
|
||||
tags:
|
||||
- wg-install
|
||||
when:
|
||||
- ansible_virtualization_role == "host"
|
||||
register: wireguard__register_pve_host_variant_setup
|
||||
|
||||
- name: Setup Proxmox VE guest
|
||||
ansible.builtin.include_tasks:
|
||||
file: "setup-debian-pve-guest-variant.yml"
|
||||
apply:
|
||||
tags:
|
||||
- wg-install
|
||||
when:
|
||||
- ansible_virtualization_role == "guest"
|
||||
register: wireguard__register_pve_guest_variant_setup
|
||||
|
||||
- name: Setup for Debian
|
||||
ansible.builtin.include_tasks:
|
||||
file: "setup-debian-vanilla.yml"
|
||||
apply:
|
||||
tags:
|
||||
- wg-install
|
||||
when:
|
||||
- wireguard__register_raspbian_setup is skipped
|
||||
- wireguard__register_pve_guest_variant_setup is skipped
|
||||
- wireguard__register_pve_host_variant_setup is skipped
|
||||
- include_tasks: "setup-debian-vanilla.yml"
|
||||
when: raspbian_setup is skipped
|
||||
|
@ -1,13 +0,0 @@
|
||||
---
|
||||
# Copyright (C) 2022 Robert Wimmer
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
- name: (elementary OS) Update APT package cache
|
||||
ansible.builtin.apt:
|
||||
update_cache: "{{ wireguard_ubuntu_update_cache }}"
|
||||
cache_valid_time: "{{ wireguard_ubuntu_cache_valid_time }}"
|
||||
|
||||
- name: (elementary OS) Install wireguard package
|
||||
ansible.builtin.apt:
|
||||
name: "wireguard"
|
||||
state: present
|
@ -1,11 +1,17 @@
|
||||
---
|
||||
# Copyright (C) 2020 Ties de Kock
|
||||
# Copyright (C) 2023 Robert Wimmer
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
- name: (Fedora) Add wireguard COPR
|
||||
yum_repository:
|
||||
name: "jdoss-wireguard"
|
||||
description: "Copr repo for wireguard owned by jdoss"
|
||||
baseurl: "https://copr-be.cloud.fedoraproject.org/results/jdoss/wireguard/fedora-$releasever-$basearch/"
|
||||
gpgkey: "https://copr-be.cloud.fedoraproject.org/results/jdoss/wireguard/pubkey.gpg"
|
||||
gpgcheck: yes
|
||||
|
||||
- name: (Fedora) Install WireGuard packages
|
||||
ansible.builtin.yum:
|
||||
- name: (Fedora) Install wireguard packages
|
||||
yum:
|
||||
name:
|
||||
- "wireguard-dkms"
|
||||
- "wireguard-tools"
|
||||
state: present
|
||||
update_cache: "{{ wireguard_update_cache }}"
|
||||
tags:
|
||||
- wg-install
|
||||
|
@ -1,14 +0,0 @@
|
||||
---
|
||||
# Copyright (C) 2020 Ruben Di Battista
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
- name: (MacOS) Install wireguard package
|
||||
ansible.builtin.package:
|
||||
name: wireguard-go
|
||||
state: present
|
||||
become: true
|
||||
|
||||
- name: (MacOS) Install wireguard-tools package
|
||||
ansible.builtin.package:
|
||||
name: wireguard-tools
|
||||
state: present
|
@ -1,10 +0,0 @@
|
||||
---
|
||||
# Copyright (C) 2020-2022 Robert Wimmer
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
- name: (openSUSE Leap) Install WireGuard packages
|
||||
community.general.zypper:
|
||||
name:
|
||||
- "wireguard-tools"
|
||||
state: present
|
||||
update_cache: "{{ wireguard_update_cache }}"
|
@ -1,8 +0,0 @@
|
||||
---
|
||||
# Copyright (C) 2022 Masahiro Koga
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
- name: (OracleLinux) Install wireguard-tools package
