Compare commits
2 Commits
master
...
unmanaged-
Author | SHA1 | Date |
---|---|---|
githubixx | 818b55051e | 4 years ago |
githubixx | 9fdcbd9ac7 | 4 years ago |
@ -1,39 +0,0 @@
|
|||||||
---
|
|
||||||
# This workflow requires a GALAXY_API_KEY secret present in the GitHub
|
|
||||||
# repository or organization.
|
|
||||||
#
|
|
||||||
# See: https://github.com/marketplace/actions/publish-ansible-role-to-galaxy
|
|
||||||
# See: https://github.com/ansible/galaxy/issues/46
|
|
||||||
|
|
||||||
name: Release
|
|
||||||
on:
|
|
||||||
push:
|
|
||||||
tags:
|
|
||||||
- '*'
|
|
||||||
|
|
||||||
defaults:
|
|
||||||
run:
|
|
||||||
working-directory: 'githubixx.ansible_role_wireguard'
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
release:
|
|
||||||
name: Release
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
- name: Check out the codebase.
|
|
||||||
uses: actions/checkout@v2
|
|
||||||
with:
|
|
||||||
path: 'githubixx.ansible_role_wireguard'
|
|
||||||
|
|
||||||
- name: Set up Python 3.
|
|
||||||
uses: actions/setup-python@v2
|
|
||||||
with:
|
|
||||||
python-version: '3.x'
|
|
||||||
|
|
||||||
- name: Install Ansible.
|
|
||||||
run: pip3 install ansible-core
|
|
||||||
|
|
||||||
- name: Trigger a new import on Galaxy.
|
|
||||||
run: >-
|
|
||||||
ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }}
|
|
||||||
$(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2)
|
|
@ -1,4 +0,0 @@
|
|||||||
# Copyright (C) 2018-2022 Robert Wimmer
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
|
|
||||||
molecule/kvm/.vagrant
|
|
@ -1,10 +0,0 @@
|
|||||||
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
|
|
||||||
Upstream-Name: ansible-role-wireguard
|
|
||||||
Upstream-Contact: Robert Wimmer <>
|
|
||||||
Source: https://github.com/githubixx/ansible-role-wireguard
|
|
||||||
|
|
||||||
# Sample paragraph, commented out:
|
|
||||||
#
|
|
||||||
# Files: src/*
|
|
||||||
# Copyright: $YEAR $NAME <$CONTACT>
|
|
||||||
# License: ...
|
|
@ -1,9 +0,0 @@
|
|||||||
---
|
|
||||||
extends: default
|
|
||||||
|
|
||||||
rules:
|
|
||||||
line-length:
|
|
||||||
max: 150
|
|
||||||
level: warning
|
|
||||||
|
|
||||||
comments-indentation: disable
|
|
@ -1,625 +0,0 @@
|
|||||||
GNU GENERAL PUBLIC LICENSE
|
|
||||||
|
|
||||||
Version 3, 29 June 2007
|
|
||||||
|
|
||||||
Copyright © 2007 Free Software Foundation, Inc. <https://fsf.org/>
|
|
||||||
|
|
||||||
Everyone is permitted to copy and distribute verbatim copies of this license
|
|
||||||
document, but changing it is not allowed.
|
|
||||||
|
|
||||||
Preamble
|
|
||||||
|
|
||||||
The GNU General Public License is a free, copyleft license for software and
|
|
||||||
other kinds of works.
|
|
||||||
|
|
||||||
The licenses for most software and other practical works are designed to take
|
|
||||||
away your freedom to share and change the works. By contrast, the GNU General
|
|
||||||
Public License is intended to guarantee your freedom to share and change all
|
|
||||||
versions of a program--to make sure it remains free software for all its users.
|
|
||||||
We, the Free Software Foundation, use the GNU General Public License for most
|
|
||||||
of our software; it applies also to any other work released this way by its
|
|
||||||
authors. You can apply it to your programs, too.
|
|
||||||
|
|
||||||
When we speak of free software, we are referring to freedom, not price. Our
|
|
||||||
General Public Licenses are designed to make sure that you have the freedom
|
|
||||||
to distribute copies of free software (and charge for them if you wish), that
|
|
||||||
you receive source code or can get it if you want it, that you can change
|
|
||||||
the software or use pieces of it in new free programs, and that you know you
|
|
||||||
can do these things.
|
|
||||||
|
|
||||||
To protect your rights, we need to prevent others from denying you these rights
|
|
||||||
or asking you to surrender the rights. Therefore, you have certain responsibilities
|
|
||||||
if you distribute copies of the software, or if you modify it: responsibilities
|
|
||||||
to respect the freedom of others.
|
|
||||||
|
|
||||||
For example, if you distribute copies of such a program, whether gratis or
|
|
||||||
for a fee, you must pass on to the recipients the same freedoms that you received.
|
|
||||||
You must make sure that they, too, receive or can get the source code. And
|
|
||||||
you must show them these terms so they know their rights.
|
|
||||||
|
|
||||||
Developers that use the GNU GPL protect your rights with two steps: (1) assert
|
|
||||||
copyright on the software, and (2) offer you this License giving you legal
|
|
||||||
permission to copy, distribute and/or modify it.
|
|
||||||
|
|
||||||
For the developers' and authors' protection, the GPL clearly explains that
|
|
||||||
there is no warranty for this free software. For both users' and authors'
|
|
||||||
sake, the GPL requires that modified versions be marked as changed, so that
|
|
||||||
their problems will not be attributed erroneously to authors of previous versions.
|
|
||||||
|
|
||||||
Some devices are designed to deny users access to install or run modified
|
|
||||||
versions of the software inside them, although the manufacturer can do so.
|
|
||||||
This is fundamentally incompatible with the aim of protecting users' freedom
|
|
||||||
to change the software. The systematic pattern of such abuse occurs in the
|
|
||||||
area of products for individuals to use, which is precisely where it is most
|
|
||||||
unacceptable. Therefore, we have designed this version of the GPL to prohibit
|
|
||||||
the practice for those products. If such problems arise substantially in other
|
|
||||||
domains, we stand ready to extend this provision to those domains in future
|
|
||||||
versions of the GPL, as needed to protect the freedom of users.
|
|
||||||
|
|
||||||
Finally, every program is threatened constantly by software patents. States
|
|
||||||
should not allow patents to restrict development and use of software on general-purpose
|
|
||||||
computers, but in those that do, we wish to avoid the special danger that
|
|
||||||
patents applied to a free program could make it effectively proprietary. To
|
|
||||||
prevent this, the GPL assures that patents cannot be used to render the program
|
|
||||||
non-free.
|
|
||||||
|
|
||||||
The precise terms and conditions for copying, distribution and modification
|
|
||||||
follow.
|
|
||||||
|
|
||||||
TERMS AND CONDITIONS
|
|
||||||
|
|
||||||
0. Definitions.
|
|
||||||
|
|
||||||
"This License" refers to version 3 of the GNU General Public License.
|
|
||||||
|
|
||||||
"Copyright" also means copyright-like laws that apply to other kinds of works,
|
|
||||||
such as semiconductor masks.
|
|
||||||
|
|
||||||
"The Program" refers to any copyrightable work licensed under this License.
|
|
||||||
Each licensee is addressed as "you". "Licensees" and "recipients" may be individuals
|
|
||||||
or organizations.
|
|
||||||
|
|
||||||
To "modify" a work means to copy from or adapt all or part of the work in
|
|
||||||
a fashion requiring copyright permission, other than the making of an exact
|
|
||||||
copy. The resulting work is called a "modified version" of the earlier work
|
|
||||||
or a work "based on" the earlier work.
|
|
||||||
|
|
||||||
A "covered work" means either the unmodified Program or a work based on the
|
|
||||||
Program.
|
|
||||||
|
|
||||||
To "propagate" a work means to do anything with it that, without permission,
|
|
||||||
would make you directly or secondarily liable for infringement under applicable
|
|
||||||
copyright law, except executing it on a computer or modifying a private copy.
|
|
||||||
Propagation includes copying, distribution (with or without modification),
|
|
||||||
making available to the public, and in some countries other activities as
|
|
||||||
well.
|
|
||||||
|
|
||||||
To "convey" a work means any kind of propagation that enables other parties
|
|
||||||
to make or receive copies. Mere interaction with a user through a computer
|
|
||||||
network, with no transfer of a copy, is not conveying.
|
|
||||||
|
|
||||||
An interactive user interface displays "Appropriate Legal Notices" to the
|
|
||||||
extent that it includes a convenient and prominently visible feature that
|
|
||||||
(1) displays an appropriate copyright notice, and (2) tells the user that
|
|
||||||
there is no warranty for the work (except to the extent that warranties are
|
|
||||||
provided), that licensees may convey the work under this License, and how
|
|
||||||
to view a copy of this License. If the interface presents a list of user commands
|
|
||||||
or options, such as a menu, a prominent item in the list meets this criterion.
|
|
||||||
|
|
||||||
1. Source Code.
|
|
||||||
|
|
||||||
The "source code" for a work means the preferred form of the work for making
|
|
||||||
modifications to it. "Object code" means any non-source form of a work.
|
|
||||||
|
|
||||||
A "Standard Interface" means an interface that either is an official standard
|
|
||||||
defined by a recognized standards body, or, in the case of interfaces specified
|
|
||||||
for a particular programming language, one that is widely used among developers
|
|
||||||
working in that language.
|
|
||||||
|
|
||||||
The "System Libraries" of an executable work include anything, other than
|
|
||||||
the work as a whole, that (a) is included in the normal form of packaging
|
|
||||||
a Major Component, but which is not part of that Major Component, and (b)
|
|
||||||
serves only to enable use of the work with that Major Component, or to implement
|
|
||||||
a Standard Interface for which an implementation is available to the public
|
|
||||||
in source code form. A "Major Component", in this context, means a major essential
|
|
||||||
component (kernel, window system, and so on) of the specific operating system
|
|
||||||
(if any) on which the executable work runs, or a compiler used to produce
|
|
||||||
the work, or an object code interpreter used to run it.
|
|
||||||
|
|
||||||
The "Corresponding Source" for a work in object code form means all the source
|
|
||||||
code needed to generate, install, and (for an executable work) run the object
|
|
||||||
code and to modify the work, including scripts to control those activities.
|
|
||||||
However, it does not include the work's System Libraries, or general-purpose
|
|
||||||
tools or generally available free programs which are used unmodified in performing
|
|
||||||
those activities but which are not part of the work. For example, Corresponding
|
|
||||||
Source includes interface definition files associated with source files for
|
|
||||||
the work, and the source code for shared libraries and dynamically linked
|
|
||||||
subprograms that the work is specifically designed to require, such as by
|
|
||||||
intimate data communication or control flow between those subprograms and
|
|
||||||
other parts of the work.
|
|
||||||
|
|
||||||
The Corresponding Source need not include anything that users can regenerate
|
|
||||||
automatically from other parts of the Corresponding Source.
|
|
||||||
|
|
||||||
The Corresponding Source for a work in source code form is that same work.
|
|
||||||
|
|
||||||
2. Basic Permissions.
|
|
||||||
|
|
||||||
All rights granted under this License are granted for the term of copyright
|
|
||||||
on the Program, and are irrevocable provided the stated conditions are met.
|
|
||||||
This License explicitly affirms your unlimited permission to run the unmodified
|
|
||||||
Program. The output from running a covered work is covered by this License
|
|
||||||
only if the output, given its content, constitutes a covered work. This License
|
|
||||||
acknowledges your rights of fair use or other equivalent, as provided by copyright
|
|
||||||
law.
|
|
||||||
|
|
||||||
You may make, run and propagate covered works that you do not convey, without
|
|
||||||
conditions so long as your license otherwise remains in force. You may convey
|
|
||||||
covered works to others for the sole purpose of having them make modifications
|
|
||||||
exclusively for you, or provide you with facilities for running those works,
|
|
||||||
provided that you comply with the terms of this License in conveying all material
|
|
||||||
for which you do not control copyright. Those thus making or running the covered
|
|
||||||
works for you must do so exclusively on your behalf, under your direction
|
|
||||||
and control, on terms that prohibit them from making any copies of your copyrighted
|
|
||||||
material outside their relationship with you.
|
|
||||||
|
|
||||||
Conveying under any other circumstances is permitted solely under the conditions
|
|
||||||
stated below. Sublicensing is not allowed; section 10 makes it unnecessary.
|
|
||||||
|
|
||||||
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
|
|
||||||
|
|
||||||
No covered work shall be deemed part of an effective technological measure
|
|
||||||
under any applicable law fulfilling obligations under article 11 of the WIPO
|
|
||||||
copyright treaty adopted on 20 December 1996, or similar laws prohibiting
|
|
||||||
or restricting circumvention of such measures.
|
|
||||||
|
|
||||||
When you convey a covered work, you waive any legal power to forbid circumvention
|
|
||||||
of technological measures to the extent such circumvention is effected by
|
|
||||||
exercising rights under this License with respect to the covered work, and
|
|
||||||
you disclaim any intention to limit operation or modification of the work
|
|
||||||
as a means of enforcing, against the work's users, your or third parties'
|
|
||||||
legal rights to forbid circumvention of technological measures.
|
|
||||||
|
|
||||||
4. Conveying Verbatim Copies.
|
|
||||||
|
|
||||||
You may convey verbatim copies of the Program's source code as you receive
|
|
||||||
it, in any medium, provided that you conspicuously and appropriately publish
|
|
||||||
on each copy an appropriate copyright notice; keep intact all notices stating
|
|
||||||
that this License and any non-permissive terms added in accord with section
|
|
||||||
7 apply to the code; keep intact all notices of the absence of any warranty;
|
|
||||||
and give all recipients a copy of this License along with the Program.
|
|
||||||
|
|
||||||
You may charge any price or no price for each copy that you convey, and you
|
|
||||||
may offer support or warranty protection for a fee.
