Compare commits
87 Commits
unmanaged-
...
master
Author | SHA1 | Date |
---|---|---|
Robert Wimmer | 34d33d5ffe | 2 years ago |
cola-zero | b844de89c4 | 2 years ago |
githubixx | 8a3fad9859 | 2 years ago |
githubixx | 4e6c265663 | 2 years ago |
githubixx | 65b7567414 | 2 years ago |
githubixx | e621ba4b9f | 2 years ago |
githubixx | 053f187100 | 2 years ago |
githubixx | 4d51195462 | 2 years ago |
githubixx | dabf45c78b | 2 years ago |
githubixx | ada56ca65b | 2 years ago |
githubixx | 7fbb316965 | 2 years ago |
githubixx | 9f8e446ff1 | 2 years ago |
Robert Wimmer | 0cd8d01fb3 | 2 years ago |
mofelee | c58f736e32 | 2 years ago |
Sebastian Wagner | 314fec5248 | 2 years ago |
Robert Wimmer | c6159d4205 | 2 years ago |
Mathéo Cimbaro | 5205445786 | 2 years ago |
Mathéo Cimbaro | dd64b7bf2a | 2 years ago |
Robert Wimmer | 4631fbdc06 | 2 years ago |
Robert Wimmer | f6a6e4680a | 2 years ago |
Robert Wimmer | f4573c5e8f | 2 years ago |
Robert Wimmer | 3821005839 | 2 years ago |
Robert Wimmer | fad7b1d7b0 | 3 years ago |
Robert Wimmer | 8d395dd014 | 3 years ago |
Andrew Johnson | f624b439e6 | 3 years ago |
Robert Wimmer | 4e5adac691 | 3 years ago |
Stefan Haun | 434fe955ca | 3 years ago |
Robert Wimmer | 6b5fbe8b32 | 3 years ago |
gitouche | 59651ccb2a | 3 years ago |
Robert Wimmer | 2b3c878715 | 3 years ago |
Robert Wimmer | d0df49bbfa | 3 years ago |
Chazza | 6129398453 | 3 years ago |
Robert Wimmer | ac98583ab5 | 3 years ago |
Anes Belfodil | 840f56262d | 3 years ago |
Felix Mai | c4a5677f72 | 3 years ago |
Tobias Richter | 5caaea2047 | 3 years ago |
Robert Wimmer | 5f5320010f | 3 years ago |
John Potter | 4626475a9c | 3 years ago |
Robert Wimmer | 692cce2f55 | 3 years ago |
Robert Wimmer | 527c9ae967 | 3 years ago |
Robert Wimmer | 027eaa99f7 | 3 years ago |
Jan Gaßner | 871d1e4497 | 3 years ago |
Robert Wimmer | 57340b6c06 | 4 years ago |
tjend | 2d6e36572b | 4 years ago |
Robert Wimmer | 5178a9a097 | 4 years ago |
Jamison Lofthouse | a41231675f | 4 years ago |
Robert Wimmer | 663d3b9a5f | 4 years ago |
Robert Wimmer | 364b1fe4f0 | 4 years ago |
Maxim Burgerhout | 0c6c1b8b80 | 4 years ago |
leggewie | bb77be4d97 | 4 years ago |
Robert Wimmer | 4c21076cb2 | 4 years ago |
Stefan Haun | 5c0014aa62 | 4 years ago |
Robert Wimmer | 05fd811928 | 4 years ago |
Julien Reichardt | c0e3e13e0a | 4 years ago |
Robert Wimmer | 65e94eaebb | 4 years ago |
Robin Schneider | db8bec1b0a | 4 years ago |
githubixx | c009cac619 | 4 years ago |
Robert Wimmer | 51cbca51b5 | 4 years ago |
Ruben Di Battista | 47885d8db9 | 4 years ago |
Robert Wimmer | 4db85a4fda | 4 years ago |
Robin Schneider | 0eac8789aa | 4 years ago |
Robert Wimmer | fbf47d2a13 | 4 years ago |
Robin Schneider | cc0c5751b6 | 4 years ago |
Robin Schneider | 739c9de73e | 4 years ago |
Robin Schneider | 3362f1c2fc | 4 years ago |
Robin Schneider | 132c59521a | 4 years ago |
Robin Schneider | a27f805d2d | 4 years ago |
Robin Schneider | 2309abf09e | 4 years ago |
Robin Schneider | c1049ab647 | 4 years ago |
Robin Schneider | 5d68b0f97f | 4 years ago |
Robin Schneider | 8b1ae7d4c2 | 4 years ago |
Robin Schneider | e7588cd047 | 4 years ago |
Robin Schneider | 81c371c6a2 | 4 years ago |
Robin Schneider | a56a4d6600 | 4 years ago |
Robin Schneider | 713a7683ef | 4 years ago |
Robin Schneider | 3531334281 | 4 years ago |
Robin Schneider | c4a21dd0ef | 4 years ago |
Robin Schneider | 7a1af464b1 | 4 years ago |
Robin Schneider | f3c590665d | 4 years ago |
Robin Schneider | eb6a54a0a7 | 4 years ago |
Robert Wimmer | 4082794706 | 4 years ago |
Ruben Di Battista | 3ef759edbb | 4 years ago |
Robert Wimmer | e9e95f80e0 | 4 years ago |
Gabriel Vîjială | f35670a0e4 | 4 years ago |
Joonas Kuorilehto | ee456757ed | 4 years ago |
Joonas Kuorilehto | f07cab4243 | 4 years ago |
Roman Danko | c1f413f966 | 4 years ago |
@ -0,0 +1,39 @@
|
|||||||
|
---
|
||||||
|
# This workflow requires a GALAXY_API_KEY secret present in the GitHub
|
||||||
|
# repository or organization.
|
||||||
|
#
|
||||||
|
# See: https://github.com/marketplace/actions/publish-ansible-role-to-galaxy
|
||||||
|
# See: https://github.com/ansible/galaxy/issues/46
|
||||||
|
|
||||||
|
name: Release
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
tags:
|
||||||
|
- '*'
|
||||||
|
|
||||||
|
defaults:
|
||||||
|
run:
|
||||||
|
working-directory: 'githubixx.ansible_role_wireguard'
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
release:
|
||||||
|
name: Release
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- name: Check out the codebase.
|
||||||
|
uses: actions/checkout@v2
|
||||||
|
with:
|
||||||
|
path: 'githubixx.ansible_role_wireguard'
|
||||||
|
|
||||||
|
- name: Set up Python 3.
|
||||||
|
uses: actions/setup-python@v2
|
||||||
|
with:
|
||||||
|
python-version: '3.x'
|
||||||
|
|
||||||
|
- name: Install Ansible.
|
||||||
|
run: pip3 install ansible-core
|
||||||
|
|
||||||
|
- name: Trigger a new import on Galaxy.