|
||||
ansible.builtin.yum:
|
||||
name: wireguard-tools
|
||||
state: present
|
@ -1,56 +0,0 @@
|
||||
---
|
||||
# Copyright (C) 2021-2022 Robert Wimmer
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
- name: (Rocky Linux 8) Tasks for standard kernel
|
||||
when:
|
||||
- wireguard_rockylinux8_installation_method == "standard"
|
||||
block:
|
||||
- name: (Rocky Linux 8) Install EPEL & ELRepo repository
|
||||
ansible.builtin.yum:
|
||||
name:
|
||||
- epel-release
|
||||
- elrepo-release
|
||||
update_cache: "{{ wireguard_update_cache }}"
|
||||
|
||||
- name: (Rocky Linux 8) Ensure WireGuard DKMS package is removed
|
||||
ansible.builtin.yum:
|
||||
name:
|
||||
- "wireguard-dkms"
|
||||
state: absent
|
||||
|
||||
- name: (Rocky Linux 8) Install WireGuard packages
|
||||
ansible.builtin.yum:
|
||||
name:
|
||||
- "kmod-wireguard"
|
||||
- "wireguard-tools"
|
||||
state: present
|
||||
|
||||
- name: (Rocky Linux 8) Tasks for non-standard kernel
|
||||
when:
|
||||
- wireguard_rockylinux8_installation_method == "dkms"
|
||||
block:
|
||||
- name: (Rocky Linux 8) Install jdoss/wireguard COPR repository
|
||||
community.general.copr:
|
||||
state: enabled
|
||||
name: jdoss/wireguard
|
||||
chroot: epel-8-{{ ansible_architecture }}
|
||||
|
||||
- name: (Rocky Linux 8) Install EPEL repository
|
||||
ansible.builtin.yum:
|
||||
name:
|
||||
- epel-release
|
||||
update_cache: "{{ wireguard_update_cache }}"
|
||||
|
||||
- name: (Rocky Linux 8) Ensure WireGuard KMOD package is removed
|
||||
ansible.builtin.yum:
|
||||
name:
|
||||
- "kmod-wireguard"
|
||||
state: absent
|
||||
|
||||
- name: (Rocky Linux 8) Install WireGuard packages
|
||||
ansible.builtin.yum:
|
||||
name:
|
||||
- "wireguard-dkms"
|
||||
- "wireguard-tools"
|
||||
state: present
|
@ -1,9 +0,0 @@
|
||||
---
|
||||
# Copyright (C) 2022 Robert Wimmer
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
- name: (Rocky Linux) Install wireguard-tools package
|
||||
ansible.builtin.yum:
|
||||
name: wireguard-tools
|
||||
state: present
|
||||
update_cache: "{{ wireguard_update_cache }}"
|
@ -1,32 +1,48 @@
|
||||
---
|
||||
# Copyright (C) 2018-2022 Robert Wimmer
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
- name: (Ubuntu) Update APT package cache
|
||||
ansible.builtin.apt:
|
||||
apt:
|
||||
update_cache: "{{ wireguard_ubuntu_update_cache }}"
|
||||
cache_valid_time: "{{ wireguard_ubuntu_cache_valid_time }}"
|
||||
tags:
|
||||
- wg-install
|
||||
|
||||
- block:
|
||||
- name: (Ubuntu) Install support packages needed for Wireguard (for Ubuntu < 19.10)
|
||||
package:
|
||||
name: "{{ packages }}"
|
||||
state: present
|
||||
vars:
|
||||
packages:
|
||||
- software-properties-common
|
||||
- linux-headers-{{ ansible_kernel }}
|
||||
tags:
|
||||
- wg-install
|
||||
|
||||
- name: (Ubuntu) Add WireGuard repository (for Ubuntu < 19.10)
|
||||
apt_repository:
|
||||
repo: "ppa:wireguard/wireguard"
|
||||
state: present
|
||||
update_cache: yes
|
||||
tags:
|
||||
- wg-install
|
||||
|
||||
- name: (Ubuntu) Tasks for Ubuntu < 19.10
|
||||
- name: (Ubuntu) Install wireguard packages (for Ubuntu < 19.10)
|
||||
apt:
|
||||
name:
|
||||
- "wireguard-dkms"
|
||||
- "wireguard-tools"
|
||||
state: present
|
||||
tags:
|
||||
- wg-install
|
||||
when:
|
||||
- ansible_lsb.major_release is version('19.10', '<')
|
||||
block:
|
||||
- name: (Ubuntu) Install support packages needed for Wireguard (for Ubuntu < 19.10)
|
||||
ansible.builtin.package:
|
||||
name: "{{ packages }}"
|
||||
state: present
|
||||
vars:
|
||||
packages:
|
||||
- software-properties-common
|
||||
- linux-headers-{{ ansible_kernel }}
|
||||
|
||||
- name: (Ubuntu) Ensure WireGuard DKMS package is removed
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
- "wireguard-dkms"
|
||||
state: absent
|
||||
|
||||
- name: (Ubuntu) Install wireguard package
|
||||
ansible.builtin.apt:
|
||||
name: "wireguard"
|
||||
state: present
|
||||
- block:
|
||||
- name: (Ubuntu) Install wireguard-tools package (for Ubuntu > 19.04)
|
||||
apt:
|
||||
name: "wireguard-tools"
|
||||
state: present
|
||||
tags:
|
||||
- wg-install
|
||||
when:
|
||||
- ansible_lsb.major_release is version('19.04', '>')
|
||||
|
@ -1,123 +0,0 @@
|
||||
#jinja2: lstrip_blocks:"True",trim_blocks:"True"
|
||||
{# Copyright (C) 2018-2022 Robert Wimmer
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
#}
|
||||
# {{ ansible_managed }}
|
||||
|
||||
[Interface]
|
||||
# {{ inventory_hostname }}
|
||||
{% if wireguard_address is defined %}
|
||||
Address = {{ wireguard_address }}
|
||||
{% endif %}
|
||||
{% if wireguard_addresses is defined %}
|
||||
{% for wg_addr in wireguard_addresses %}
|
||||
Address = {{ wg_addr }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
PrivateKey = {{ wireguard_private_key }}
|
||||
ListenPort = {{ wireguard_port }}
|
||||
{% if wireguard_dns is defined %}
|
||||
DNS = {{ wireguard_dns }}
|
||||
{% endif %}
|
||||
{% if wireguard_fwmark is defined %}
|
||||
FwMark = {{ wireguard_fwmark }}
|
||||
{% endif %}
|
||||
{% if wireguard_mtu is defined %}
|
||||
MTU = {{ wireguard_mtu }}
|
||||
{% endif %}
|
||||
{% if wireguard_table is defined %}
|
||||
Table = {{ wireguard_table }}
|
||||
{% endif %}
|
||||
{% if wireguard_preup is defined %}
|
||||
{% for wg_preup in wireguard_preup %}
|
||||
PreUp = {{ wg_preup }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if wireguard_postup is defined %}
|
||||
{% for wg_postup in wireguard_postup %}
|
||||
PostUp = {{ wg_postup }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if wireguard_predown is defined %}
|
||||
{% for wg_predown in wireguard_predown %}
|
||||
PreDown = {{ wg_predown }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if wireguard_postdown is defined %}
|
||||
{% for wg_postdown in wireguard_postdown %}
|
||||
PostDown = {{ wg_postdown }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if wireguard_save_config is defined %}
|
||||
SaveConfig = {{ wireguard_save_config }}
|
||||
{% endif %}
|
||||
{% for host in ansible_play_hosts %}
|
||||
{% if host != inventory_hostname %}
|
||||
|
||||
[Peer]
|
||||
# {{ host }}
|
||||
PublicKey = {{hostvars[host].wireguard__fact_public_key}}
|
||||
{% if hostvars[host].wireguard_allowed_ips is defined %}
|
||||
AllowedIPs = {{hostvars[host].wireguard_allowed_ips}}