|
|
||||||
|
|
||||||
5. Conveying Modified Source Versions.
|
|
||||||
|
|
||||||
You may convey a work based on the Program, or the modifications to produce
|
|
||||||
it from the Program, in the form of source code under the terms of section
|
|
||||||
4, provided that you also meet all of these conditions:
|
|
||||||
|
|
||||||
a) The work must carry prominent notices stating that you modified it, and
|
|
||||||
giving a relevant date.
|
|
||||||
|
|
||||||
b) The work must carry prominent notices stating that it is released under
|
|
||||||
this License and any conditions added under section 7. This requirement modifies
|
|
||||||
the requirement in section 4 to "keep intact all notices".
|
|
||||||
|
|
||||||
c) You must license the entire work, as a whole, under this License to anyone
|
|
||||||
who comes into possession of a copy. This License will therefore apply, along
|
|
||||||
with any applicable section 7 additional terms, to the whole of the work,
|
|
||||||
and all its parts, regardless of how they are packaged. This License gives
|
|
||||||
no permission to license the work in any other way, but it does not invalidate
|
|
||||||
such permission if you have separately received it.
|
|
||||||
|
|
||||||
d) If the work has interactive user interfaces, each must display Appropriate
|
|
||||||
Legal Notices; however, if the Program has interactive interfaces that do
|
|
||||||
not display Appropriate Legal Notices, your work need not make them do so.
|
|
||||||
|
|
||||||
A compilation of a covered work with other separate and independent works,
|
|
||||||
which are not by their nature extensions of the covered work, and which are
|
|
||||||
not combined with it such as to form a larger program, in or on a volume of
|
|
||||||
a storage or distribution medium, is called an "aggregate" if the compilation
|
|
||||||
and its resulting copyright are not used to limit the access or legal rights
|
|
||||||
of the compilation's users beyond what the individual works permit. Inclusion
|
|
||||||
of a covered work in an aggregate does not cause this License to apply to
|
|
||||||
the other parts of the aggregate.
|
|
||||||
|
|
||||||
6. Conveying Non-Source Forms.
|
|
||||||
|
|
||||||
You may convey a covered work in object code form under the terms of sections
|
|
||||||
4 and 5, provided that you also convey the machine-readable Corresponding
|
|
||||||
Source under the terms of this License, in one of these ways:
|
|
||||||
|
|
||||||
a) Convey the object code in, or embodied in, a physical product (including
|
|
||||||
a physical distribution medium), accompanied by the Corresponding Source fixed
|
|
||||||
on a durable physical medium customarily used for software interchange.
|
|
||||||
|
|
||||||
b) Convey the object code in, or embodied in, a physical product (including
|
|
||||||
a physical distribution medium), accompanied by a written offer, valid for
|
|
||||||
at least three years and valid for as long as you offer spare parts or customer
|
|
||||||
support for that product model, to give anyone who possesses the object code
|
|
||||||
either (1) a copy of the Corresponding Source for all the software in the
|
|
||||||
product that is covered by this License, on a durable physical medium customarily
|
|
||||||
used for software interchange, for a price no more than your reasonable cost
|
|
||||||
of physically performing this conveying of source, or (2) access to copy the
|
|
||||||
Corresponding Source from a network server at no charge.
|
|
||||||
|
|
||||||
c) Convey individual copies of the object code with a copy of the written
|
|
||||||
offer to provide the Corresponding Source. This alternative is allowed only
|
|
||||||
occasionally and noncommercially, and only if you received the object code
|
|
||||||
with such an offer, in accord with subsection 6b.
|
|
||||||
|
|
||||||
d) Convey the object code by offering access from a designated place (gratis
|
|
||||||
or for a charge), and offer equivalent access to the Corresponding Source
|
|
||||||
in the same way through the same place at no further charge. You need not
|
|
||||||
require recipients to copy the Corresponding Source along with the object
|
|
||||||
code. If the place to copy the object code is a network server, the Corresponding
|
|
||||||
Source may be on a different server (operated by you or a third party) that
|
|
||||||
supports equivalent copying facilities, provided you maintain clear directions
|
|
||||||
next to the object code saying where to find the Corresponding Source. Regardless
|
|
||||||
of what server hosts the Corresponding Source, you remain obligated to ensure
|
|
||||||
that it is available for as long as needed to satisfy these requirements.
|
|
||||||
|
|
||||||
e) Convey the object code using peer-to-peer transmission, provided you inform
|
|
||||||
other peers where the object code and Corresponding Source of the work are
|
|
||||||
being offered to the general public at no charge under subsection 6d.
|
|
||||||
|
|
||||||
A separable portion of the object code, whose source code is excluded from
|
|
||||||
the Corresponding Source as a System Library, need not be included in conveying
|
|
||||||
the object code work.
|
|
||||||
|
|
||||||
A "User Product" is either (1) a "consumer product", which means any tangible
|
|
||||||
personal property which is normally used for personal, family, or household
|
|
||||||
purposes, or (2) anything designed or sold for incorporation into a dwelling.
|
|
||||||
In determining whether a product is a consumer product, doubtful cases shall
|
|
||||||
be resolved in favor of coverage. For a particular product received by a particular
|
|
||||||
user, "normally used" refers to a typical or common use of that class of product,
|
|
||||||
regardless of the status of the particular user or of the way in which the
|
|
||||||
particular user actually uses, or expects or is expected to use, the product.
|
|
||||||
A product is a consumer product regardless of whether the product has substantial
|
|
||||||
commercial, industrial or non-consumer uses, unless such uses represent the
|
|
||||||
only significant mode of use of the product.
|
|
||||||
|
|
||||||
"Installation Information" for a User Product means any methods, procedures,
|
|
||||||
authorization keys, or other information required to install and execute modified
|
|
||||||
versions of a covered work in that User Product from a modified version of
|
|
||||||
its Corresponding Source. The information must suffice to ensure that the
|
|
||||||
continued functioning of the modified object code is in no case prevented
|
|
||||||
or interfered with solely because modification has been made.
|
|
||||||
|
|
||||||
If you convey an object code work under this section in, or with, or specifically
|
|
||||||
for use in, a User Product, and the conveying occurs as part of a transaction
|
|
||||||
in which the right of possession and use of the User Product is transferred
|
|
||||||
to the recipient in perpetuity or for a fixed term (regardless of how the
|
|
||||||
transaction is characterized), the Corresponding Source conveyed under this
|
|
||||||
section must be accompanied by the Installation Information. But this requirement
|
|
||||||
does not apply if neither you nor any third party retains the ability to install
|
|
||||||
modified object code on the User Product (for example, the work has been installed
|
|
||||||
in ROM).
|
|
||||||
|
|
||||||
The requirement to provide Installation Information does not include a requirement
|
|
||||||
to continue to provide support service, warranty, or updates for a work that
|
|
||||||
has been modified or installed by the recipient, or for the User Product in
|
|
||||||
which it has been modified or installed. Access to a network may be denied
|
|
||||||
when the modification itself materially and adversely affects the operation
|
|
||||||
of the network or violates the rules and protocols for communication across
|
|
||||||
the network.
|
|
||||||
|
|
||||||
Corresponding Source conveyed, and Installation Information provided, in accord
|
|
||||||
with this section must be in a format that is publicly documented (and with
|
|
||||||
an implementation available to the public in source code form), and must require
|
|
||||||
no special password or key for unpacking, reading or copying.
|
|
||||||
|
|
||||||
7. Additional Terms.
|
|
||||||
|
|
||||||
"Additional permissions" are terms that supplement the terms of this License
|
|
||||||
by making exceptions from one or more of its conditions. Additional permissions
|
|
||||||
that are applicable to the entire Program shall be treated as though they
|
|
||||||
were included in this License, to the extent that they are valid under applicable
|
|
||||||
law. If additional permissions apply only to part of the Program, that part
|
|
||||||
may be used separately under those permissions, but the entire Program remains
|
|
||||||
governed by this License without regard to the additional permissions.
|
|
||||||
|
|
||||||
When you convey a copy of a covered work, you may at your option remove any
|
|
||||||
additional permissions from that copy, or from any part of it. (Additional
|
|
||||||
permissions may be written to require their own removal in certain cases when
|
|
||||||
you modify the work.) You may place additional permissions on material, added
|
|
||||||
by you to a covered work, for which you have or can give appropriate copyright
|
|
||||||
permission.
|
|
||||||
|
|
||||||
Notwithstanding any other provision of this License, for material you add
|
|
||||||
to a covered work, you may (if authorized by the copyright holders of that
|
|
||||||
material) supplement the terms of this License with terms:
|
|
||||||
|
|
||||||
a) Disclaiming warranty or limiting liability differently from the terms of
|
|
||||||
sections 15 and 16 of this License; or
|
|
||||||
|
|
||||||
b) Requiring preservation of specified reasonable legal notices or author
|
|
||||||
attributions in that material or in the Appropriate Legal Notices displayed
|
|
||||||
by works containing it; or
|
|
||||||
|
|
||||||
c) Prohibiting misrepresentation of the origin of that material, or requiring
|
|
||||||
that modified versions of such material be marked in reasonable ways as different
|
|
||||||
from the original version; or
|
|
||||||
|
|
||||||
d) Limiting the use for publicity purposes of names of licensors or authors
|
|
||||||
of the material; or
|
|
||||||
|
|
||||||
e) Declining to grant rights under trademark law for use of some trade names,
|
|
||||||
trademarks, or service marks; or
|
|
||||||
|
|
||||||
f) Requiring indemnification of licensors and authors of that material by
|
|
||||||
anyone who conveys the material (or modified versions of it) with contractual
|
|
||||||
assumptions of liability to the recipient, for any liability that these contractual
|
|
||||||
assumptions directly impose on those licensors and authors.
|
|
||||||
|
|
||||||
All other non-permissive additional terms are considered "further restrictions"
|
|
||||||
within the meaning of section 10. If the Program as you received it, or any
|
|
||||||
part of it, contains a notice stating that it is governed by this License
|
|
||||||
along with a term that is a further restriction, you may remove that term.
|
|
||||||
If a license document contains a further restriction but permits relicensing
|
|
||||||
or conveying under this License, you may add to a covered work material governed
|
|
||||||
by the terms of that license document, provided that the further restriction
|
|
||||||
does not survive such relicensing or conveying.
|
|
||||||
|
|
||||||
If you add terms to a covered work in accord with this section, you must place,
|
|
||||||
in the relevant source files, a statement of the additional terms that apply
|
|
||||||
to those files, or a notice indicating where to find the applicable terms.
|
|
||||||
|
|
||||||
Additional terms, permissive or non-permissive, may be stated in the form
|
|
||||||
of a separately written license, or stated as exceptions; the above requirements
|
|
||||||
apply either way.
|
|
||||||
|
|
||||||
8. Termination.
|
|
||||||
|
|
||||||
You may not propagate or modify a covered work except as expressly provided
|
|
||||||
under this License. Any attempt otherwise to propagate or modify it is void,
|
|
||||||
and will automatically terminate your rights under this License (including
|
|
||||||
any patent licenses granted under the third paragraph of section 11).
|
|
||||||
|
|
||||||
However, if you cease all violation of this License, then your license from
|
|
||||||
a particular copyright holder is reinstated (a) provisionally, unless and
|
|
||||||
until the copyright holder explicitly and finally terminates your license,
|
|
||||||
and (b) permanently, if the copyright holder fails to notify you of the violation
|
|
||||||
by some reasonable means prior to 60 days after the cessation.
|
|
||||||
|
|
||||||
Moreover, your license from a particular copyright holder is reinstated permanently
|
|
||||||
if the copyright holder notifies you of the violation by some reasonable means,
|
|
||||||
this is the first time you have received notice of violation of this License
|
|
||||||
(for any work) from that copyright holder, and you cure the violation prior
|
|
||||||
to 30 days after your receipt of the notice.
|
|
||||||
|
|
||||||
Termination of your rights under this section does not terminate the licenses
|
|
||||||
of parties who have received copies or rights from you under this License.
|
|
||||||
If your rights have been terminated and not permanently reinstated, you do
|
|
||||||
not qualify to receive new licenses for the same material under section 10.
|
|
||||||
|
|
||||||
9. Acceptance Not Required for Having Copies.
|
|
||||||
|
|
||||||
You are not required to accept this License in order to receive or run a copy
|
|
||||||
of the Program. Ancillary propagation of a covered work occurring solely as
|
|
||||||
a consequence of using peer-to-peer transmission to receive a copy likewise
|
|
||||||
does not require acceptance. However, nothing other than this License grants
|
|
||||||
you permission to propagate or modify any covered work. These actions infringe
|
|
||||||
copyright if you do not accept this License. Therefore, by modifying or propagating
|
|
||||||
a covered work, you indicate your acceptance of this License to do so.
|
|
||||||
|
|
||||||
10. Automatic Licensing of Downstream Recipients.
|
|
||||||
|
|
||||||
Each time you convey a covered work, the recipient automatically receives
|
|
||||||
a license from the original licensors, to run, modify and propagate that work,
|
|
||||||
subject to this License. You are not responsible for enforcing compliance
|
|
||||||
by third parties with this License.
|
|
||||||
|
|
||||||
An "entity transaction" is a transaction transferring control of an organization,
|
|
||||||
or substantially all assets of one, or subdividing an organization, or merging
|
|
||||||
organizations. If propagation of a covered work results from an entity transaction,
|
|
||||||
each party to that transaction who receives a copy of the work also receives
|
|
||||||
whatever licenses to the work the party's predecessor in interest had or could
|
|
||||||
give under the previous paragraph, plus a right to possession of the Corresponding
|
|
||||||
Source of the work from the predecessor in interest, if the predecessor has
|
|
||||||
it or can get it with reasonable efforts.