|
||||||
|
run: >-
|
||||||
|
ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }}
|
||||||
|
$(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2)
|
@ -0,0 +1,4 @@
|
|||||||
|
# Copyright (C) 2018-2022 Robert Wimmer
|
||||||
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||||
|
|
||||||
|
molecule/kvm/.vagrant
|
@ -0,0 +1,10 @@
|
|||||||
|
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
|
||||||
|
Upstream-Name: ansible-role-wireguard
|
||||||
|
Upstream-Contact: Robert Wimmer <>
|
||||||
|
Source: https://github.com/githubixx/ansible-role-wireguard
|
||||||
|
|
||||||
|
# Sample paragraph, commented out:
|
||||||
|
#
|
||||||
|
# Files: src/*
|
||||||
|
# Copyright: $YEAR $NAME <$CONTACT>
|
||||||
|
# License: ...
|
@ -0,0 +1,9 @@
|
|||||||
|
---
|
||||||
|
extends: default
|
||||||
|
|
||||||
|
rules:
|
||||||
|
line-length:
|
||||||
|
max: 150
|
||||||
|
level: warning
|
||||||
|
|
||||||
|
comments-indentation: disable
|
@ -0,0 +1,625 @@
|
|||||||
|
GNU GENERAL PUBLIC LICENSE
|
||||||
|
|
||||||
|
Version 3, 29 June 2007
|
||||||
|
|
||||||
|
Copyright © 2007 Free Software Foundation, Inc. <https://fsf.org/>
|
||||||
|
|
||||||
|
Everyone is permitted to copy and distribute verbatim copies of this license
|
||||||
|
document, but changing it is not allowed.
|
||||||
|
|
||||||
|
Preamble
|
||||||
|
|
||||||
|
The GNU General Public License is a free, copyleft license for software and
|
||||||
|
other kinds of works.
|
||||||
|
|
||||||
|
The licenses for most software and other practical works are designed to take
|
||||||
|
away your freedom to share and change the works. By contrast, the GNU General
|
||||||
|
Public License is intended to guarantee your freedom to share and change all
|
||||||
|
versions of a program--to make sure it remains free software for all its users.
|
||||||
|
We, the Free Software Foundation, use the GNU General Public License for most
|
||||||
|
of our software; it applies also to any other work released this way by its
|
||||||
|
authors. You can apply it to your programs, too.
|
||||||
|
|
||||||
|
When we speak of free software, we are referring to freedom, not price. Our
|
||||||
|
General Public Licenses are designed to make sure that you have the freedom
|
||||||
|
to distribute copies of free software (and charge for them if you wish), that
|
||||||
|
you receive source code or can get it if you want it, that you can change
|
||||||
|
the software or use pieces of it in new free programs, and that you know you
|
||||||
|
can do these things.
|
||||||
|
|
||||||
|
To protect your rights, we need to prevent others from denying you these rights
|
||||||
|
or asking you to surrender the rights. Therefore, you have certain responsibilities
|
||||||
|
if you distribute copies of the software, or if you modify it: responsibilities
|
||||||
|
to respect the freedom of others.
|
||||||
|
|
||||||
|
For example, if you distribute copies of such a program, whether gratis or
|
||||||
|
for a fee, you must pass on to the recipients the same freedoms that you received.
|
||||||
|
You must make sure that they, too, receive or can get the source code. And
|
||||||
|
you must show them these terms so they know their rights.
|
||||||
|
|
||||||
|
Developers that use the GNU GPL protect your rights with two steps: (1) assert
|
||||||
|
copyright on the software, and (2) offer you this License giving you legal
|
||||||
|
permission to copy, distribute and/or modify it.
|
||||||
|
|
||||||
|
For the developers' and authors' protection, the GPL clearly explains that
|
||||||
|
there is no warranty for this free software. For both users' and authors'
|
||||||
|
sake, the GPL requires that modified versions be marked as changed, so that
|
||||||
|
their problems will not be attributed erroneously to authors of previous versions.
|
||||||
|
|
||||||
|
Some devices are designed to deny users access to install or run modified
|
||||||
|
versions of the software inside them, although the manufacturer can do so.
|
||||||
|
This is fundamentally incompatible with the aim of protecting users' freedom
|
||||||
|
to change the software. The systematic pattern of such abuse occurs in the
|
||||||
|
area of products for individuals to use, which is precisely where it is most
|
||||||
|
unacceptable. Therefore, we have designed this version of the GPL to prohibit
|
||||||
|
the practice for those products. If such problems arise substantially in other
|
||||||
|
domains, we stand ready to extend this provision to those domains in future
|
||||||
|
versions of the GPL, as needed to protect the freedom of users.
|
||||||
|
|
||||||
|
Finally, every program is threatened constantly by software patents. States
|
||||||
|
should not allow patents to restrict development and use of software on general-purpose
|
||||||
|
computers, but in those that do, we wish to avoid the special danger that
|
||||||
|
patents applied to a free program could make it effectively proprietary. To
|
||||||
|
prevent this, the GPL assures that patents cannot be used to render the program
|
||||||
|
non-free.
|
||||||
|
|
||||||
|
The precise terms and conditions for copying, distribution and modification
|
||||||
|
follow.
|
||||||
|
|
||||||
|
TERMS AND CONDITIONS
|
||||||
|
|
||||||
|
0. Definitions.
|
||||||
|
|
||||||
|
"This License" refers to version 3 of the GNU General Public License.
|
||||||
|
|
||||||
|
"Copyright" also means copyright-like laws that apply to other kinds of works,
|
||||||
|
such as semiconductor masks.
|
||||||
|
|
||||||
|
"The Program" refers to any copyrightable work licensed under this License.
|
||||||
|
Each licensee is addressed as "you". "Licensees" and "recipients" may be individuals
|
||||||
|
or organizations.
|
||||||
|
|
||||||
|
To "modify" a work means to copy from or adapt all or part of the work in
|
||||||
|
a fashion requiring copyright permission, other than the making of an exact
|
||||||
|
copy. The resulting work is called a "modified version" of the earlier work
|
||||||
|
or a work "based on" the earlier work.
|
||||||
|
|
||||||
|
A "covered work" means either the unmodified Program or a work based on the
|
||||||
|
Program.
|
||||||
|
|
||||||
|
To "propagate" a work means to do anything with it that, without permission,
|
||||||
|
would make you directly or secondarily liable for infringement under applicable
|
||||||
|
copyright law, except executing it on a computer or modifying a private copy.
|
||||||
|
Propagation includes copying, distribution (with or without modification),
|
||||||
|
making available to the public, and in some countries other activities as
|
||||||
|
well.
|
||||||
|
|
||||||
|
To "convey" a work means any kind of propagation that enables other parties
|
||||||
|
to make or receive copies. Mere interaction with a user through a computer
|
||||||
|
network, with no transfer of a copy, is not conveying.