|
||||
{% else %}
|
||||
{% if wireguard_address is defined %}
|
||||
AllowedIPs = {{ hostvars[host].wireguard_address.split('/')[0] }}/32
|
||||
{% endif %}
|
||||
{% if wireguard_addresses is defined %}
|
||||
{% for wg_addr in hostvars[host].wireguard_addresses %}
|
||||
{% if (wg_addr | ansible.utils.ipv4) %}
|
||||
AllowedIPs = {{ wg_addr.split('/')[0] }}/32
|
||||
{% elif (wg_addr | ansible.utils.ipv6) %}
|
||||
AllowedIPs = {{ wg_addr.split('/')[0] }}/128
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% if hostvars[host].wireguard_persistent_keepalive is defined %}
|
||||
PersistentKeepalive = {{hostvars[host].wireguard_persistent_keepalive}}
|
||||
{% endif %}
|
||||
{% if (
|
||||
hostvars[host].wireguard_dc is defined and
|
||||
wireguard_dc is defined and
|
||||
wireguard_dc['name'] != hostvars[host].wireguard_dc['name']
|
||||
)
|
||||
%}
|
||||
Endpoint = {{hostvars[host].wireguard_dc['endpoint']}}:{{hostvars[host].wireguard_dc['port']}}
|
||||
{% elif hostvars[host].wireguard_port is defined %}
|
||||
{% if hostvars[host].wireguard_endpoint is defined and hostvars[host].wireguard_endpoint != "" %}
|
||||
Endpoint = {{hostvars[host].wireguard_endpoint}}:{{hostvars[host].wireguard_port}}
|
||||
{% else %}
|
||||
Endpoint = {{host}}:{{hostvars[host].wireguard_port}}
|
||||
{% endif %}
|
||||
{% elif hostvars[host].wireguard_endpoint is defined %}
|
||||
{% if hostvars[host].wireguard_endpoint != "" %}
|
||||
Endpoint = {{hostvars[host].wireguard_endpoint}}:{{wireguard_port}}
|
||||
{% else %}
|
||||
# No endpoint defined for this peer
|
||||
{% endif %}
|
||||
{% else %}
|
||||
Endpoint = {{host}}:{{wireguard_port}}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{% if wireguard_unmanaged_peers is defined %}
|
||||
|
||||
# Peers not managed by Ansible from "wireguard_unmanaged_peers" variable
|
||||
{% for peer in wireguard_unmanaged_peers.keys() %}
|
||||
[Peer]
|
||||
# {{ peer }}
|
||||
PublicKey = {{ wireguard_unmanaged_peers[peer].public_key }}
|
||||
{% if wireguard_unmanaged_peers[peer].preshared_key is defined %}
|
||||
PresharedKey = {{ wireguard_unmanaged_peers[peer].preshared_key }}
|
||||
{% endif %}
|
||||
{% if wireguard_unmanaged_peers[peer].allowed_ips is defined %}
|
||||
AllowedIPs = {{ wireguard_unmanaged_peers[peer].allowed_ips }}
|
||||
{% endif %}
|
||||
{% if wireguard_unmanaged_peers[peer].endpoint is defined %}
|
||||
Endpoint = {{ wireguard_unmanaged_peers[peer].endpoint }}
|
||||
{% endif %}
|
||||
{% if wireguard_unmanaged_peers[peer].persistent_keepalive is defined %}
|
||||
PersistentKeepalive = {{ wireguard_unmanaged_peers[peer].persistent_keepalive }}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
@ -0,0 +1,70 @@
|
||||
#jinja2: lstrip_blocks:"True",trim_blocks:"True"
|
||||
[Interface]
|
||||
# {{ inventory_hostname }}
|
||||
Address = {{hostvars[inventory_hostname].wireguard_address}}
|
||||
PrivateKey = {{private_key}}
|
||||
ListenPort = {{wireguard_port}}
|
||||
{% if hostvars[inventory_hostname].wireguard_dns is defined %}
|
||||
DNS = {{hostvars[inventory_hostname].wireguard_dns}}
|
||||
{% endif %}
|
||||