|
|
||||||
|
|
||||||
You may not impose any further restrictions on the exercise of the rights
|
|
||||||
granted or affirmed under this License. For example, you may not impose a
|
|
||||||
license fee, royalty, or other charge for exercise of rights granted under
|
|
||||||
this License, and you may not initiate litigation (including a cross-claim
|
|
||||||
or counterclaim in a lawsuit) alleging that any patent claim is infringed
|
|
||||||
by making, using, selling, offering for sale, or importing the Program or
|
|
||||||
any portion of it.
|
|
||||||
|
|
||||||
11. Patents.
|
|
||||||
|
|
||||||
A "contributor" is a copyright holder who authorizes use under this License
|
|
||||||
of the Program or a work on which the Program is based. The work thus licensed
|
|
||||||
is called the contributor's "contributor version".
|
|
||||||
|
|
||||||
A contributor's "essential patent claims" are all patent claims owned or controlled
|
|
||||||
by the contributor, whether already acquired or hereafter acquired, that would
|
|
||||||
be infringed by some manner, permitted by this License, of making, using,
|
|
||||||
or selling its contributor version, but do not include claims that would be
|
|
||||||
infringed only as a consequence of further modification of the contributor
|
|
||||||
version. For purposes of this definition, "control" includes the right to
|
|
||||||
grant patent sublicenses in a manner consistent with the requirements of this
|
|
||||||
License.
|
|
||||||
|
|
||||||
Each contributor grants you a non-exclusive, worldwide, royalty-free patent
|
|
||||||
license under the contributor's essential patent claims, to make, use, sell,
|
|
||||||
offer for sale, import and otherwise run, modify and propagate the contents
|
|
||||||
of its contributor version.
|
|
||||||
|
|
||||||
In the following three paragraphs, a "patent license" is any express agreement
|
|
||||||
or commitment, however denominated, not to enforce a patent (such as an express
|
|
||||||
permission to practice a patent or covenant not to sue for patent infringement).
|
|
||||||
To "grant" such a patent license to a party means to make such an agreement
|
|
||||||
or commitment not to enforce a patent against the party.
|
|
||||||
|
|
||||||
If you convey a covered work, knowingly relying on a patent license, and the
|
|
||||||
Corresponding Source of the work is not available for anyone to copy, free
|
|
||||||
of charge and under the terms of this License, through a publicly available
|
|
||||||
network server or other readily accessible means, then you must either (1)
|
|
||||||
cause the Corresponding Source to be so available, or (2) arrange to deprive
|
|
||||||
yourself of the benefit of the patent license for this particular work, or
|
|
||||||
(3) arrange, in a manner consistent with the requirements of this License,
|
|
||||||
to extend the patent license to downstream recipients. "Knowingly relying"
|
|
||||||
means you have actual knowledge that, but for the patent license, your conveying
|
|
||||||
the covered work in a country, or your recipient's use of the covered work
|
|
||||||
in a country, would infringe one or more identifiable patents in that country
|
|
||||||
that you have reason to believe are valid.
|
|
||||||
|
|
||||||
If, pursuant to or in connection with a single transaction or arrangement,
|
|
||||||
you convey, or propagate by procuring conveyance of, a covered work, and grant
|
|
||||||
a patent license to some of the parties receiving the covered work authorizing
|
|
||||||
them to use, propagate, modify or convey a specific copy of the covered work,
|
|
||||||
then the patent license you grant is automatically extended to all recipients
|
|
||||||
of the covered work and works based on it.
|
|
||||||
|
|
||||||
A patent license is "discriminatory" if it does not include within the scope
|
|
||||||
of its coverage, prohibits the exercise of, or is conditioned on the non-exercise
|
|
||||||
of one or more of the rights that are specifically granted under this License.
|
|
||||||
You may not convey a covered work if you are a party to an arrangement with
|
|
||||||
a third party that is in the business of distributing software, under which
|
|
||||||
you make payment to the third party based on the extent of your activity of
|
|
||||||
conveying the work, and under which the third party grants, to any of the
|
|
||||||
parties who would receive the covered work from you, a discriminatory patent
|
|
||||||
license (a) in connection with copies of the covered work conveyed by you
|
|
||||||
(or copies made from those copies), or (b) primarily for and in connection
|
|
||||||
with specific products or compilations that contain the covered work, unless
|
|
||||||
you entered into that arrangement, or that patent license was granted, prior
|
|
||||||
to 28 March 2007.
|
|
||||||
|
|
||||||
Nothing in this License shall be construed as excluding or limiting any implied
|
|
||||||
license or other defenses to infringement that may otherwise be available
|
|
||||||
to you under applicable patent law.
|
|
||||||
|
|
||||||
12. No Surrender of Others' Freedom.
|
|
||||||
|
|
||||||
If conditions are imposed on you (whether by court order, agreement or otherwise)
|
|
||||||
that contradict the conditions of this License, they do not excuse you from
|
|
||||||
the conditions of this License. If you cannot convey a covered work so as
|
|
||||||
to satisfy simultaneously your obligations under this License and any other
|
|
||||||
pertinent obligations, then as a consequence you may not convey it at all.
|
|
||||||
For example, if you agree to terms that obligate you to collect a royalty
|
|
||||||
for further conveying from those to whom you convey the Program, the only
|
|
||||||
way you could satisfy both those terms and this License would be to refrain
|
|
||||||
entirely from conveying the Program.
|
|
||||||
|
|
||||||
13. Use with the GNU Affero General Public License.
|
|
||||||
|
|
||||||
Notwithstanding any other provision of this License, you have permission to
|
|
||||||
link or combine any covered work with a work licensed under version 3 of the
|
|
||||||
GNU Affero General Public License into a single combined work, and to convey
|
|
||||||
the resulting work. The terms of this License will continue to apply to the
|
|
||||||
part which is the covered work, but the special requirements of the GNU Affero
|
|
||||||
General Public License, section 13, concerning interaction through a network
|
|
||||||
will apply to the combination as such.
|
|
||||||
|
|
||||||
14. Revised Versions of this License.
|
|
||||||
|
|
||||||
The Free Software Foundation may publish revised and/or new versions of the
|
|
||||||
GNU General Public License from time to time. Such new versions will be similar
|
|
||||||
in spirit to the present version, but may differ in detail to address new
|
|
||||||
problems or concerns.
|
|
||||||
|
|
||||||
Each version is given a distinguishing version number. If the Program specifies
|
|
||||||
that a certain numbered version of the GNU General Public License "or any
|
|
||||||
later version" applies to it, you have the option of following the terms and
|
|
||||||
conditions either of that numbered version or of any later version published
|
|
||||||
by the Free Software Foundation. If the Program does not specify a version
|
|
||||||
number of the GNU General Public License, you may choose any version ever
|
|
||||||
published by the Free Software Foundation.
|
|
||||||
|
|
||||||
If the Program specifies that a proxy can decide which future versions of
|
|
||||||
the GNU General Public License can be used, that proxy's public statement
|
|
||||||
of acceptance of a version permanently authorizes you to choose that version
|
|
||||||
for the Program.
|
|
||||||
|
|
||||||
Later license versions may give you additional or different permissions. However,
|
|
||||||
no additional obligations are imposed on any author or copyright holder as
|
|
||||||
a result of your choosing to follow a later version.
|
|
||||||
|
|
||||||
15. Disclaimer of Warranty.
|
|
||||||
|
|
||||||
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE
|
|
||||||
LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
|
|
||||||
OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER
|
|
||||||
EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
||||||
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
|
|
||||||
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM
|
|
||||||
PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR
|
|
||||||
CORRECTION.
|
|
||||||
|
|
||||||
16. Limitation of Liability.
|
|
||||||
|
|
||||||
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL
|
|
||||||
ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM
|
|
||||||
AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL,
|
|
||||||
INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO
|
|
||||||
USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED
|
|
||||||
INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE
|
|
||||||
PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER
|
|
||||||
PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
|
|
||||||
|
|
||||||
17. Interpretation of Sections 15 and 16.
|
|
||||||
|
|
||||||
If the disclaimer of warranty and limitation of liability provided above cannot
|
|
||||||
be given local legal effect according to their terms, reviewing courts shall
|
|
||||||
apply local law that most closely approximates an absolute waiver of all civil
|
|
||||||
liability in connection with the Program, unless a warranty or assumption
|
|
||||||
of liability accompanies a copy of the Program in return for a fee. END OF
|
|
||||||
TERMS AND CONDITIONS
|
|
||||||
|
|
||||||
How to Apply These Terms to Your New Programs
|
|
||||||
|
|
||||||
If you develop a new program, and you want it to be of the greatest possible
|
|
||||||
use to the public, the best way to achieve this is to make it free software
|
|
||||||
which everyone can redistribute and change under these terms.
|
|
||||||
|
|
||||||
To do so, attach the following notices to the program. It is safest to attach
|
|
||||||
them to the start of each source file to most effectively state the exclusion
|
|
||||||
of warranty; and each file should have at least the "copyright" line and a
|
|
||||||
pointer to where the full notice is found.
|
|
||||||
|
|
||||||
<one line to give the program's name and a brief idea of what it does.>
|
|
||||||
|
|
||||||
Copyright (C) <year> <name of author>
|
|
||||||
|
|
||||||
This program is free software: you can redistribute it and/or modify it under
|
|
||||||
the terms of the GNU General Public License as published by the Free Software
|
|
||||||
Foundation, either version 3 of the License, or (at your option) any later
|
|
||||||
version.
|
|
||||||
|
|
||||||
This program is distributed in the hope that it will be useful, but WITHOUT
|
|
||||||
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
|
||||||
FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
|
||||||
|
|
||||||
You should have received a copy of the GNU General Public License along with
|
|
||||||
this program. If not, see <https://www.gnu.org/licenses/>.
|
|
||||||
|
|
||||||
Also add information on how to contact you by electronic and paper mail.
|
|
||||||
|
|
||||||
If the program does terminal interaction, make it output a short notice like
|
|
||||||
this when it starts in an interactive mode:
|
|
||||||
|
|
||||||
<program> Copyright (C) <year> <name of author>
|
|
||||||
|
|
||||||
This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
|
|
||||||
|
|
||||||
This is free software, and you are welcome to redistribute it under certain
|
|
||||||
conditions; type `show c' for details.
|
|
||||||
|
|
||||||
The hypothetical commands `show w' and `show c' should show the appropriate
|
|
||||||
parts of the General Public License. Of course, your program's commands might
|
|
||||||
be different; for a GUI interface, you would use an "about box".
|
|
||||||
|
|
||||||
You should also get your employer (if you work as a programmer) or school,
|
|
||||||
if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
|
||||||
more information on this, and how to apply and follow the GNU GPL, see <https://www.gnu.org/licenses/>.
|
|
||||||
|
|
||||||
The GNU General Public License does not permit incorporating your program
|
|
||||||
into proprietary programs. If your program is a subroutine library, you may
|
|
||||||
consider it more useful to permit linking proprietary applications with the
|
|
||||||
library. If this is what you want to do, use the GNU Lesser General Public
|
|
||||||
License instead of this License. But first, please read <https://www.gnu.org/
|
|
||||||
licenses /why-not-lgpl.html>.