|
||||||
|
|
||||||
|
An interactive user interface displays "Appropriate Legal Notices" to the
|
||||||
|
extent that it includes a convenient and prominently visible feature that
|
||||||
|
(1) displays an appropriate copyright notice, and (2) tells the user that
|
||||||
|
there is no warranty for the work (except to the extent that warranties are
|
||||||
|
provided), that licensees may convey the work under this License, and how
|
||||||
|
to view a copy of this License. If the interface presents a list of user commands
|
||||||
|
or options, such as a menu, a prominent item in the list meets this criterion.
|
||||||
|
|
||||||
|
1. Source Code.
|
||||||
|
|
||||||
|
The "source code" for a work means the preferred form of the work for making
|
||||||
|
modifications to it. "Object code" means any non-source form of a work.
|
||||||
|
|
||||||
|
A "Standard Interface" means an interface that either is an official standard
|
||||||
|
defined by a recognized standards body, or, in the case of interfaces specified
|
||||||
|
for a particular programming language, one that is widely used among developers
|
||||||
|
working in that language.
|
||||||
|
|
||||||
|
The "System Libraries" of an executable work include anything, other than
|
||||||
|
the work as a whole, that (a) is included in the normal form of packaging
|
||||||
|
a Major Component, but which is not part of that Major Component, and (b)
|
||||||
|
serves only to enable use of the work with that Major Component, or to implement
|
||||||
|
a Standard Interface for which an implementation is available to the public
|
||||||
|
in source code form. A "Major Component", in this context, means a major essential
|
||||||
|
component (kernel, window system, and so on) of the specific operating system
|
||||||
|
(if any) on which the executable work runs, or a compiler used to produce
|
||||||
|
the work, or an object code interpreter used to run it.
|
||||||
|
|
||||||
|
The "Corresponding Source" for a work in object code form means all the source
|
||||||
|
code needed to generate, install, and (for an executable work) run the object
|
||||||
|
code and to modify the work, including scripts to control those activities.
|
||||||
|
However, it does not include the work's System Libraries, or general-purpose
|
||||||
|
tools or generally available free programs which are used unmodified in performing
|
||||||
|
those activities but which are not part of the work. For example, Corresponding
|
||||||
|
Source includes interface definition files associated with source files for
|
||||||
|
the work, and the source code for shared libraries and dynamically linked
|
||||||
|
subprograms that the work is specifically designed to require, such as by
|
||||||
|
intimate data communication or control flow between those subprograms and
|
||||||
|
other parts of the work.
|
||||||
|
|
||||||
|
The Corresponding Source need not include anything that users can regenerate
|
||||||
|
automatically from other parts of the Corresponding Source.
|
||||||
|
|
||||||
|
The Corresponding Source for a work in source code form is that same work.
|
||||||
|
|
||||||
|
2. Basic Permissions.
|
||||||
|
|
||||||
|
All rights granted under this License are granted for the term of copyright
|
||||||
|
on the Program, and are irrevocable provided the stated conditions are met.
|
||||||
|
This License explicitly affirms your unlimited permission to run the unmodified
|
||||||
|
Program. The output from running a covered work is covered by this License
|
||||||
|
only if the output, given its content, constitutes a covered work. This License
|
||||||
|
acknowledges your rights of fair use or other equivalent, as provided by copyright
|
||||||
|
law.
|
||||||
|
|
||||||
|
You may make, run and propagate covered works that you do not convey, without
|
||||||
|
conditions so long as your license otherwise remains in force. You may convey
|
||||||
|
covered works to others for the sole purpose of having them make modifications
|
||||||
|
exclusively for you, or provide you with facilities for running those works,
|
||||||
|
provided that you comply with the terms of this License in conveying all material
|
||||||
|
for which you do not control copyright. Those thus making or running the covered
|
||||||
|
works for you must do so exclusively on your behalf, under your direction
|
||||||
|
and control, on terms that prohibit them from making any copies of your copyrighted
|
||||||
|
material outside their relationship with you.
|
||||||
|
|
||||||
|
Conveying under any other circumstances is permitted solely under the conditions
|
||||||
|
stated below. Sublicensing is not allowed; section 10 makes it unnecessary.
|
||||||
|
|
||||||
|
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
|
||||||
|
|
||||||
|
No covered work shall be deemed part of an effective technological measure
|
||||||
|
under any applicable law fulfilling obligations under article 11 of the WIPO
|
||||||
|
copyright treaty adopted on 20 December 1996, or similar laws prohibiting
|
||||||
|
or restricting circumvention of such measures.
|
||||||
|
|
||||||
|
When you convey a covered work, you waive any legal power to forbid circumvention
|
||||||
|
of technological measures to the extent such circumvention is effected by
|
||||||
|
exercising rights under this License with respect to the covered work, and
|
||||||
|
you disclaim any intention to limit operation or modification of the work
|
||||||
|
as a means of enforcing, against the work's users, your or third parties'
|
||||||
|
legal rights to forbid circumvention of technological measures.
|
||||||
|
|
||||||
|
4. Conveying Verbatim Copies.
|
||||||
|
|
||||||
|
You may convey verbatim copies of the Program's source code as you receive
|
||||||
|
it, in any medium, provided that you conspicuously and appropriately publish
|
||||||
|
on each copy an appropriate copyright notice; keep intact all notices stating
|
||||||
|
that this License and any non-permissive terms added in accord with section
|
||||||
|
7 apply to the code; keep intact all notices of the absence of any warranty;
|
||||||
|
and give all recipients a copy of this License along with the Program.
|
||||||
|
|
||||||
|
You may charge any price or no price for each copy that you convey, and you
|
||||||
|
may offer support or warranty protection for a fee.
|
||||||
|
|
||||||
|
5. Conveying Modified Source Versions.
|
||||||
|
|
||||||
|
You may convey a work based on the Program, or the modifications to produce
|
||||||
|
it from the Program, in the form of source code under the terms of section
|
||||||
|
4, provided that you also meet all of these conditions:
|
||||||
|
|
||||||
|
a) The work must carry prominent notices stating that you modified it, and
|
||||||
|
giving a relevant date.
|
||||||
|
|
||||||
|
b) The work must carry prominent notices stating that it is released under
|
||||||
|
this License and any conditions added under section 7. This requirement modifies
|
||||||
|
the requirement in section 4 to "keep intact all notices".
|
||||||
|
|
||||||
|
c) You must license the entire work, as a whole, under this License to anyone
|
||||||
|
who comes into possession of a copy. This License will therefore apply, along
|
||||||
|
with any applicable section 7 additional terms, to the whole of the work,
|
||||||
|
and all its parts, regardless of how they are packaged. This License gives
|
||||||
|
no permission to license the work in any other way, but it does not invalidate
|
||||||
|
such permission if you have separately received it.