{% if hostvars[inventory_hostname].wireguard_fwmark is defined %}
|
||||
FwMark = {{hostvars[inventory_hostname].wireguard_fwmark}}
|
||||
{% endif %}
|
||||
{% if hostvars[inventory_hostname].wireguard_mtu is defined %}
|
||||
MTU = {{hostvars[inventory_hostname].wireguard_mtu}}
|
||||
{% endif %}
|
||||
{% if hostvars[inventory_hostname].wireguard_table is defined %}
|
||||
Table = {{hostvars[inventory_hostname].wireguard_table}}
|
||||
{% endif %}
|
||||
{% if hostvars[inventory_hostname].wireguard_preup is defined %}
|
||||
{% for wg_preup in hostvars[inventory_hostname].wireguard_preup %}
|
||||
PreUp = {{ wg_preup }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if hostvars[inventory_hostname].wireguard_predown is defined %}
|
||||
{% for wg_predown in hostvars[inventory_hostname].wireguard_predown %}
|
||||
PreDown = {{ wg_predown }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if hostvars[inventory_hostname].wireguard_postup is defined %}
|
||||
{% for wg_postup in hostvars[inventory_hostname].wireguard_postup %}
|
||||
PostUp = {{ wg_postup }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if hostvars[inventory_hostname].wireguard_postdown is defined %}
|
||||
{% for wg_postdown in hostvars[inventory_hostname].wireguard_postdown %}
|
||||
PostDown = {{ wg_postdown }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if hostvars[inventory_hostname].wireguard_save_config is defined %}
|
||||
SaveConfig = true
|
||||
{% endif %}
|
||||
{% for host in ansible_play_hosts %}
|
||||
{% if host != inventory_hostname %}
|
||||
|
||||
[Peer]
|
||||
# {{ host }}
|
||||
PublicKey = {{hostvars[host].public_key}}
|
||||
{% if hostvars[host].wireguard_allowed_ips is defined %}
|
||||
AllowedIPs = {{hostvars[host].wireguard_allowed_ips}}
|
||||
{% else %}
|
||||
AllowedIPs = {{hostvars[host].wireguard_ip}}/32
|
||||
{% endif %}
|
||||
{% if hostvars[host].wireguard_persistent_keepalive is defined %}
|
||||
PersistentKeepalive = {{hostvars[host].wireguard_persistent_keepalive}}
|
||||
{% endif %}
|
||||
{% if hostvars[host].wireguard_port is defined and hostvars[host].wireguard_port is number %}
|
||||
{% if hostvars[host].wireguard_endpoint is defined and hostvars[host].wireguard_endpoint != "" %}
|
||||
Endpoint = {{hostvars[host].wireguard_endpoint}}:{{hostvars[host].wireguard_port}}
|
||||
{% else %}
|
||||
Endpoint = {{host}}:{{hostvars[host].wireguard_port}}
|
||||
{% endif %}
|
||||
{% elif hostvars[host].wireguard_endpoint is defined and hostvars[host].wireguard_endpoint != "" %}
|
||||
Endpoint = {{hostvars[host].wireguard_endpoint}}:{{wireguard_port}}
|
||||
{% elif hostvars[host].wireguard_endpoint == "" %}
|
||||
# No endpoint defined for this peer
|
||||
{% else %}
|
||||
Endpoint = {{host}}:{{wireguard_port}}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% endfor %}
|
@ -0,0 +1,4 @@
|
||||
wireguard_address: "10.8.0.11"
|
||||
wireguard_port: "51820"
|
||||
wireguard_dns: "1.1.1.1"
|
||||
wireguard_mtu: "1492"
|
@ -0,0 +1,4 @@
|
||||
wireguard_address: "10.8.0.10"
|
||||
wireguard_port: "51820"
|
||||
wireguard_dns: "1.1.1.1"
|
||||
wireguard_mtu: "1492"
|
Loading…
Reference in New Issue