|
|
@ -1,32 +1,23 @@
|
|||||||
---
|
---
|
||||||
# Copyright (C) 2018-2022 Robert Wimmer
|
- name: restart wireguard
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
service:
|
||||||
|
|
||||||
- name: Restart wireguard
|
|
||||||
ansible.builtin.service:
|
|
||||||
name: "wg-quick@{{ wireguard_interface }}"
|
name: "wg-quick@{{ wireguard_interface }}"
|
||||||
state: "{{ item }}"
|
state: "{{ item }}"
|
||||||
loop:
|
loop:
|
||||||
- stopped
|
- stopped
|
||||||
- started
|
- started
|
||||||
when:
|
when: not wg_syncconf
|
||||||
- wireguard__restart_interface
|
|
||||||
- not ansible_os_family == 'Darwin'
|
|
||||||
- wireguard_service_enabled == "yes"
|
|
||||||
listen: "reconfigure wireguard"
|
listen: "reconfigure wireguard"
|
||||||
|
|
||||||
- name: Syncconf wireguard
|
- name: syncconf wireguard
|
||||||
ansible.builtin.shell: |
|
shell: |
|
||||||
set -o errexit
|
set -o errexit
|
||||||
set -o pipefail
|
set -o pipefail
|
||||||
set -o nounset
|
set -o nounset
|
||||||
systemctl is-active wg-quick@{{ wireguard_interface | quote }} || systemctl start wg-quick@{{ wireguard_interface | quote }}
|
systemctl is-active wg-quick@wg-quick@{{ wireguard_interface|quote }} || systemctl start wg-quick@{{ wireguard_interface|quote }}
|
||||||
wg syncconf {{ wireguard_interface|quote }} <(wg-quick strip /etc/wireguard/{{ wireguard_interface|quote }}.conf)
|
wg syncconf {{ wireguard_interface|quote }} <(wg-quick strip /etc/wireguard/{{ wireguard_interface|quote }}.conf)
|
||||||
exit 0
|
exit 0
|
||||||
args:
|
args:
|
||||||
executable: "/bin/bash"
|
executable: "/bin/bash"
|
||||||
when:
|
when: wg_syncconf
|
||||||
- not wireguard__restart_interface
|
|
||||||
- not ansible_os_family == 'Darwin'
|
|
||||||
- wireguard_service_enabled == "yes"
|
|
||||||
listen: "reconfigure wireguard"
|
listen: "reconfigure wireguard"
|
||||||
|
@ -1,12 +0,0 @@
|
|||||||
---
|
|
||||||
# Copyright (C) 2022 Robert Wimmer
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
|
|
||||||
- hosts: all
|
|
||||||
remote_user: vagrant
|
|
||||||
become: true
|
|
||||||
gather_facts: true
|
|
||||||
tasks:
|
|
||||||
- name: Include WireGuard role
|
|
||||||
ansible.builtin.include_role:
|
|
||||||
name: githubixx.ansible_role_wireguard
|
|
@ -1,95 +0,0 @@
|
|||||||
---
|
|
||||||
# Copyright (C) 2022 Robert Wimmer
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
|
|
||||||
dependency:
|
|
||||||
name: galaxy
|
|
||||||
|
|
||||||
driver:
|
|
||||||
name: vagrant
|
|
||||||
provider:
|
|
||||||
name: libvirt
|
|
||||||
type: libvirt
|
|
||||||
options:
|
|
||||||
memory: 192
|
|
||||||
cpus: 2
|
|
||||||
|
|
||||||
platforms:
|
|
||||||
- name: test-wg-ubuntu2004
|
|
||||||
box: generic/ubuntu2004
|
|
||||||
interfaces:
|
|
||||||
- auto_config: true
|
|
||||||
network_name: private_network
|
|
||||||
type: static
|
|
||||||
ip: 192.168.10.10
|
|
||||||
groups:
|
|
||||||
- vpn
|
|
||||||
- ubuntu
|
|
||||||
- name: test-wg-ubuntu1804
|
|
||||||
box: generic/ubuntu1804
|
|
||||||
interfaces:
|
|
||||||
- auto_config: true
|
|
||||||
network_name: private_network
|
|
||||||
type: static
|
|
||||||
ip: 192.168.10.20
|
|
||||||
groups:
|
|
||||||
- vpn
|
|
||||||
- ubuntu
|
|
||||||
- name: test-wg-debian11
|
|
||||||
box: generic/debian11
|
|
||||||
interfaces:
|
|
||||||
- auto_config: true
|
|
||||||
network_name: private_network
|
|
||||||
type: static
|
|
||||||
ip: 192.168.10.30
|
|
||||||
groups:
|
|
||||||
- vpn
|
|
||||||
- debian
|
|
||||||
- name: test-wg-ubuntu2204
|
|
||||||
box: alvistack/ubuntu-22.04
|
|
||||||
interfaces:
|
|
||||||
- auto_config: true
|
|
||||||
network_name: private_network
|
|
||||||
type: static
|
|
||||||
ip: 192.168.10.40
|
|
||||||
groups:
|
|
||||||
- vpn
|
|
||||||
- ubuntu
|
|
||||||
|
|
||||||
provisioner:
|
|
||||||
name: ansible
|
|
||||||
connection_options:
|
|
||||||
ansible_ssh_user: vagrant
|
|
||||||
ansible_become: true
|
|
||||||
log: true
|
|
||||||
lint:
|
|
||||||
name: ansible-lint
|
|
||||||
inventory:
|
|
||||||
host_vars:
|
|
||||||
test-wg-ubuntu2004:
|
|
||||||
wireguard_address: "10.10.10.10/24"
|
|
||||||
wireguard_port: 51820
|
|
||||||
wireguard_persistent_keepalive: "30"
|
|
||||||
wireguard_endpoint: "192.168.10.10"
|
|
||||||
test-wg-ubuntu1804:
|
|
||||||
wireguard_address: "10.10.10.20/24"
|
|
||||||
wireguard_persistent_keepalive: "30"
|
|
||||||
wireguard_endpoint: ""
|
|
||||||
test-wg-debian11:
|
|
||||||
wireguard_address: "10.10.10.30/24"
|
|
||||||
wireguard_persistent_keepalive: "30"
|
|
||||||
wireguard_endpoint: ""
|
|
||||||
ansible_python_interpreter: "/usr/bin/python3"
|
|
||||||
test-wg-ubuntu2204:
|
|
||||||
wireguard_address: "10.10.10.40/24"
|
|
||||||
wireguard_persistent_keepalive: "30"
|
|
||||||
wireguard_endpoint: ""
|
|
||||||
|
|
||||||
scenario:
|
|
||||||
name: kvm-single-server
|
|
||||||
test_sequence:
|
|
||||||
- prepare
|
|
||||||
- converge
|
|
||||||
|
|
||||||
verifier:
|
|
||||||
name: ansible
|
|
@ -1,13 +0,0 @@
|
|||||||
---
|
|
||||||
# Copyright (C) 2022 Robert Wimmer
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
|
|
||||||
- hosts: ubuntu
|
|
||||||
remote_user: vagrant
|
|
||||||
become: true
|
|
||||||
gather_facts: true
|
|
||||||
tasks:
|
|
||||||
- name: Update APT package cache
|
|
||||||
ansible.builtin.apt:
|
|
||||||
update_cache: true
|
|
||||||
cache_valid_time: 3600
|
|
@ -1,33 +0,0 @@
|
|||||||
---
|
|
||||||
# Copyright (C) 2022 Robert Wimmer
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
|
|
||||||
- name: Verify setup
|
|
||||||
hosts: all
|
|
||||||
vars:
|
|
||||||
hosts_count: "{{ groups['vpn'] | length }}"
|
|
||||||
tasks:
|
|
||||||
- name: Count WireGuard interfaces
|
|
||||||
ansible.builtin.shell: |
|
|
||||||
set -o errexit
|
|
||||||
set -o pipefail
|
|
||||||
set -o nounset
|
|
||||||
wg | grep "peer: " | wc -l
|
|
||||||
exit 0
|
|
||||||
args:
|
|
||||||
executable: "/bin/bash"
|
|
||||||
register: wireguard__interfaces_count
|
|
||||||
changed_when: false
|
|
||||||
|
|
||||||
- name: Print WireGuard interface count
|
|
||||||
ansible.builtin.debug:
|
|
||||||
var: wireguard__interfaces_count.stdout
|
|
||||||
|
|
||||||
- name: Print hosts count in vpn group
|
|
||||||
ansible.builtin.debug:
|
|
||||||
var: hosts_count
|
|
||||||
|
|
||||||
- name: There should be as much WireGuard interfaces as hosts in vpn group minus one
|
|
||||||
ansible.builtin.assert:
|
|
||||||
that:
|
|
||||||
- "hosts_count|int -1 == wireguard__interfaces_count.stdout|int"
|
|
@ -1,12 +0,0 @@
|
|||||||
---
|
|
||||||
# Copyright (C) 2020-2022 Robert Wimmer
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
|
|
||||||
- hosts: all
|
|
||||||
remote_user: vagrant
|
|
||||||
become: true
|
|
||||||
gather_facts: true
|
|
||||||
tasks:
|
|
||||||
- name: Include WireGuard role
|
|
||||||
ansible.builtin.include_role:
|
|
||||||
name: githubixx.ansible_role_wireguard
|
|
@ -1,297 +0,0 @@
|
|||||||
---
|
|
||||||
# Copyright (C) 2020-2022 Robert Wimmer
|
|
||||||
# Copyright (C) 2020 Pierre Ozoux
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
|
|
||||||
dependency:
|
|
||||||
name: galaxy
|
|
||||||
|
|
||||||
driver:
|
|
||||||
name: vagrant
|
|
||||||
provider:
|
|
||||||
name: libvirt
|
|
||||||
type: libvirt
|
|
||||||
|
|
||||||
platforms:
|
|
||||||
- name: test-wg-ubuntu2004
|
|
||||||
box: generic/ubuntu2004
|
|
||||||
memory: 1024
|
|
||||||
cpus: 2
|
|
||||||
interfaces:
|
|
||||||
- auto_config: true
|
|
||||||
network_name: private_network
|
|
||||||
type: static
|
|
||||||
ip: 192.168.10.10
|
|
||||||
groups:
|
|
||||||
- vpn
|
|
||||||
- ubuntu
|
|
||||||
- name: test-wg-ubuntu1804
|
|
||||||
box: generic/ubuntu1804
|
|
||||||
memory: 1024
|
|
||||||
cpus: 2
|
|
||||||
interfaces:
|
|
||||||
- auto_config: true
|
|
||||||
network_name: private_network
|
|
||||||
type: static
|
|
||||||
ip: 192.168.10.20
|
|
||||||
groups:
|
|
||||||
- vpn
|
|
||||||
- ubuntu
|
|
||||||
- name: test-wg-fedora36
|
|
||||||
box: generic/fedora36
|
|
||||||
memory: 1024
|
|
||||||
cpus: 2
|
|
||||||
interfaces:
|
|
||||||
- auto_config: true
|
|
||||||
network_name: private_network
|
|
||||||
type: static
|
|
||||||
ip: 192.168.10.40
|
|
||||||
groups:
|
|
||||||
- vpn
|
|
||||||
- fedora
|
|
||||||
- name: test-wg-centos7
|
|
||||||
box: generic/centos7
|
|
||||||
memory: 1024
|
|
||||||
cpus: 2
|
|
||||||
interfaces:
|
|
||||||
- auto_config: true
|
|
||||||
network_name: private_network
|
|
||||||
type: static
|
|
||||||
ip: 192.168.10.50
|
|
||||||
groups:
|
|
||||||
- vpn
|
|
||||||
- el7
|
|
||||||
- name: test-wg-arch
|
|
||||||
box: archlinux/archlinux
|
|
||||||
memory: 1024
|
|
||||||
cpus: 2
|
|
||||||
interfaces:
|
|
||||||
- auto_config: true
|
|
||||||
network_name: private_network
|
|
||||||
type: static
|
|
||||||
ip: 192.168.10.60
|
|
||||||
groups:
|
|
||||||
- vpn
|
|
||||||
- archlinux
|
|
||||||
- name: test-wg-debian11
|
|
||||||
box: generic/debian11
|
|
||||||
memory: 1024
|
|
||||||
cpus: 2
|
|
||||||
interfaces:
|
|
||||||
- auto_config: true
|
|
||||||
network_name: private_network
|
|
||||||
type: static
|
|
||||||
ip: 192.168.10.70
|
|
||||||
groups:
|
|
||||||
- vpn
|
|
||||||
- debian
|
|
||||||
- name: test-wg-rocky8
|
|
||||||
box: generic/rocky8
|
|
||||||
memory: 1024
|
|
||||||
cpus: 2
|
|
||||||
interfaces:
|
|
||||||
- auto_config: true
|
|
||||||
network_name: private_network
|
|
||||||
type: static
|
|
||||||
ip: 192.168.10.80
|
|
||||||
groups:
|
|
||||||
- vpn
|
|
||||||
- el8
|
|
||||||
- name: test-wg-alma8
|
|
||||||
box: generic/alma8
|
|
||||||
memory: 1024
|
|
||||||
cpus: 2
|
|
||||||
interfaces:
|
|
||||||
- auto_config: true
|
|
||||||
network_name: private_network
|
|
||||||
type: static
|
|
||||||
ip: 192.168.10.90
|
|
||||||
groups:
|
|
||||||
- vpn
|
|
||||||
- el8
|
|
||||||
- name: test-wg-centos7-kernel-plus
|
|
||||||
box: generic/centos7
|
|
||||||
memory: 1024
|
|
||||||
cpus: 2
|
|
||||||
interfaces:
|
|
||||||
- auto_config: true
|
|
||||||
network_name: private_network
|
|
||||||
type: static
|
|
||||||
ip: 192.168.10.100
|
|
||||||
groups:
|
|
||||||
- vpn
|
|
||||||
- el7
|
|
||||||
- name: test-wg-rocky8-dkms
|
|
||||||
box: generic/rocky8
|
|
||||||
memory: 1024
|
|
||||||
cpus: 2
|
|
||||||
interfaces:
|
|
||||||
- auto_config: true
|
|
||||||
network_name: private_network
|
|
||||||
type: static
|
|
||||||
ip: 192.168.10.130
|
|
||||||
groups:
|
|
||||||
- vpn
|
|
||||||
- el8
|
|
||||||
- el8dkms
|
|
||||||
- name: test-wg-ubuntu2204
|
|
||||||
box: generic/ubuntu2004
|
|
||||||
memory: 1024
|
|
||||||
cpus: 2
|
|
||||||
interfaces:
|
|
||||||
- auto_config: true
|
|
||||||
network_name: private_network
|
|
||||||
type: static
|
|
||||||
ip: 192.168.10.140