|
||||||
|
|
||||||
|
d) If the work has interactive user interfaces, each must display Appropriate
|
||||||
|
Legal Notices; however, if the Program has interactive interfaces that do
|
||||||
|
not display Appropriate Legal Notices, your work need not make them do so.
|
||||||
|
|
||||||
|
A compilation of a covered work with other separate and independent works,
|
||||||
|
which are not by their nature extensions of the covered work, and which are
|
||||||
|
not combined with it such as to form a larger program, in or on a volume of
|
||||||
|
a storage or distribution medium, is called an "aggregate" if the compilation
|
||||||
|
and its resulting copyright are not used to limit the access or legal rights
|
||||||
|
of the compilation's users beyond what the individual works permit. Inclusion
|
||||||
|
of a covered work in an aggregate does not cause this License to apply to
|
||||||
|
the other parts of the aggregate.
|
||||||
|
|
||||||
|
6. Conveying Non-Source Forms.
|
||||||
|
|
||||||
|
You may convey a covered work in object code form under the terms of sections
|
||||||
|
4 and 5, provided that you also convey the machine-readable Corresponding
|
||||||
|
Source under the terms of this License, in one of these ways:
|
||||||
|
|
||||||
|
a) Convey the object code in, or embodied in, a physical product (including
|
||||||
|
a physical distribution medium), accompanied by the Corresponding Source fixed
|
||||||
|
on a durable physical medium customarily used for software interchange.
|
||||||
|
|
||||||
|
b) Convey the object code in, or embodied in, a physical product (including
|
||||||
|
a physical distribution medium), accompanied by a written offer, valid for
|
||||||
|
at least three years and valid for as long as you offer spare parts or customer
|
||||||
|
support for that product model, to give anyone who possesses the object code
|
||||||
|
either (1) a copy of the Corresponding Source for all the software in the
|
||||||
|
product that is covered by this License, on a durable physical medium customarily
|
||||||
|
used for software interchange, for a price no more than your reasonable cost
|
||||||
|
of physically performing this conveying of source, or (2) access to copy the
|
||||||
|
Corresponding Source from a network server at no charge.
|
||||||
|
|
||||||
|
c) Convey individual copies of the object code with a copy of the written
|
||||||
|
offer to provide the Corresponding Source. This alternative is allowed only
|
||||||
|
occasionally and noncommercially, and only if you received the object code
|
||||||
|
with such an offer, in accord with subsection 6b.
|
||||||
|
|
||||||
|
d) Convey the object code by offering access from a designated place (gratis
|
||||||
|
or for a charge), and offer equivalent access to the Corresponding Source
|
||||||
|
in the same way through the same place at no further charge. You need not
|
||||||
|
require recipients to copy the Corresponding Source along with the object
|
||||||
|
code. If the place to copy the object code is a network server, the Corresponding
|
||||||
|
Source may be on a different server (operated by you or a third party) that
|
||||||
|
supports equivalent copying facilities, provided you maintain clear directions
|
||||||
|
next to the object code saying where to find the Corresponding Source. Regardless
|
||||||
|
of what server hosts the Corresponding Source, you remain obligated to ensure
|
||||||
|
that it is available for as long as needed to satisfy these requirements.
|
||||||
|
|
||||||
|
e) Convey the object code using peer-to-peer transmission, provided you inform
|
||||||
|
other peers where the object code and Corresponding Source of the work are
|
||||||
|
being offered to the general public at no charge under subsection 6d.
|
||||||
|
|
||||||
|
A separable portion of the object code, whose source code is excluded from
|
||||||
|
the Corresponding Source as a System Library, need not be included in conveying
|
||||||
|
the object code work.
|
||||||
|
|
||||||
|
A "User Product" is either (1) a "consumer product", which means any tangible
|
||||||
|
personal property which is normally used for personal, family, or household
|
||||||
|
purposes, or (2) anything designed or sold for incorporation into a dwelling.
|
||||||
|
In determining whether a product is a consumer product, doubtful cases shall
|
||||||
|
be resolved in favor of coverage. For a particular product received by a particular
|
||||||
|
user, "normally used" refers to a typical or common use of that class of product,
|
||||||
|
regardless of the status of the particular user or of the way in which the
|
||||||
|
particular user actually uses, or expects or is expected to use, the product.
|
||||||
|
A product is a consumer product regardless of whether the product has substantial
|
||||||
|
commercial, industrial or non-consumer uses, unless such uses represent the
|
||||||
|
only significant mode of use of the product.
|
||||||
|
|
||||||
|
"Installation Information" for a User Product means any methods, procedures,
|
||||||
|
authorization keys, or other information required to install and execute modified
|
||||||
|
versions of a covered work in that User Product from a modified version of
|
||||||
|
its Corresponding Source. The information must suffice to ensure that the
|
||||||
|
continued functioning of the modified object code is in no case prevented
|
||||||
|
or interfered with solely because modification has been made.
|
||||||
|
|
||||||
|
If you convey an object code work under this section in, or with, or specifically
|
||||||
|
for use in, a User Product, and the conveying occurs as part of a transaction
|
||||||
|
in which the right of possession and use of the User Product is transferred
|
||||||
|
to the recipient in perpetuity or for a fixed term (regardless of how the
|
||||||
|
transaction is characterized), the Corresponding Source conveyed under this
|
||||||
|
section must be accompanied by the Installation Information. But this requirement
|
||||||
|
does not apply if neither you nor any third party retains the ability to install
|
||||||
|
modified object code on the User Product (for example, the work has been installed
|
||||||
|
in ROM).
|
||||||
|
|
||||||
|
The requirement to provide Installation Information does not include a requirement
|
||||||
|
to continue to provide support service, warranty, or updates for a work that
|
||||||
|
has been modified or installed by the recipient, or for the User Product in
|
||||||
|
which it has been modified or installed. Access to a network may be denied
|
||||||
|
when the modification itself materially and adversely affects the operation
|
||||||
|
of the network or violates the rules and protocols for communication across
|
||||||
|
the network.
|
||||||
|
|
||||||
|
Corresponding Source conveyed, and Installation Information provided, in accord
|
||||||
|
with this section must be in a format that is publicly documented (and with
|
||||||
|
an implementation available to the public in source code form), and must require
|
||||||
|
no special password or key for unpacking, reading or copying.
|
||||||
|
|
||||||
|
7. Additional Terms.
|
||||||
|
|
||||||
|
"Additional permissions" are terms that supplement the terms of this License
|
||||||
|
by making exceptions from one or more of its conditions. Additional permissions
|
||||||
|
that are applicable to the entire Program shall be treated as though they
|
||||||
|
were included in this License, to the extent that they are valid under applicable
|
||||||
|
law. If additional permissions apply only to part of the Program, that part
|
||||||
|
may be used separately under those permissions, but the entire Program remains
|
||||||
|
governed by this License without regard to the additional permissions.