|
|
||||||
groups:
|
|
||||||
- vpn
|
|
||||||
- ubuntu
|
|
||||||
- name: test-wg-opensuse-leap-15-4
|
|
||||||
box: opensuse/Leap-15.4.x86_64
|
|
||||||
memory: 1024
|
|
||||||
cpus: 2
|
|
||||||
interfaces:
|
|
||||||
- auto_config: true
|
|
||||||
network_name: private_network
|
|
||||||
type: static
|
|
||||||
ip: 192.168.10.150
|
|
||||||
groups:
|
|
||||||
- vpn
|
|
||||||
- opensuse
|
|
||||||
- name: test-wg-rocky9
|
|
||||||
box: generic/rocky9
|
|
||||||
memory: 1024
|
|
||||||
cpus: 2
|
|
||||||
interfaces:
|
|
||||||
- auto_config: true
|
|
||||||
network_name: private_network
|
|
||||||
type: static
|
|
||||||
ip: 192.168.10.160
|
|
||||||
groups:
|
|
||||||
- vpn
|
|
||||||
- el9
|
|
||||||
- name: test-wg-alma9
|
|
||||||
box: generic/alma9
|
|
||||||
memory: 1024
|
|
||||||
cpus: 2
|
|
||||||
interfaces:
|
|
||||||
- auto_config: true
|
|
||||||
network_name: private_network
|
|
||||||
type: static
|
|
||||||
ip: 192.168.10.170
|
|
||||||
groups:
|
|
||||||
- vpn
|
|
||||||
- el9
|
|
||||||
- name: test-wg-oracle9
|
|
||||||
box: generic/oracle9
|
|
||||||
memory: 1024
|
|
||||||
cpus: 2
|
|
||||||
interfaces:
|
|
||||||
- auto_config: true
|
|
||||||
network_name: private_network
|
|
||||||
type: static
|
|
||||||
ip: 192.168.10.180
|
|
||||||
groups:
|
|
||||||
- vpn
|
|
||||||
- el9
|
|
||||||
|
|
||||||
provisioner:
|
|
||||||
name: ansible
|
|
||||||
connection_options:
|
|
||||||
ansible_ssh_user: vagrant
|
|
||||||
ansible_become: true
|
|
||||||
log: true
|
|
||||||
lint:
|
|
||||||
name: ansible-lint
|
|
||||||
inventory:
|
|
||||||
host_vars:
|
|
||||||
test-wg-ubuntu2004:
|
|
||||||
wireguard_address: "10.10.10.10/24"
|
|
||||||
wireguard_port: 51820
|
|
||||||
wireguard_persistent_keepalive: "30"
|
|
||||||
wireguard_endpoint: "192.168.10.10"
|
|
||||||
test-wg-ubuntu1804:
|
|
||||||
wireguard_address: "10.10.10.20/24"
|
|
||||||
wireguard_port: 51820
|
|
||||||
wireguard_persistent_keepalive: "30"
|
|
||||||
wireguard_endpoint: "192.168.10.20"
|
|
||||||
test-wg-fedora36:
|
|
||||||
wireguard_address: "10.10.10.40/24"
|
|
||||||
wireguard_port: 51820
|
|
||||||
wireguard_persistent_keepalive: "30"
|
|
||||||
wireguard_endpoint: "192.168.10.40"
|
|
||||||
wireguard_interface_restart: true
|
|
||||||
test-wg-centos7:
|
|
||||||
wireguard_address: "10.10.10.50/24"
|
|
||||||
wireguard_port: 51820
|
|
||||||
wireguard_persistent_keepalive: "30"
|
|
||||||
wireguard_endpoint: "192.168.10.50"
|
|
||||||
wireguard_interface_restart: true
|
|
||||||
test-wg-arch:
|
|
||||||
wireguard_address: "10.10.10.60/24"
|
|
||||||
wireguard_port: 51820
|
|
||||||
wireguard_persistent_keepalive: "30"
|
|
||||||
wireguard_endpoint: "192.168.10.60"
|
|
||||||
ansible_python_interpreter: "/usr/bin/python"
|
|
||||||
test-wg-debian11:
|
|
||||||
wireguard_address: "10.10.10.70/24"
|
|
||||||
wireguard_port: 51820
|
|
||||||
wireguard_persistent_keepalive: "30"
|
|
||||||
wireguard_endpoint: "192.168.10.70"
|
|
||||||
ansible_python_interpreter: "/usr/bin/python3"
|
|
||||||
test-wg-rocky8:
|
|
||||||
wireguard_address: "10.10.10.80/24"
|
|
||||||
wireguard_port: 51820
|
|
||||||
wireguard_persistent_keepalive: "30"
|
|
||||||
wireguard_endpoint: "192.168.10.80"
|
|
||||||
test-wg-alma8:
|
|
||||||
wireguard_address: "10.10.10.90/24"
|
|
||||||
wireguard_port: 51820
|
|
||||||
wireguard_persistent_keepalive: "30"
|
|
||||||
wireguard_endpoint: "192.168.10.90"
|
|
||||||
test-wg-centos7-kernel-plus:
|
|
||||||
wireguard_address: "10.10.10.100/24"
|
|
||||||
wireguard_port: 51821
|
|
||||||
wireguard_persistent_keepalive: "30"
|
|
||||||
wireguard_endpoint: "192.168.10.100"
|
|
||||||
wireguard_centos7_installation_method: "kernel-plus"
|
|
||||||
test-wg-rocky8-dkms:
|
|
||||||
wireguard_address: "10.10.10.130/24"
|
|
||||||
wireguard_port: 51820
|
|
||||||
wireguard_persistent_keepalive: "30"
|
|
||||||
wireguard_endpoint: "192.168.10.130"
|
|
||||||
wireguard_rockylinux8_installation_method: "dkms"
|
|
||||||
test-wg-ubuntu2204:
|
|
||||||
wireguard_address: "10.10.10.140/24"
|
|
||||||
wireguard_port: 51820
|
|
||||||
wireguard_persistent_keepalive: "30"
|
|
||||||
wireguard_endpoint: "192.168.10.140"
|
|
||||||
test-wg-opensuse-leap-15-4:
|
|
||||||
wireguard_address: "10.10.10.150/24"
|
|
||||||
wireguard_port: 51820
|
|
||||||
wireguard_persistent_keepalive: "30"
|
|
||||||
wireguard_endpoint: "192.168.10.150"
|
|
||||||
test-wg-rocky9:
|
|
||||||
wireguard_address: "10.10.10.160/24"
|
|
||||||
wireguard_port: 51820
|
|
||||||
wireguard_persistent_keepalive: "30"
|
|
||||||
wireguard_endpoint: "192.168.10.160"
|
|
||||||
test-wg-alma9:
|
|
||||||
wireguard_address: "10.10.10.170/24"
|
|
||||||
wireguard_port: 51820
|
|
||||||
wireguard_persistent_keepalive: "30"
|
|
||||||
wireguard_endpoint: "192.168.10.170"
|
|
||||||
test-wg-oracle9:
|
|
||||||
wireguard_address: "10.10.10.180/24"
|
|
||||||
wireguard_port: 51820
|
|
||||||
wireguard_persistent_keepalive: "30"
|
|
||||||
wireguard_endpoint: "192.168.10.180"
|
|
||||||
|
|
||||||
scenario:
|
|
||||||
name: kvm
|
|
||||||
test_sequence:
|
|
||||||
- prepare
|
|
||||||
- converge
|
|
||||||
|
|
||||||
verifier:
|
|
||||||
name: ansible
|
|
@ -1,70 +0,0 @@
|
|||||||
---
|
|
||||||
# Copyright (C) 2021-2023 Robert Wimmer
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
|
|
||||||
- hosts: opensuse
|
|
||||||
remote_user: vagrant
|
|
||||||
become: true
|
|
||||||
gather_facts: true
|
|
||||||
tasks:
|
|
||||||
- name: Remove backports repositories
|
|
||||||
ansible.builtin.raw: |
|
|
||||||
zypper rr repo-backports-debug-update
|
|
||||||
zypper rr repo-backports-update
|
|
||||||
changed_when: false
|
|
||||||
failed_when: false
|
|
||||||
|
|
||||||
- hosts: archlinux
|
|
||||||
remote_user: vagrant
|
|
||||||
become: true
|
|
||||||
gather_facts: false
|
|
||||||
tasks:
|
|
||||||
- name: Init pacman
|
|
||||||
ansible.builtin.raw: |
|
|
||||||
pacman-key --init
|
|
||||||
pacman-key --populate archlinux
|
|
||||||
changed_when: false
|
|
||||||
failed_when: false
|
|
||||||
|
|
||||||
- name: Updating pacman cache
|
|
||||||
raw: pacman -Sy
|
|
||||||
|
|
||||||
- name: Install Python
|
|
||||||
ansible.builtin.raw: |
|
|
||||||
pacman -S --noconfirm python
|
|
||||||
args:
|
|
||||||
executable: /bin/bash
|
|
||||||
changed_when: false
|
|
||||||
|
|
||||||
- hosts: proxmox
|
|
||||||
remote_user: vagrant
|
|
||||||
become: true
|
|
||||||
gather_facts: true
|
|
||||||
tasks:
|
|
||||||
- name: (Proxmox) Delete /var/lib/apt/lists/lock
|
|
||||||
ansible.builtin.file:
|
|
||||||
name: /var/lib/apt/lists/lock
|
|
||||||
state: absent
|
|
||||||
|
|
||||||
- hosts: ubuntu
|
|
||||||
remote_user: vagrant
|
|
||||||
become: true
|
|
||||||
gather_facts: true
|
|
||||||
tasks:
|
|
||||||
- name: Update APT package cache
|
|
||||||
ansible.builtin.apt:
|
|
||||||
update_cache: true
|
|
||||||
cache_valid_time: 3600
|
|
||||||
|
|
||||||
- hosts: el8dkms
|
|
||||||
remote_user: vagrant
|
|
||||||
become: true
|
|
||||||
gather_facts: true
|
|
||||||
tasks:
|
|
||||||
- name: Install ELRepo mainline kernel
|
|
||||||
ansible.builtin.raw: |
|
|
||||||
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
|
|
||||||
dnf install -y https://www.elrepo.org/elrepo-release-8.el8.elrepo.noarch.rpm
|
|
||||||
dnf --enablerepo=elrepo-kernel install -y kernel-ml
|
|
||||||
changed_when: false
|
|
||||||
failed_when: false
|
|
@ -1,33 +0,0 @@
|
|||||||
---
|
|
||||||
# Copyright (C) 2022 Robert Wimmer
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
|
|
||||||
- name: Verify setup
|
|
||||||
hosts: all
|
|
||||||
vars:
|
|
||||||
hosts_count: "{{ groups['vpn'] | length }}"
|
|
||||||
tasks:
|
|
||||||
- name: Count WireGuard interfaces
|
|
||||||
ansible.builtin.shell: |
|
|
||||||
set -o errexit
|
|
||||||
set -o pipefail
|
|
||||||
set -o nounset
|
|
||||||
wg | grep "peer: " | wc -l
|
|
||||||
exit 0
|
|
||||||
args:
|
|
||||||
executable: "/bin/bash"
|
|
||||||
register: wireguard__interfaces_count
|
|
||||||
changed_when: false
|
|
||||||
|
|
||||||
- name: Print WireGuard interface count
|
|
||||||
ansible.builtin.debug:
|
|
||||||
var: wireguard__interfaces_count.stdout
|
|
||||||
|
|
||||||
- name: Print hosts count in vpn group
|
|
||||||
ansible.builtin.debug:
|
|
||||||
var: hosts_count
|
|
||||||
|
|
||||||
- name: There should be as much WireGuard interfaces as hosts in vpn group minus one
|
|
||||||
ansible.builtin.assert:
|
|
||||||
that:
|
|
||||||
- "hosts_count|int -1 == wireguard__interfaces_count.stdout|int"
|
|
@ -1,23 +0,0 @@
|
|||||||
---
|
|
||||||
# Copyright (C) 2021-2022 Robert Wimmer
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
|
|
||||||
- name: (AlmaLinux 8) Install EPEL & ELRepo repository
|
|
||||||
ansible.builtin.yum:
|
|
||||||
name:
|
|
||||||
- epel-release
|
|
||||||
- elrepo-release
|
|
||||||
update_cache: "{{ wireguard_update_cache }}"
|
|
||||||
|
|
||||||
- name: (AlmaLinux 8) Ensure WireGuard DKMS package is removed
|
|
||||||
ansible.builtin.yum:
|
|
||||||
name:
|
|
||||||
- "wireguard-dkms"
|
|
||||||
state: absent
|
|
||||||
|
|
||||||
- name: (AlmaLinux 8) Install WireGuard packages
|
|
||||||
ansible.builtin.yum:
|
|
||||||
name:
|
|
||||||
- "kmod-wireguard"
|
|
||||||
- "wireguard-tools"
|
|
||||||
state: present
|
|
@ -1,9 +0,0 @@
|
|||||||
---
|
|
||||||
# Copyright (C) 2022 Robert Wimmer
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
|
|
||||||
- name: (AlmaLinux) Install wireguard-tools package
|
|
||||||
ansible.builtin.yum:
|
|
||||||
name: wireguard-tools
|
|
||||||
state: present
|
|
||||||
update_cache: "{{ wireguard_update_cache }}"
|
|
@ -1,12 +1,32 @@
|
|||||||
---
|
---
|
||||||
# Copyright (C) 2018-2022 Robert Wimmer
|
- name: (Archlinux) Install wireguard-lts package
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
pacman:
|
||||||
|
name: "{{ item.name }}"
|
||||||
|
state: "{{ item.state }}"
|
||||||
|
with_items:
|
||||||
|
- { name: wireguard-dkms, state: absent }
|
||||||
|
- { name: wireguard-lts, state: present }
|
||||||
|
become: yes
|
||||||
|
tags:
|
||||||
|
- wg-install
|
||||||
|
when:
|
||||||
|
- ansible_kernel is match(".*-lts$")
|
||||||
|
- ansible_kernel is version('5.6', '<')
|
||||||
|
|
||||||
- name: (Archlinux) Refresh the master package lists
|
- name: (Archlinux) Install wireguard-dkms package
|
||||||
community.general.pacman:
|
pacman:
|
||||||
update_cache: "{{ wireguard_update_cache }}"
|
name: wireguard-dkms
|
||||||
|
state: present
|
||||||
|
become: yes
|
||||||
|
tags:
|
||||||
|
- wg-install
|
||||||
|
when:
|
||||||
|
- not ansible_kernel is match(".*-lts$")
|
||||||
|
- ansible_kernel is version('5.6', '<')
|
||||||
|
|
||||||
- name: (Archlinux) Install wireguard-tools package