|
||||||
|
|
||||||
|
When you convey a copy of a covered work, you may at your option remove any
|
||||||
|
additional permissions from that copy, or from any part of it. (Additional
|
||||||
|
permissions may be written to require their own removal in certain cases when
|
||||||
|
you modify the work.) You may place additional permissions on material, added
|
||||||
|
by you to a covered work, for which you have or can give appropriate copyright
|
||||||
|
permission.
|
||||||
|
|
||||||
|
Notwithstanding any other provision of this License, for material you add
|
||||||
|
to a covered work, you may (if authorized by the copyright holders of that
|
||||||
|
material) supplement the terms of this License with terms:
|
||||||
|
|
||||||
|
a) Disclaiming warranty or limiting liability differently from the terms of
|
||||||
|
sections 15 and 16 of this License; or
|
||||||
|
|
||||||
|
b) Requiring preservation of specified reasonable legal notices or author
|
||||||
|
attributions in that material or in the Appropriate Legal Notices displayed
|
||||||
|
by works containing it; or
|
||||||
|
|
||||||
|
c) Prohibiting misrepresentation of the origin of that material, or requiring
|
||||||
|
that modified versions of such material be marked in reasonable ways as different
|
||||||
|
from the original version; or
|
||||||
|
|
||||||
|
d) Limiting the use for publicity purposes of names of licensors or authors
|
||||||
|
of the material; or
|
||||||
|
|
||||||
|
e) Declining to grant rights under trademark law for use of some trade names,
|
||||||
|
trademarks, or service marks; or
|
||||||
|
|
||||||
|
f) Requiring indemnification of licensors and authors of that material by
|
||||||
|
anyone who conveys the material (or modified versions of it) with contractual
|
||||||
|
assumptions of liability to the recipient, for any liability that these contractual
|
||||||
|
assumptions directly impose on those licensors and authors.
|
||||||
|
|
||||||
|
All other non-permissive additional terms are considered "further restrictions"
|
||||||
|
within the meaning of section 10. If the Program as you received it, or any
|
||||||
|
part of it, contains a notice stating that it is governed by this License
|
||||||
|
along with a term that is a further restriction, you may remove that term.
|
||||||
|
If a license document contains a further restriction but permits relicensing
|
||||||
|
or conveying under this License, you may add to a covered work material governed
|
||||||
|
by the terms of that license document, provided that the further restriction
|
||||||
|
does not survive such relicensing or conveying.
|
||||||
|
|
||||||
|
If you add terms to a covered work in accord with this section, you must place,
|
||||||
|
in the relevant source files, a statement of the additional terms that apply
|
||||||
|
to those files, or a notice indicating where to find the applicable terms.
|
||||||
|
|
||||||
|
Additional terms, permissive or non-permissive, may be stated in the form
|
||||||
|
of a separately written license, or stated as exceptions; the above requirements
|
||||||
|
apply either way.
|
||||||
|
|
||||||
|
8. Termination.
|
||||||
|
|
||||||
|
You may not propagate or modify a covered work except as expressly provided
|
||||||
|
under this License. Any attempt otherwise to propagate or modify it is void,
|
||||||
|
and will automatically terminate your rights under this License (including
|
||||||
|
any patent licenses granted under the third paragraph of section 11).
|
||||||
|
|
||||||
|
However, if you cease all violation of this License, then your license from
|
||||||
|
a particular copyright holder is reinstated (a) provisionally, unless and
|
||||||
|
until the copyright holder explicitly and finally terminates your license,
|
||||||
|
and (b) permanently, if the copyright holder fails to notify you of the violation
|
||||||
|
by some reasonable means prior to 60 days after the cessation.
|
||||||
|
|
||||||
|
Moreover, your license from a particular copyright holder is reinstated permanently
|
||||||
|
if the copyright holder notifies you of the violation by some reasonable means,
|
||||||
|
this is the first time you have received notice of violation of this License
|
||||||
|
(for any work) from that copyright holder, and you cure the violation prior
|
||||||
|
to 30 days after your receipt of the notice.
|
||||||
|
|
||||||
|
Termination of your rights under this section does not terminate the licenses
|
||||||
|
of parties who have received copies or rights from you under this License.
|
||||||
|
If your rights have been terminated and not permanently reinstated, you do
|
||||||
|
not qualify to receive new licenses for the same material under section 10.
|
||||||
|
|
||||||
|
9. Acceptance Not Required for Having Copies.
|
||||||
|
|
||||||
|
You are not required to accept this License in order to receive or run a copy
|
||||||
|
of the Program. Ancillary propagation of a covered work occurring solely as
|
||||||
|
a consequence of using peer-to-peer transmission to receive a copy likewise
|
||||||
|
does not require acceptance. However, nothing other than this License grants
|
||||||
|
you permission to propagate or modify any covered work. These actions infringe
|
||||||
|
copyright if you do not accept this License. Therefore, by modifying or propagating
|
||||||
|
a covered work, you indicate your acceptance of this License to do so.
|
||||||
|
|
||||||
|
10. Automatic Licensing of Downstream Recipients.
|
||||||
|
|
||||||
|
Each time you convey a covered work, the recipient automatically receives
|
||||||
|
a license from the original licensors, to run, modify and propagate that work,
|
||||||
|
subject to this License. You are not responsible for enforcing compliance
|
||||||
|
by third parties with this License.
|
||||||
|
|
||||||
|
An "entity transaction" is a transaction transferring control of an organization,
|
||||||
|
or substantially all assets of one, or subdividing an organization, or merging
|
||||||
|
organizations. If propagation of a covered work results from an entity transaction,
|
||||||
|
each party to that transaction who receives a copy of the work also receives
|
||||||
|
whatever licenses to the work the party's predecessor in interest had or could
|
||||||
|
give under the previous paragraph, plus a right to possession of the Corresponding
|
||||||
|
Source of the work from the predecessor in interest, if the predecessor has
|
||||||
|
it or can get it with reasonable efforts.
|
||||||
|
|
||||||
|
You may not impose any further restrictions on the exercise of the rights
|
||||||
|
granted or affirmed under this License. For example, you may not impose a
|
||||||
|
license fee, royalty, or other charge for exercise of rights granted under
|
||||||
|
this License, and you may not initiate litigation (including a cross-claim
|
||||||
|
or counterclaim in a lawsuit) alleging that any patent claim is infringed
|
||||||
|
by making, using, selling, offering for sale, or importing the Program or
|
||||||
|
any portion of it.
|
||||||
|
|
||||||
|
11. Patents.
|
||||||
|
|
||||||
|
A "contributor" is a copyright holder who authorizes use under this License
|
||||||
|
of the Program or a work on which the Program is based. The work thus licensed
|
||||||
|
is called the contributor's "contributor version".
|
||||||
|
|
||||||
|
A contributor's "essential patent claims" are all patent claims owned or controlled
|
||||||
|
by the contributor, whether already acquired or hereafter acquired, that would
|
||||||
|
be infringed by some manner, permitted by this License, of making, using,
|
||||||
|
or selling its contributor version, but do not include claims that would be
|
||||||
|
infringed only as a consequence of further modification of the contributor
|
||||||
|
version. For purposes of this definition, "control" includes the right to
|
||||||
|
grant patent sublicenses in a manner consistent with the requirements of this
|
||||||
|
License.
|
||||||
|
|
||||||
|
Each contributor grants you a non-exclusive, worldwide, royalty-free patent
|
||||||
|
license under the contributor's essential patent claims, to make, use, sell,
|
||||||
|
offer for sale, import and otherwise run, modify and propagate the contents
|
||||||
|
of its contributor version.
|
||||||
|
|
||||||
|
In the following three paragraphs, a "patent license" is any express agreement
|
||||||
|
or commitment, however denominated, not to enforce a patent (such as an express
|
||||||
|
permission to practice a patent or covenant not to sue for patent infringement).
|
||||||
|
To "grant" such a patent license to a party means to make such an agreement
|
||||||
|
or commitment not to enforce a patent against the party.
|
||||||
|
|
||||||
|
If you convey a covered work, knowingly relying on a patent license, and the
|
||||||
|
Corresponding Source of the work is not available for anyone to copy, free
|
||||||
|
of charge and under the terms of this License, through a publicly available
|
||||||
|
network server or other readily accessible means, then you must either (1)
|
||||||
|
cause the Corresponding Source to be so available, or (2) arrange to deprive
|
||||||
|
yourself of the benefit of the patent license for this particular work, or
|
||||||
|
(3) arrange, in a manner consistent with the requirements of this License,
|
||||||
|
to extend the patent license to downstream recipients. "Knowingly relying"
|
||||||
|
means you have actual knowledge that, but for the patent license, your conveying
|
||||||
|
the covered work in a country, or your recipient's use of the covered work
|
||||||
|
in a country, would infringe one or more identifiable patents in that country
|
||||||
|
that you have reason to believe are valid.
|
||||||
|
|
||||||
|
If, pursuant to or in connection with a single transaction or arrangement,
|
||||||
|
you convey, or propagate by procuring conveyance of, a covered work, and grant
|
||||||
|
a patent license to some of the parties receiving the covered work authorizing
|
||||||
|
them to use, propagate, modify or convey a specific copy of the covered work,
|
||||||
|
then the patent license you grant is automatically extended to all recipients
|
||||||
|
of the covered work and works based on it.
|
||||||
|
|
||||||
|
A patent license is "discriminatory" if it does not include within the scope
|
||||||
|
of its coverage, prohibits the exercise of, or is conditioned on the non-exercise
|
||||||
|
of one or more of the rights that are specifically granted under this License.
|
||||||
|
You may not convey a covered work if you are a party to an arrangement with
|
||||||
|
a third party that is in the business of distributing software, under which
|
||||||
|
you make payment to the third party based on the extent of your activity of
|
||||||
|
conveying the work, and under which the third party grants, to any of the
|
||||||
|
parties who would receive the covered work from you, a discriminatory patent
|
||||||
|
license (a) in connection with copies of the covered work conveyed by you
|
||||||
|
(or copies made from those copies), or (b) primarily for and in connection
|
||||||
|
with specific products or compilations that contain the covered work, unless
|
||||||
|
you entered into that arrangement, or that patent license was granted, prior
|
||||||
|
to 28 March 2007.
|
||||||
|
|
||||||
|
Nothing in this License shall be construed as excluding or limiting any implied
|
||||||
|
license or other defenses to infringement that may otherwise be available
|
||||||
|
to you under applicable patent law.
|
||||||
|
|
||||||
|
12. No Surrender of Others' Freedom.
|
||||||
|
|
||||||
|
If conditions are imposed on you (whether by court order, agreement or otherwise)
|
||||||
|
that contradict the conditions of this License, they do not excuse you from
|
||||||
|
the conditions of this License. If you cannot convey a covered work so as
|
||||||
|
to satisfy simultaneously your obligations under this License and any other
|
||||||
|
pertinent obligations, then as a consequence you may not convey it at all.
|
||||||
|
For example, if you agree to terms that obligate you to collect a royalty
|
||||||
|
for further conveying from those to whom you convey the Program, the only
|
||||||
|
way you could satisfy both those terms and this License would be to refrain
|
||||||
|
entirely from conveying the Program.
|
||||||
|
|
||||||
|
13. Use with the GNU Affero General Public License.
|
||||||
|
|
||||||
|
Notwithstanding any other provision of this License, you have permission to
|
||||||
|
link or combine any covered work with a work licensed under version 3 of the
|
||||||
|
GNU Affero General Public License into a single combined work, and to convey
|
||||||
|
the resulting work. The terms of this License will continue to apply to the
|
||||||
|
part which is the covered work, but the special requirements of the GNU Affero
|
||||||
|
General Public License, section 13, concerning interaction through a network
|
||||||
|
will apply to the combination as such.
|
||||||
|
|
||||||
|
14. Revised Versions of this License.
|
||||||
|
|
||||||
|
The Free Software Foundation may publish revised and/or new versions of the
|
||||||
|
GNU General Public License from time to time. Such new versions will be similar
|
||||||
|
in spirit to the present version, but may differ in detail to address new
|
||||||
|
problems or concerns.
|
||||||
|
|
||||||
|
Each version is given a distinguishing version number. If the Program specifies
|
||||||
|
that a certain numbered version of the GNU General Public License "or any
|
||||||
|
later version" applies to it, you have the option of following the terms and
|
||||||
|
conditions either of that numbered version or of any later version published
|
||||||
|
by the Free Software Foundation. If the Program does not specify a version
|
||||||
|
number of the GNU General Public License, you may choose any version ever
|
||||||
|
published by the Free Software Foundation.
|
||||||
|
|
||||||
|
If the Program specifies that a proxy can decide which future versions of
|
||||||
|
the GNU General Public License can be used, that proxy's public statement
|
||||||
|
of acceptance of a version permanently authorizes you to choose that version
|
||||||
|
for the Program.
|
||||||
|
|
||||||
|
Later license versions may give you additional or different permissions. However,
|
||||||
|
no additional obligations are imposed on any author or copyright holder as
|
||||||
|
a result of your choosing to follow a later version.
|
||||||
|
|
||||||
|
15. Disclaimer of Warranty.
|
||||||
|
|
||||||
|
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE
|
||||||
|
LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
|
||||||
|
OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER
|
||||||
|
EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
||||||
|
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
|
||||||
|
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM
|
||||||
|
PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR
|
||||||
|
CORRECTION.