|
- name: (Archlinux) Install wireguard-tools package
|
||||||
community.general.pacman:
|
pacman:
|
||||||
name: wireguard-tools
|
name: wireguard-tools
|
||||||
state: present
|
state: present
|
||||||
|
tags:
|
||||||
|
- wg-install
|
||||||
|
@ -1,77 +0,0 @@
|
|||||||
---
|
|
||||||
# Copyright (C) 2020 Roman Danko
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
|
|
||||||
- name: (CentOS 7) Tasks for standard kernel
|
|
||||||
when:
|
|
||||||
- wireguard_centos7_installation_method == "standard"
|
|
||||||
block:
|
|
||||||
- name: (CentOS 7) Install EPEL & ELRepo repository
|
|
||||||
ansible.builtin.yum:
|
|
||||||
name:
|
|
||||||
- epel-release
|
|
||||||
- https://www.elrepo.org/elrepo-release-7.el7.elrepo.noarch.rpm
|
|
||||||
update_cache: "{{ wireguard_update_cache }}"
|
|
||||||
|
|
||||||
- name: (CentOS 7) Install yum-plugin-elrepo
|
|
||||||
ansible.builtin.yum:
|
|
||||||
name: yum-plugin-elrepo
|
|
||||||
update_cache: "{{ wireguard_update_cache }}"
|
|
||||||
|
|
||||||
- name: (CentOS 7) Install WireGuard packages
|
|
||||||
ansible.builtin.yum:
|
|
||||||
name:
|
|
||||||
- "kmod-wireguard"
|
|
||||||
- "wireguard-tools"
|
|
||||||
state: present
|
|
||||||
register: wireguard__centos7_yum_updates
|
|
||||||
|
|
||||||
- name: (CentOS 7) Reboot Instance to update kernel
|
|
||||||
when:
|
|
||||||
- wireguard_centos7_standard_reboot
|
|
||||||
- wireguard__centos7_yum_updates.changed
|
|
||||||
ansible.builtin.reboot:
|
|
||||||
reboot_timeout: "{{ wireguard_centos7_standard_reboot_timeout }}"
|
|
||||||
|
|
||||||
- name: (CentOS 7) Ensure WireGuard DKMS package is removed
|
|
||||||
ansible.builtin.yum:
|
|
||||||
name:
|
|
||||||
- "wireguard-dkms"
|
|
||||||
state: absent
|
|
||||||
|
|
||||||
- name: (CentOS 7 - kernel-plus) Tasks for kernel-plus
|
|
||||||
when:
|
|
||||||
- wireguard_centos7_installation_method == "kernel-plus"
|
|
||||||
block:
|
|
||||||
- name: (CentOS 7) Install EPEL repository & yum utils
|
|
||||||
ansible.builtin.yum:
|
|
||||||
name:
|
|
||||||
- epel-release
|
|
||||||
- yum-utils
|
|
||||||
update_cache: "{{ wireguard_update_cache }}"
|
|
||||||
|
|
||||||
- name: (CentOS 7 - kernel-plus) Enable CentosPlus repo
|
|
||||||
ansible.builtin.command: yum-config-manager --setopt=centosplus.includepkgs=kernel-plus --enablerepo=centosplus --save
|
|
||||||
changed_when: false
|
|
||||||
|
|
||||||
- name: (CentOS 7 - kernel-plus) Update to kernel-plus
|
|
||||||
ansible.builtin.replace:
|
|
||||||
path: /etc/sysconfig/kernel
|
|
||||||
regexp: '^DEFAULTKERNEL=kernel$'
|
|
||||||
replace: 'DEFAULTKERNEL=kernel-plus'
|
|
||||||
|
|
||||||
- name: (CentOS 7 - kernel-plus) Install WireGuard packages
|
|
||||||
ansible.builtin.yum:
|
|
||||||
name:
|
|
||||||
- "kernel-plus"
|
|
||||||
- "wireguard-tools"
|
|
||||||
state: present
|
|
||||||
register: wireguard__centos7_yum_updates
|
|
||||||
|
|
||||||
- name: (CentOS 7 - kernel-plus) Reboot Instance to update kernel
|
|
||||||
when:
|
|
||||||
- wireguard_centos7_kernel_plus_reboot
|
|
||||||
- wireguard__centos7_yum_updates.changes is defined
|
|
||||||
- wireguard__centos7_yum_updates.changes.installed|flatten|select('regex', '^kernel-plus$') is any
|
|
||||||
ansible.builtin.reboot:
|
|
||||||
reboot_timeout: "{{ wireguard_centos7_kernel_plus_reboot_timeout }}"
|
|
@ -0,0 +1,19 @@
|
|||||||
|
---
|
||||||
|
- name: (CentOS) Add WireGuard repository
|
||||||
|
get_url:
|
||||||
|
url: https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo
|
||||||
|
dest: /etc/yum.repos.d/wireguard.repo
|
||||||
|
|
||||||
|
- name: (CentOS) Install EPEL repository
|
||||||
|
yum:
|
||||||
|
name: epel-release
|
||||||
|
update_cache: yes
|
||||||
|
|
||||||
|
- name: (CentOS) Install wireguard packages
|
||||||
|
yum:
|
||||||
|
name:
|
||||||
|
- "wireguard-dkms"
|
||||||
|
- "wireguard-tools"
|
||||||
|
state: present
|
||||||
|
tags:
|
||||||
|
- wg-install
|
@ -1,16 +0,0 @@
|
|||||||
---
|
|
||||||
# Copyright (C) 2021 Tobias Richter
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
|
|
||||||
- name: (Proxmox) Add WireGuard repository
|
|
||||||
ansible.builtin.apt_repository:
|
|
||||||
repo: "deb http://deb.debian.org/debian buster-backports main"
|
|
||||||
state: "{{ 'present' if (ansible_distribution_version | int <= 10) else 'absent' }}"
|
|
||||||
update_cache: "{{ wireguard_update_cache }}"
|
|
||||||
|
|
||||||
- name: (Proxmox lxc) Install wireguard-tools.
|
|
||||||
ansible.builtin.apt:
|
|
||||||
install_recommends: false
|
|
||||||
name:
|
|
||||||
- wireguard-tools
|
|
||||||
state: present
|
|
@ -1,23 +0,0 @@
|
|||||||
---
|
|
||||||
# Copyright (C) 2018-2022 Robert Wimmer
|
|
||||||
# Copyright (C) 2019-2020 Ties de Kock
|
|
||||||
# Copyright (C) 2021 Steve Fan
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
|
|
||||||
- name: (Proxmox) Add WireGuard repository
|
|
||||||
ansible.builtin.apt_repository:
|
|
||||||
repo: "deb http://deb.debian.org/debian buster-backports main"
|
|
||||||
state: "{{ 'present' if (ansible_distribution_version | int <= 10) else 'absent' }}"
|
|
||||||
update_cache: "{{ wireguard_update_cache }}"
|
|
||||||
|
|
||||||
- name: (Proxmox) Install kernel headers for the currently running kernel to compile WireGuard with DKMS
|
|
||||||
ansible.builtin.apt:
|
|
||||||
name:
|
|
||||||
- "pve-headers-{{ ansible_kernel }}"
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: (Proxmox) Install WireGuard packages
|
|
||||||
ansible.builtin.apt:
|
|
||||||
name:
|
|
||||||
- "wireguard"
|
|
||||||
state: present
|
|
@ -1,87 +0,0 @@
|
|||||||
---
|
|
||||||
# Copyright (C) 2020 Stefan Haun
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
|
|
||||||
# Note: This setup is called for Raspbian 10 (Buster) and lower.
|
|
||||||
# Since Raspbian 11 (Bullseye) wireguard is supported out
|
|
||||||
# of the box.
|
|
||||||
# Any Raspbian-related changes for Bullseye and above need to
|
|
||||||
# go to a separate playbook.
|
|
||||||
|
|
||||||
- name: (Raspbian) Install GPG - required to add WireGuard key
|
|
||||||
ansible.builtin.apt:
|
|
||||||
name: gnupg
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: (Raspbian) Add Debian repository keys
|
|
||||||
ansible.builtin.apt_key:
|
|
||||||
keyserver: "keyserver.ubuntu.com"
|
|
||||||
id: "{{ item }}"
|
|
||||||
state: present
|
|
||||||
when: ansible_lsb.id == "Raspbian"
|
|
||||||
with_items:
|
|
||||||
- "04EE7237B7D453EC"
|
|
||||||
- "648ACFD622F3D138"
|
|
||||||
|
|
||||||
- name: (Raspbian) Add Debian Buster Backports repository for WireGuard
|
|
||||||
ansible.builtin.apt_repository:
|
|
||||||
repo: "deb http://deb.debian.org/debian buster-backports main"
|
|
||||||
state: present
|
|
||||||
update_cache: "{{ wireguard_update_cache }}"
|
|
||||||
|
|
||||||
- name: (Raspbian) Install latest kernel
|
|
||||||
ansible.builtin.apt:
|
|
||||||
name:
|
|
||||||
- "raspberrypi-kernel"
|
|
||||||
state: latest # noqa package-latest
|
|
||||||
register: wireguard__register_kernel_update
|
|
||||||
|
|
||||||
- name: (Raspbian) Reboot after kernel update (Ansible >= 2.8)
|
|
||||||
ansible.builtin.reboot:
|
|
||||||
search_paths: ['/lib/molly-guard', '/usr/sbin', '/sbin']
|
|
||||||
when:
|
|
||||||
- ansible_version.full is version('2.8.0', '>=')
|
|
||||||
- wireguard__register_kernel_update is changed
|
|
||||||
|
|
||||||
- name: (Raspbian) Check if molly-guard is installed (Ansible < 2.8)
|
|
||||||
ansible.builtin.stat:
|
|
||||||
path: /lib/molly-guard/
|
|
||||||
register: wireguard__register_molly_guard
|
|
||||||
|
|
||||||
- name: (Raspbian) Reboot after kernel update (Ansible < 2.8, no molly-guard)
|
|
||||||
ansible.builtin.reboot:
|
|
||||||
when:
|
|
||||||
- ansible_version.full is version('2.8.0', '<')
|
|
||||||
- wireguard__register_kernel_update is changed
|
|
||||||
- not wireguard__register_molly_guard.stat.exists
|
|
||||||
|
|
||||||
- name: (Raspbian) Reboot after kernel update (Ansible < 2.8, with molly-guard)
|
|
||||||
ansible.builtin.command: /lib/molly-guard/shutdown -r now
|
|
||||||
async: 1
|
|
||||||
poll: 0
|
|
||||||
ignore_unreachable: true
|
|
||||||
changed_when: false
|
|
||||||
when:
|
|
||||||
- ansible_version.full is version('2.8.0', '<')
|
|
||||||
- wireguard__register_kernel_update is changed
|
|
||||||
- wireguard__register_molly_guard.stat.exists
|
|
||||||
|
|
||||||
- name: (Raspbian) Waiting for host to be available (Ansible < 2.8, with molly-guard)
|
|
||||||
ansible.builtin.wait_for_connection:
|
|
||||||
when:
|
|
||||||
- ansible_version.full is version('2.8.0', '<')
|
|
||||||
- wireguard__register_kernel_update is changed
|
|
||||||
- wireguard__register_molly_guard.stat.exists
|
|
||||||
|
|
||||||
- name: (Raspbian) Install latest kernel headers to compile Wireguard with DKMS
|
|
||||||
ansible.builtin.apt:
|
|
||||||
name:
|
|
||||||
- "raspberrypi-kernel-headers"
|
|
||||||
state: latest # noqa package-latest
|
|
||||||
|
|
||||||
- name: (Raspbian) Install WireGuard packages
|
|
||||||
ansible.builtin.apt:
|
|
||||||
name:
|
|
||||||
- "wireguard-dkms"
|
|
||||||
- "wireguard-tools"
|
|
||||||
state: present
|
|
@ -0,0 +1,93 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: (Raspbian) Install GPG - required to add wireguard key
|
||||||
|
apt:
|
||||||
|
name: gnupg
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: (Raspbian) Add Debian repository key
|
||||||
|
apt_key:
|
||||||
|
keyserver: "keyserver.ubuntu.com"
|
||||||
|
id: "04EE7237B7D453EC"
|
||||||
|
state: present
|
||||||
|
when: ansible_lsb.id == "Raspbian"
|
||||||
|
tags:
|
||||||
|
- wg-install
|
||||||
|
|
||||||
|
- name: (Raspbian) Add Debian Unstable repository for WireGuard
|
||||||
|
apt_repository:
|
||||||
|
repo: "deb http://deb.debian.org/debian unstable main"
|
||||||
|
state: present
|
||||||
|
update_cache: yes
|
||||||
|
tags:
|
||||||
|
- wg-install
|
||||||
|
|
||||||
|
- name: (Raspbian) Install latest kernel
|
||||||
|
apt:
|
||||||
|
name:
|
||||||
|
- "raspberrypi-kernel"
|
||||||
|
state: latest
|
||||||
|
register: kernel_update
|
||||||
|
tags:
|
||||||
|
- wg-install
|
||||||
|
|
||||||
|
- name: (Raspbian) Reboot after kernel update (Ansible >= 2.8)
|
||||||
|
reboot:
|
||||||
|
search_paths: ['/lib/molly-guard', '/usr/sbin']
|
||||||
|
when:
|
||||||
|
- ansible_version.full is version('2.8.0', '>=')
|
||||||
|
- kernel_update is changed
|
||||||
|
tags:
|
||||||
|
- wg-install
|
||||||
|
|
||||||
|
- name: (Raspbian) Check if molly-guard is installed (Ansible < 2.8)
|
||||||
|
stat:
|
||||||
|
path: /lib/molly-guard/
|
||||||
|
register: molly_guard
|
||||||
|
|
||||||
|
- name: (Raspbian) Reboot after kernel update (Ansible < 2.8, no molly-guard)
|
||||||
|