|
||||||
|
|
||||||
|
16. Limitation of Liability.
|
||||||
|
|
||||||
|
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL
|
||||||
|
ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM
|
||||||
|
AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL,
|
||||||
|
INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO
|
||||||
|
USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED
|
||||||
|
INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE
|
||||||
|
PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER
|
||||||
|
PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
|
||||||
|
|
||||||
|
17. Interpretation of Sections 15 and 16.
|
||||||
|
|
||||||
|
If the disclaimer of warranty and limitation of liability provided above cannot
|
||||||
|
be given local legal effect according to their terms, reviewing courts shall
|
||||||
|
apply local law that most closely approximates an absolute waiver of all civil
|
||||||
|
liability in connection with the Program, unless a warranty or assumption
|
||||||
|
of liability accompanies a copy of the Program in return for a fee. END OF
|
||||||
|
TERMS AND CONDITIONS
|
||||||
|
|
||||||
|
How to Apply These Terms to Your New Programs
|
||||||
|
|
||||||
|
If you develop a new program, and you want it to be of the greatest possible
|
||||||
|
use to the public, the best way to achieve this is to make it free software
|
||||||
|
which everyone can redistribute and change under these terms.
|
||||||
|
|
||||||
|
To do so, attach the following notices to the program. It is safest to attach
|
||||||
|
them to the start of each source file to most effectively state the exclusion
|
||||||
|
of warranty; and each file should have at least the "copyright" line and a
|
||||||
|
pointer to where the full notice is found.
|
||||||
|
|
||||||
|
<one line to give the program's name and a brief idea of what it does.>
|
||||||
|
|
||||||
|
Copyright (C) <year> <name of author>
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify it under
|
||||||
|
the terms of the GNU General Public License as published by the Free Software
|
||||||
|
Foundation, either version 3 of the License, or (at your option) any later
|
||||||
|
version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful, but WITHOUT
|
||||||
|
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||||
|
FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License along with
|
||||||
|
this program. If not, see <https://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
Also add information on how to contact you by electronic and paper mail.
|
||||||
|
|
||||||
|
If the program does terminal interaction, make it output a short notice like
|
||||||
|
this when it starts in an interactive mode:
|
||||||
|
|
||||||
|
<program> Copyright (C) <year> <name of author>
|
||||||
|
|
||||||
|
This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
|
||||||
|
|
||||||
|
This is free software, and you are welcome to redistribute it under certain
|
||||||
|
conditions; type `show c' for details.
|
||||||
|
|
||||||
|
The hypothetical commands `show w' and `show c' should show the appropriate
|
||||||
|
parts of the General Public License. Of course, your program's commands might
|
||||||
|
be different; for a GUI interface, you would use an "about box".
|
||||||
|
|
||||||
|
You should also get your employer (if you work as a programmer) or school,
|
||||||
|
if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||||
|
more information on this, and how to apply and follow the GNU GPL, see <https://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
The GNU General Public License does not permit incorporating your program
|
||||||
|
into proprietary programs. If your program is a subroutine library, you may
|
||||||
|
consider it more useful to permit linking proprietary applications with the
|
||||||
|
library. If this is what you want to do, use the GNU Lesser General Public
|
||||||
|
License instead of this License. But first, please read <https://www.gnu.org/
|
||||||
|
licenses /why-not-lgpl.html>.
|
@ -1,41 +1,126 @@
|
|||||||
---
|
---
|
||||||
################################################################################
|
# Copyright (C) 2018-2022 Robert Wimmer
|
||||||
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||||
|
|
||||||
|
#######################################
|
||||||
# General settings
|
# General settings
|
||||||
################################################################################
|
#######################################
|
||||||
|
|
||||||
# Directory to store WireGuard configuration on the remote hosts
|
# Directory to store WireGuard configuration on the remote hosts
|
||||||
wireguard_remote_directory: "/etc/wireguard"
|
wireguard_remote_directory: "{{ '/etc/wireguard' if not ansible_os_family == 'Darwin' else '/opt/local/etc/wireguard' }}"
|
||||||
|
|
||||||
# The default port WireGuard will listen if not specified otherwise.
|
# The default port WireGuard will listen if not specified otherwise.
|
||||||
wireguard_port: "51820"
|
wireguard_port: "51820"
|
||||||
|
|
||||||
# The default interface name that wireguard should use if not specified otherwise.
|
# The default interface name that WireGuard should use if not specified otherwise.
|
||||||
wireguard_interface: "wg0"
|
wireguard_interface: "wg0"
|
||||||
|
|
||||||
|
# The default owner of the wg.conf file
|
||||||
|
wireguard_conf_owner: root
|
||||||
|
|
||||||
################################################################################
|
# The default group of the wg.conf file
|
||||||
# Settings for devices like laptops, tablets, mobiles, etc. not managed by
|
wireguard_conf_group: "{{ 'root' if not ansible_os_family == 'Darwin' else 'wheel' }}"
|
||||||
# Ansible. If you don't have such devices just leave the variables commented.
|
|
||||||
################################################################################
|
|
||||||
|
|
||||||
# Directory to store configurations for unmanaged hosts
|
# The default mode of the wg.conf file
|
||||||
wireguard_unmanaged_hosts_directory: "{{ '~/wireguard_unmanaged_hosts' | expanduser }}"
|
wireguard_conf_mode: 0600
|
||||||
|
|
||||||
#
|
# The default state of the wireguard service
|
||||||
wireguard_unmanaged_hosts_list:
|
wireguard_service_enabled: "yes"
|
||||||
- tablet01
|
wireguard_service_state: "started"
|
||||||
- mobile01
|
|
||||||
|
|
||||||
|
# By default "wg syncconf" is used to apply WireGuard interface settings if
|
||||||
|
# they've changed. Older WireGuard tools doesn't provide this option. In that
|
||||||
|
# case as a fallback the WireGuard interface will be restarted. This causes a
|
||||||
|
# short interruption of network connections.
|
||||||
|
#
|
||||||
|
# So even if "false" is the default, the role figures out if the "syncconf"
|
||||||
|
# option of the "wg" utility is available and if not falls back to "true"
|
||||||
|
# (which means interface will be restarted as this is the only possible option
|
||||||
|
# in this case).
|
||||||
|
#
|
||||||
|
# Possible options:
|
||||||
|
# - false (default)
|
||||||
|
# - true
|
||||||
|
#
|
||||||
|
# Both options have their pros and cons. The default "false" option (do not
|
||||||
|
# restart interface)
|
||||||
|
# - does not need to restart the WireGuard interface to apply changes
|
||||||
|
# - does not cause a short VPN connection interruption when changes are applied
|
||||||
|
# - might cause network routes are not properly reloaded
|
||||||
#
|
#
|
||||||
wireguard_unmanaged_delegate_to: "127.0.0.1"