reboot:
|
||||||
|
when:
|
||||||
|
- ansible_version.full is version('2.8.0', '<')
|
||||||
|
- kernel_update is changed
|
||||||
|
- not molly_guard.stat.exists
|
||||||
|
tags:
|
||||||
|
- wg-install
|
||||||
|
|
||||||
|
- name: (Raspbian) Reboot after kernel update (Ansible < 2.8, with molly-guard)
|
||||||
|
command: /lib/molly-guard/shutdown -r now
|
||||||
|
async: 1
|
||||||
|
poll: 0
|
||||||
|
ignore_unreachable: yes
|
||||||
|
when:
|
||||||
|
- ansible_version.full is version('2.8.0', '<')
|
||||||
|
- kernel_update is changed
|
||||||
|
- molly_guard.stat.exists
|
||||||
|
tags:
|
||||||
|
- wg-install
|
||||||
|
|
||||||
|
- name: (Raspbian) Waiting for host to be available (Ansible < 2.8, with molly-guard)
|
||||||
|
wait_for_connection:
|
||||||
|
when:
|
||||||
|
- ansible_version.full is version('2.8.0', '<')
|
||||||
|
- kernel_update is changed
|
||||||
|
- molly_guard.stat.exists
|
||||||
|
tags:
|
||||||
|
- wg-install
|
||||||
|
|
||||||
|
- name: (Raspbian) Install latest kernel headers to compile Wireguard with DKMS
|
||||||
|
apt:
|
||||||
|
name:
|
||||||
|
- "raspberrypi-kernel-headers"
|
||||||
|
state: latest
|
||||||
|
tags:
|
||||||
|
- wg-install
|
||||||
|
|
||||||
|
- name: (Raspbian) Install wireguard packages
|
||||||
|
apt:
|
||||||
|
name:
|
||||||
|
- "wireguard-dkms"
|
||||||
|
- "wireguard-tools"
|
||||||
|
state: present
|
||||||
|
tags:
|
||||||
|
- wg-install
|
@ -1,11 +1,37 @@
|
|||||||
---
|
---
|
||||||
# Copyright (C) 2018-2022 Robert Wimmer
|
- name: (Debian) Install GPG - required to add wireguard key
|
||||||
# Copyright (C) 2019-2020 Ties de Kock
|
apt:
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
name: gnupg
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: (Debian) Add WireGuard repository on buster or earlier
|
||||||
|
apt_repository:
|
||||||
|
repo: "deb http://deb.debian.org/debian buster-backports main"
|
||||||
|
state: present
|
||||||
|
update_cache: yes
|
||||||
|
when: ansible_distribution_version | int <= 10
|
||||||
|
tags:
|
||||||
|
- wg-install
|
||||||
|
|
||||||
|
- name: (Debian) Get architecture
|
||||||
|
command: "dpkg --print-architecture"
|
||||||
|
register: dpkg_arch
|
||||||
|
changed_when: False
|
||||||
|
|
||||||
|
- set_fact:
|
||||||
|
kernel_header_version: "{{ ('-cloud-' in ansible_kernel) | ternary(ansible_kernel,dpkg_arch.stdout) }}"
|
||||||
|
|
||||||
|
- name: (Debian) Install kernel headers to compile Wireguard with DKMS
|
||||||
|
apt:
|
||||||
|
name:
|
||||||
|
- "linux-headers-{{ kernel_header_version }}"
|
||||||
|
state: present
|
||||||
|
|
||||||
- name: (Debian) Install WireGuard packages
|
- name: (Debian) Install wireguard packages
|
||||||
ansible.builtin.apt:
|
apt:
|
||||||
name:
|
name:
|
||||||
- "wireguard"
|
- "wireguard-dkms"
|
||||||
|
- "wireguard-tools"
|
||||||
state: present
|
state: present
|
||||||
update_cache: "{{ wireguard_update_cache }}"
|
tags:
|
||||||
|
- wg-install
|
||||||
|
@ -1,51 +1,8 @@
|
|||||||
---
|
---
|
||||||
# Copyright (C) 2020 Stefan Haun
|
|
||||||
# Copyright (C) 2021 Steve Fan
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
|
|
||||||
- name: Setup for Raspbian
|
- include_tasks: "setup-debian-raspbian.yml"
|
||||||
ansible.builtin.include_tasks:
|
when: ansible_lsb.id == "Raspbian"
|
||||||
file: "setup-debian-raspbian-buster.yml"
|
register: raspbian_setup
|
||||||
apply:
|
|
||||||
tags:
|
|
||||||
- wg-install
|
|
||||||
when:
|
|
||||||
- ansible_lsb.id is defined
|
|
||||||
- ansible_lsb.id == "Raspbian"
|
|
||||||
- ansible_lsb.major_release is version('11', '<')
|
|
||||||
register: wireguard__register_raspbian_setup
|
|
||||||
|
|
||||||
- name: Setup for Proxmox VE variants
|
- include_tasks: "setup-debian-vanilla.yml"
|
||||||
when:
|
when: raspbian_setup is skipped
|
||||||
- ansible_kernel.find("pve") != -1
|
|
||||||
block:
|
|
||||||
- name: Setup Proxmox VE host
|
|
||||||
ansible.builtin.include_tasks:
|
|
||||||
file: "setup-debian-pve-host-variant.yml"
|
|
||||||
apply:
|
|
||||||
tags:
|
|
||||||
- wg-install
|
|
||||||
when:
|
|
||||||
- ansible_virtualization_role == "host"
|
|
||||||
register: wireguard__register_pve_host_variant_setup
|
|
||||||
|
|
||||||
- name: Setup Proxmox VE guest
|
|
||||||
ansible.builtin.include_tasks:
|
|
||||||
file: "setup-debian-pve-guest-variant.yml"
|
|
||||||
apply:
|
|
||||||
tags:
|
|
||||||
- wg-install
|
|
||||||
when:
|
|
||||||
- ansible_virtualization_role == "guest"
|
|
||||||
register: wireguard__register_pve_guest_variant_setup
|
|
||||||
|
|
||||||
- name: Setup for Debian
|
|
||||||
ansible.builtin.include_tasks:
|
|
||||||
file: "setup-debian-vanilla.yml"
|
|
||||||
apply:
|
|
||||||
tags:
|
|
||||||
- wg-install
|
|
||||||
when:
|
|
||||||
- wireguard__register_raspbian_setup is skipped
|
|
||||||
- wireguard__register_pve_guest_variant_setup is skipped
|
|
||||||
- wireguard__register_pve_host_variant_setup is skipped
|
|
||||||
|
@ -1,13 +0,0 @@
|
|||||||
---
|
|
||||||
# Copyright (C) 2022 Robert Wimmer
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
|
|
||||||
- name: (elementary OS) Update APT package cache
|
|
||||||
ansible.builtin.apt:
|
|
||||||
update_cache: "{{ wireguard_ubuntu_update_cache }}"
|
|
||||||
cache_valid_time: "{{ wireguard_ubuntu_cache_valid_time }}"
|
|
||||||
|
|
||||||
- name: (elementary OS) Install wireguard package
|
|
||||||
ansible.builtin.apt:
|
|
||||||
name: "wireguard"
|
|
||||||
state: present
|
|
@ -1,11 +1,17 @@
|
|||||||
---
|
---
|
||||||
# Copyright (C) 2020 Ties de Kock
|
- name: (Fedora) Add wireguard COPR
|
||||||
# Copyright (C) 2023 Robert Wimmer
|
yum_repository:
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
name: "jdoss-wireguard"
|
||||||
|
description: "Copr repo for wireguard owned by jdoss"
|
||||||
|
baseurl: "https://copr-be.cloud.fedoraproject.org/results/jdoss/wireguard/fedora-$releasever-$basearch/"
|
||||||
|
gpgkey: "https://copr-be.cloud.fedoraproject.org/results/jdoss/wireguard/pubkey.gpg"
|
||||||
|
gpgcheck: yes
|
||||||
|
|
||||||
- name: (Fedora) Install WireGuard packages
|
- name: (Fedora) Install wireguard packages
|
||||||
ansible.builtin.yum:
|
yum:
|
||||||
name:
|
name:
|
||||||
|
- "wireguard-dkms"
|
||||||
- "wireguard-tools"
|
- "wireguard-tools"
|
||||||
state: present
|
state: present
|
||||||
update_cache: "{{ wireguard_update_cache }}"
|
tags:
|
||||||
|
- wg-install
|
||||||
|
@ -1,14 +0,0 @@
|
|||||||
---
|
|
||||||
# Copyright (C) 2020 Ruben Di Battista
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
|
|
||||||
- name: (MacOS) Install wireguard package
|
|
||||||
ansible.builtin.package:
|
|
||||||
name: wireguard-go
|
|
||||||
state: present
|
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: (MacOS) Install wireguard-tools package
|
|
||||||
ansible.builtin.package:
|
|
||||||
name: wireguard-tools
|
|
||||||
state: present
|
|
@ -1,10 +0,0 @@
|
|||||||
---
|
|
||||||
# Copyright (C) 2020-2022 Robert Wimmer
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
|
|
||||||
- name: (openSUSE Leap) Install WireGuard packages
|
|
||||||
community.general.zypper:
|
|
||||||
name:
|
|
||||||
- "wireguard-tools"
|
|
||||||
state: present
|
|
||||||
update_cache: "{{ wireguard_update_cache }}"
|
|
@ -1,8 +0,0 @@
|
|||||||
---
|
|
||||||
# Copyright (C) 2022 Masahiro Koga
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
|
|
||||||
- name: (OracleLinux) Install wireguard-tools package
|
|
||||||
ansible.builtin.yum:
|
|
||||||
name: wireguard-tools
|
|
||||||
state: present
|
|
@ -1,56 +0,0 @@
|
|||||||
---
|
|
||||||
# Copyright (C) 2021-2022 Robert Wimmer
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
|
|
||||||
- name: (Rocky Linux 8) Tasks for standard kernel
|
|
||||||
when:
|
|
||||||
- wireguard_rockylinux8_installation_method == "standard"
|
|
||||||
block:
|
|
||||||
- name: (Rocky Linux 8) Install EPEL & ELRepo repository
|
|
||||||
ansible.builtin.yum:
|
|
||||||
name:
|
|
||||||
- epel-release
|
|
||||||
- elrepo-release
|
|
||||||
update_cache: "{{ wireguard_update_cache }}"
|
|
||||||
|
|
||||||
- name: (Rocky Linux 8) Ensure WireGuard DKMS package is removed
|
|
||||||
ansible.builtin.yum:
|
|
||||||
name:
|
|
||||||
- "wireguard-dkms"
|
|
||||||
state: absent
|
|
||||||
|
|
||||||
- name: (Rocky Linux 8) Install WireGuard packages
|
|
||||||
ansible.builtin.yum:
|
|
||||||
name:
|
|
||||||
- "kmod-wireguard"
|
|
||||||
- "wireguard-tools"
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: (Rocky Linux 8) Tasks for non-standard kernel
|
|
||||||
when:
|
|
||||||
- wireguard_rockylinux8_installation_method == "dkms"
|
|
||||||
block:
|
|
||||||
- name: (Rocky Linux 8) Install jdoss/wireguard COPR repository
|
|
||||||
community.general.copr:
|
|
||||||
state: enabled
|
|
||||||
name: jdoss/wireguard
|
|
||||||
chroot: epel-8-{{ ansible_architecture }}
|
|
||||||
|
|
||||||
- name: (Rocky Linux 8) Install EPEL repository
|
|
||||||
ansible.builtin.yum:
|
|
||||||
name:
|
|
||||||
- epel-release
|
|
||||||
update_cache: "{{ wireguard_update_cache }}"
|
|
||||||
|
|
||||||
- name: (Rocky Linux 8) Ensure WireGuard KMOD package is removed
|
|
||||||
ansible.builtin.yum:
|
|
||||||
name:
|
|
||||||
- "kmod-wireguard"
|
|
||||||
state: absent
|
|
||||||
|
|
||||||
- name: (Rocky Linux 8) Install WireGuard packages
|
|
||||||
ansible.builtin.yum:
|
|
||||||
name:
|
|
||||||
- "wireguard-dkms"
|
|
||||||
- "wireguard-tools"
|
|
||||||
state: present
|
|
@ -1,9 +0,0 @@
|
|||||||
---
|
|
||||||
# Copyright (C) 2022 Robert Wimmer
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
|
|
||||||
- name: (Rocky Linux) Install wireguard-tools package
|
|
||||||
ansible.builtin.yum:
|
|
||||||
name: wireguard-tools
|
|
||||||
state: present
|
|
||||||
update_cache: "{{ wireguard_update_cache }}"
|
|
@ -1,32 +1,48 @@
|
|||||||
---
|
---
|
||||||
# Copyright (C) 2018-2022 Robert Wimmer
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
|
|
||||||
- name: (Ubuntu) Update APT package cache
|
- name: (Ubuntu) Update APT package cache
|
||||||
ansible.builtin.apt:
|
apt:
|
||||||
update_cache: "{{ wireguard_ubuntu_update_cache }}"
|
update_cache: "{{ wireguard_ubuntu_update_cache }}"
|
||||||
cache_valid_time: "{{ wireguard_ubuntu_cache_valid_time }}"
|
cache_valid_time: "{{ wireguard_ubuntu_cache_valid_time }}"
|
||||||
|
tags:
|
||||||
|
- wg-install
|
||||||
|
|
||||||
- name: (Ubuntu) Tasks for Ubuntu < 19.10
|
- block:
|
||||||
when:
|
|
||||||
- ansible_lsb.major_release is version('19.10', '<')
|
|
||||||
block:
|
|
||||||
- name: (Ubuntu) Install support packages needed for Wireguard (for Ubuntu < 19.10)
|
- name: (Ubuntu) Install support packages needed for Wireguard (for Ubuntu < 19.10)
|
||||||
ansible.builtin.package:
|
package:
|
||||||
name: "{{ packages }}"
|
name: "{{ packages }}"
|
||||||
state: present
|
state: present
|
||||||
vars:
|
vars:
|
||||||
packages:
|
packages:
|
||||||
- software-properties-common
|
- software-properties-common
|
||||||
- linux-headers-{{ ansible_kernel }}
|
- linux-headers-{{ ansible_kernel }}
|
||||||
|
tags:
|
||||||
|
- wg-install
|
||||||
|
|
||||||
|
- name: (Ubuntu) Add WireGuard repository (for Ubuntu < 19.10)
|
||||||
|
apt_repository:
|
||||||
|
repo: "ppa:wireguard/wireguard"
|
||||||
|
state: present
|
||||||
|
update_cache: yes
|
||||||
|
tags:
|
||||||
|
- wg-install
|
||||||
|
|
||||||
- name: (Ubuntu) Ensure WireGuard DKMS package is removed
|
- name: (Ubuntu) Install wireguard packages (for Ubuntu < 19.10)
|
||||||
ansible.builtin.apt:
|
apt:
|
||||||
name:
|
name:
|
||||||
- "wireguard-dkms"
|
- "wireguard-dkms"
|
||||||
state: absent
|
- "wireguard-tools"
|
||||||
|
state: present
|
||||||
|
tags:
|
||||||
|
- wg-install
|
||||||
|
when:
|
||||||
|
- ansible_lsb.major_release is version('19.10', '<')
|
||||||
|
|
||||||
- name: (Ubuntu) Install wireguard package
|
- block:
|
||||||
ansible.builtin.apt:
|
- name: (Ubuntu) Install wireguard-tools package (for Ubuntu > 19.04)
|
||||||
name: "wireguard"
|
apt:
|
||||||
|
name: "wireguard-tools"
|
||||||
state: present
|
state: present
|
||||||
|
tags:
|
||||||
|
- wg-install
|
||||||
|
when:
|
||||||
|
- ansible_lsb.major_release is version('19.04', '>')
|
||||||
|
@ -1,123 +0,0 @@
|
|||||||
#jinja2: lstrip_blocks:"True",trim_blocks:"True"
|
|
||||||
{# Copyright (C) 2018-2022 Robert Wimmer
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
||||||
#}
|
|
||||||
# {{ ansible_managed }}
|
|
||||||
|
|
||||||
[Interface]
|
|
||||||
# {{ inventory_hostname }}
|
|
||||||
{% if wireguard_address is defined %}
|
|
||||||
Address = {{ wireguard_address }}
|
|
||||||
{% endif %}
|
|
||||||
{% if wireguard_addresses is defined %}
|
|
||||||
{% for wg_addr in wireguard_addresses %}
|
|
||||||
Address = {{ wg_addr }}
|
|
||||||
{% endfor %}
|
|
||||||
{% endif %}
|
|
||||||
PrivateKey = {{ wireguard_private_key }}
|
|
||||||
ListenPort = {{ wireguard_port }}
|
|
||||||
{% if wireguard_dns is defined %}
|
|
||||||
DNS = {{ wireguard_dns }}
|
|
||||||
{% endif %}
|
|
||||||
{% if wireguard_fwmark is defined %}
|
|
||||||
FwMark = {{ wireguard_fwmark }}
|
|
||||||
{% endif %}
|
|
||||||
{% if wireguard_mtu is defined %}
|
|
||||||
MTU = {{ wireguard_mtu }}
|
|
||||||
{% endif %}
|
|
||||||
{% if wireguard_table is defined %}
|
|
||||||
Table = {{ wireguard_table }}
|
|
||||||
{% endif %}
|
|
||||||
{% if wireguard_preup is defined %}
|
|
||||||
{% for wg_preup in wireguard_preup %}
|
|
||||||
PreUp = {{ wg_preup }}
|
|
||||||
{% endfor %}
|
|
||||||
{% endif %}
|
|
||||||
{% if wireguard_postup is defined %}
|
|
||||||
{% for wg_postup in wireguard_postup %}
|
|
||||||
PostUp = {{ wg_postup }}
|
|
||||||
{% endfor %}
|
|
||||||
{% endif %}
|
|
||||||
{% if wireguard_predown is defined %}
|
|
||||||
{% for wg_predown in wireguard_predown %}
|
|
||||||
PreDown = {{ wg_predown }}
|
|
||||||
{% endfor %}
|
|
||||||
{% endif %}
|
|
||||||
{% if wireguard_postdown is defined %}
|
|
||||||
{% for wg_postdown in wireguard_postdown %}
|
|
||||||
PostDown = {{ wg_postdown }}
|
|
||||||
{% endfor %}
|
|
||||||
{% endif %}
|
|
||||||
{% if wireguard_save_config is defined %}
|
|
||||||
SaveConfig = {{ wireguard_save_config }}
|
|
||||||
{% endif %}
|
|
||||||
{% for host in ansible_play_hosts %}
|
|
||||||
{% if host != inventory_hostname %}
|
|
||||||
|
|
||||||
[Peer]
|
|
||||||
# {{ host }}
|
|
||||||
PublicKey = {{hostvars[host].wireguard__fact_public_key}}
|
|
||||||
{% if hostvars[host].wireguard_allowed_ips is defined %}
|
|
||||||
AllowedIPs = {{hostvars[host].wireguard_allowed_ips}}
|
|
||||||
{% else %}
|
|
||||||
{% if wireguard_address is defined %}
|
|
||||||
AllowedIPs = {{ hostvars[host].wireguard_address.split('/')[0] }}/32
|
|
||||||
{% endif %}
|
|
||||||
{% if wireguard_addresses is defined %}
|
|
||||||
{% for wg_addr in hostvars[host].wireguard_addresses %}
|
|
||||||
{% if (wg_addr | ansible.utils.ipv4) %}
|
|
||||||
AllowedIPs = {{ wg_addr.split('/')[0] }}/32
|
|
||||||
{% elif (wg_addr | ansible.utils.ipv6) %}
|
|
||||||
AllowedIPs = {{ wg_addr.split('/')[0] }}/128
|
|
||||||
{% endif %}
|
|
||||||
{% endfor %}
|
|
||||||
{% endif %}
|
|
||||||
{% endif %}
|
|
||||||
{% if hostvars[host].wireguard_persistent_keepalive is defined %}
|
|
||||||
PersistentKeepalive = {{hostvars[host].wireguard_persistent_keepalive}}
|
|
||||||
{% endif %}
|
|
||||||
{% if (
|
|
||||||
hostvars[host].wireguard_dc is defined and
|
|
||||||
wireguard_dc is defined and
|
|
||||||
wireguard_dc['name'] != hostvars[host].wireguard_dc['name']
|
|
||||||
)
|
|
||||||
%}
|
|
||||||
Endpoint = {{hostvars[host].wireguard_dc['endpoint']}}:{{hostvars[host].wireguard_dc['port']}}
|
|
||||||
{% elif hostvars[host].wireguard_port is defined %}
|
|
||||||
{% if hostvars[host].wireguard_endpoint is defined and hostvars[host].wireguard_endpoint != "" %}
|
|
||||||
Endpoint = {{hostvars[host].wireguard_endpoint}}:{{hostvars[host].wireguard_port}}
|
|
||||||
{% else %}
|
|
||||||
Endpoint = {{host}}:{{hostvars[host].wireguard_port}}
|
|
||||||
{% endif %}
|
|
||||||
{% elif hostvars[host].wireguard_endpoint is defined %}
|
|
||||||
{% if hostvars[host].wireguard_endpoint != "" %}
|
|
||||||
Endpoint = {{hostvars[host].wireguard_endpoint}}:{{wireguard_port}}
|
|
||||||
{% else %}
|
|
||||||
# No endpoint defined for this peer
|
|
||||||
{% endif %}
|
|
||||||
{% else %}
|
|
||||||
Endpoint = {{host}}:{{wireguard_port}}
|
|
||||||
{% endif %}
|
|
||||||
{% endif %}
|
|
||||||
{% endfor %}
|
|
||||||
{% if wireguard_unmanaged_peers is defined %}
|
|
||||||
|
|
||||||
# Peers not managed by Ansible from "wireguard_unmanaged_peers" variable
|
|
||||||
{% for peer in wireguard_unmanaged_peers.keys() %}
|
|
||||||
[Peer]
|
|
||||||
# {{ peer }}
|
|
||||||
PublicKey = {{ wireguard_unmanaged_peers[peer].public_key }}
|
|
||||||
{% if wireguard_unmanaged_peers[peer].preshared_key is defined %}
|
|
||||||
PresharedKey = {{ wireguard_unmanaged_peers[peer].preshared_key }}
|
|
||||||
{% endif %}
|
|
||||||
{% if wireguard_unmanaged_peers[peer].allowed_ips is defined %}
|
|
||||||
AllowedIPs = {{ wireguard_unmanaged_peers[peer].allowed_ips }}
|
|
||||||
{% endif %}
|
|
||||||
{% if wireguard_unmanaged_peers[peer].endpoint is defined %}
|
|
||||||
Endpoint = {{ wireguard_unmanaged_peers[peer].endpoint }}
|
|
||||||
{% endif %}
|
|
||||||
{% if wireguard_unmanaged_peers[peer].persistent_keepalive is defined %}
|
|
||||||
PersistentKeepalive = {{ wireguard_unmanaged_peers[peer].persistent_keepalive }}
|
|
||||||
{% endif %}
|
|
||||||
{% endfor %}
|
|
||||||
{% endif %}
|
|
@ -0,0 +1,70 @@
|
|||||||
|
#jinja2: lstrip_blocks:"True",trim_blocks:"True"
|
||||||
|
[Interface]
|
||||||
|
# {{ inventory_hostname }}
|
||||||
|
Address = {{hostvars[inventory_hostname].wireguard_address}}
|
||||||
|
PrivateKey = {{private_key}}
|
||||||
|
ListenPort = {{wireguard_port}}
|
||||||
|
{% if hostvars[inventory_hostname].wireguard_dns is defined %}
|
||||||
|
DNS = {{hostvars[inventory_hostname].wireguard_dns}}
|
||||||
|
{% endif %}
|
||||||
|
{% if hostvars[inventory_hostname].wireguard_fwmark is defined %}
|
||||||
|
FwMark = {{hostvars[inventory_hostname].wireguard_fwmark}}
|
||||||
|
{% endif %}
|
||||||
|
{% if hostvars[inventory_hostname].wireguard_mtu is defined %}
|
||||||
|
MTU = {{hostvars[inventory_hostname].wireguard_mtu}}
|
||||||
|
{% endif %}
|
||||||
|
{% if hostvars[inventory_hostname].wireguard_table is defined %}
|
||||||
|
Table = {{hostvars[inventory_hostname].wireguard_table}}
|
||||||
|
{% endif %}
|
||||||
|
{% if hostvars[inventory_hostname].wireguard_preup is defined %}
|
||||||
|
{% for wg_preup in hostvars[inventory_hostname].wireguard_preup %}
|
||||||
|
PreUp = {{ wg_preup }}
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
{% if hostvars[inventory_hostname].wireguard_predown is defined %}
|
||||||
|
{% for wg_predown in hostvars[inventory_hostname].wireguard_predown %}
|
||||||
|
PreDown = {{ wg_predown }}
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
{% if hostvars[inventory_hostname].wireguard_postup is defined %}
|
||||||
|
{% for wg_postup in hostvars[inventory_hostname].wireguard_postup %}
|
||||||
|
PostUp = {{ wg_postup }}
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
{% if hostvars[inventory_hostname].wireguard_postdown is defined %}
|
||||||
|
{% for wg_postdown in hostvars[inventory_hostname].wireguard_postdown %}
|
||||||
|
PostDown = {{ wg_postdown }}
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
{% if hostvars[inventory_hostname].wireguard_save_config is defined %}
|
||||||
|
SaveConfig = true
|
||||||
|
{% endif %}
|
||||||
|
{% for host in ansible_play_hosts %}
|
||||||
|
{% if host != inventory_hostname %}
|
||||||
|
|
||||||
|
[Peer]
|
||||||
|
# {{ host }}
|
||||||
|
PublicKey = {{hostvars[host].public_key}}
|
||||||
|
{% if hostvars[host].wireguard_allowed_ips is defined %}
|
||||||
|
AllowedIPs = {{hostvars[host].wireguard_allowed_ips}}
|
||||||
|
{% else %}
|
||||||
|
AllowedIPs = {{hostvars[host].wireguard_ip}}/32
|
||||||
|
{% endif %}
|
||||||
|
{% if hostvars[host].wireguard_persistent_keepalive is defined %}
|
||||||
|
PersistentKeepalive = {{hostvars[host].wireguard_persistent_keepalive}}
|
||||||
|
{% endif %}
|
||||||
|
{% if hostvars[host].wireguard_port is defined and hostvars[host].wireguard_port is number %}
|
||||||
|
{% if hostvars[host].wireguard_endpoint is defined and hostvars[host].wireguard_endpoint != "" %}
|
||||||
|
Endpoint = {{hostvars[host].wireguard_endpoint}}:{{hostvars[host].wireguard_port}}
|
||||||
|
{% else %}
|
||||||
|
Endpoint = {{host}}:{{hostvars[host].wireguard_port}}
|
||||||
|
{% endif %}
|
||||||
|
{% elif hostvars[host].wireguard_endpoint is defined and hostvars[host].wireguard_endpoint != "" %}
|
||||||
|
Endpoint = {{hostvars[host].wireguard_endpoint}}:{{wireguard_port}}
|
||||||
|
{% elif hostvars[host].wireguard_endpoint == "" %}
|
||||||
|
# No endpoint defined for this peer
|
||||||
|
{% else %}
|
||||||
|
Endpoint = {{host}}:{{wireguard_port}}
|
||||||
|
{% endif %}
|
||||||
|
{% endif %}
|
||||||
|
{% endfor %}
|
@ -0,0 +1,4 @@
|
|||||||
|
wireguard_address: "10.8.0.11"
|
||||||
|
wireguard_port: "51820"
|
||||||
|
wireguard_dns: "1.1.1.1"
|
||||||
|
wireguard_mtu: "1492"
|
@ -0,0 +1,4 @@
|
|||||||
|
wireguard_address: "10.8.0.10"
|
||||||
|
wireguard_port: "51820"
|
||||||
|
wireguard_dns: "1.1.1.1"
|
||||||
|
wireguard_mtu: "1492"
|
Loading…
Reference in New Issue