|
# Setting the option value to "true" will
|
||||||
|
# - restart the WireGuard interface as the name suggests in case of changes
|
||||||
|
# - cause a short VPN connection interruption when changes are applied
|
||||||
|
# - make sure that network routes are properly reloaded
|
||||||
|
#
|
||||||
|
# So it depends a little bit on your setup which option works best. If you
|
||||||
|
# don't have an overly complicated routing that changes very often or at all
|
||||||
|
# using "false" here is most properly good enough for you. E.g. if you just
|
||||||
|
# want to connect a few servers via VPN and it normally stays this way.
|
||||||
|
#
|
||||||
|
# If you have a more dynamic routing setup then setting this to "true" might be
|
||||||
|
# the safest way to go. Also if you want to avoid the possibility creating some
|
||||||
|
# hard to detect side effects this option should be considered.
|
||||||
|
wireguard_interface_restart: false
|
||||||
|
|
||||||
|
# This is sensitive: encrypt it with a tool like Ansible Vault.
|
||||||
|
# If not set, a new one is generated on a blank configuration.
|
||||||
|
# wireguard_private_key:
|
||||||
|
|
||||||
###############################################################################
|
# Set to "false" if package cache should not be updated (only relevant if
|
||||||
# Settings only relevant for Ubuntu
|
# the package manager in question supports this option)
|
||||||
###############################################################################
|
wireguard_update_cache: "true"
|
||||||
|
|
||||||
# Set to "false" if package cache should not be updated
|
#######################################
|
||||||
wireguard_ubuntu_update_cache: "true"
|
# Settings only relevant for:
|
||||||
|
# - Ubuntu
|
||||||
|
# - elementary OS
|
||||||
|
#######################################
|
||||||
|
|
||||||
|
# DEPRECATED: Please use "wireguard_update_cache" instead.
|
||||||
|
# Set to "false" if package cache should not be updated.
|
||||||
|
wireguard_ubuntu_update_cache: "{{ wireguard_update_cache }}"
|
||||||
|
|
||||||
# Set package cache valid time
|
# Set package cache valid time
|
||||||
wireguard_ubuntu_cache_valid_time: "3600"
|
wireguard_ubuntu_cache_valid_time: "3600"
|
||||||
|
|
||||||
|
#######################################
|
||||||
|
# Settings only relevant for CentOS 7
|
||||||
|
#######################################
|
||||||
|
|
||||||
|
# Set wireguard_centos7_installation_method to "kernel-plus"
|
||||||
|
# to use the kernel-plus kernel, which includes a built-in,
|
||||||
|
# signed WireGuard module.
|
||||||
|
#
|
||||||
|
# The default of "standard" will use the standard kernel and
|
||||||
|
# the ELRepo module for WireGuard.
|
||||||
|
wireguard_centos7_installation_method: "standard"
|
||||||
|
|
||||||
|
# Reboot host if necessary if the "kernel-plus" kernel is in use
|
||||||
|
wireguard_centos7_kernel_plus_reboot: true
|
||||||
|
|
||||||
|
# The default seconds to wait for machine to reboot and respond
|
||||||
|
# if "kernel-plus" is in use. Is only relevant if
|
||||||
|
# "wireguard_centos7_kernel_plus_reboot" is set to "true".
|
||||||
|
wireguard_centos7_kernel_plus_reboot_timeout: "600"
|
||||||
|
|
||||||
|
# Reboot host if necessary if the standard kernel is in use
|
||||||
|
wireguard_centos7_standard_reboot: true
|
||||||
|
|
||||||
|
# The default seconds to wait for machine to reboot and respond
|
||||||
|
# if "standard" kernel is in use. Is only relevant if
|
||||||
|
# "wireguard_centos7_standard_reboot" is set to "true".
|
||||||
|
wireguard_centos7_standard_reboot_timeout: "600"
|
||||||
|
|
||||||
|
#########################################
|
||||||
|
# Settings only relevant for RockyLinux 8
|
||||||
|
#########################################
|
||||||
|
|
||||||
|
# Set wireguard_rockylinux8_installation_method to "dkms"
|
||||||
|
# to build WireGuard module from source, with wireguard-dkms.
|
||||||
|
# This is required if you use a custom kernel and/or your arch
|
||||||
|
# is not x86_64.
|
||||||
|
#
|
||||||
|
# The default of "standard" will install the kernel module
|
||||||
|
# with kmod-wireguard from ELRepo.
|
||||||
|
wireguard_rockylinux8_installation_method: "standard"
|
||||||
|
@ -1,23 +1,32 @@
|
|||||||
---
|
---
|
||||||
- name: restart wireguard
|
# Copyright (C) 2018-2022 Robert Wimmer
|
||||||
service:
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||||
|
|
||||||
|
- name: Restart wireguard
|
||||||
|
ansible.builtin.service:
|
||||||
name: "wg-quick@{{ wireguard_interface }}"
|
name: "wg-quick@{{ wireguard_interface }}"
|
||||||
state: "{{ item }}"
|
state: "{{ item }}"
|
||||||
loop:
|
loop:
|
||||||
- stopped
|
- stopped
|
||||||
- started
|
- started
|
||||||
when: not wg_syncconf
|
when:
|
||||||
|
- wireguard__restart_interface
|
||||||
|
- not ansible_os_family == 'Darwin'
|
||||||
|
- wireguard_service_enabled == "yes"
|
||||||
listen: "reconfigure wireguard"
|
listen: "reconfigure wireguard"
|
||||||
|
|
||||||
- name: syncconf wireguard
|
- name: Syncconf wireguard
|
||||||
shell: |
|
ansible.builtin.shell: |
|
||||||
set -o errexit
|
set -o errexit
|
||||||
set -o pipefail
|
set -o pipefail
|
||||||
set -o nounset
|
set -o nounset
|
||||||
systemctl is-active wg-quick@wg-quick@{{ wireguard_interface|quote }} || systemctl start wg-quick@{{ wireguard_interface|quote }}
|
systemctl is-active wg-quick@{{ wireguard_interface | quote }} || systemctl start wg-quick@{{ wireguard_interface | quote }}
|
||||||
wg syncconf {{ wireguard_interface|quote }} <(wg-quick strip /etc/wireguard/{{ wireguard_interface|quote }}.conf)
|
wg syncconf {{ wireguard_interface | quote }} <(wg-quick strip /etc/wireguard/{{ wireguard_interface | quote }}.conf)
|
||||||
exit 0
|
exit 0
|
||||||
args:
|
args:
|
||||||
executable: "/bin/bash"
|
executable: "/bin/bash"
|
||||||
when: wg_syncconf
|
when:
|
||||||
|
- not wireguard__restart_interface
|
||||||
|
- not ansible_os_family == 'Darwin'
|
||||||
|
- wireguard_service_enabled == "yes"
|
||||||
listen: "reconfigure wireguard"
|
listen: "reconfigure wireguard"
|
||||||
|
@ -0,0 +1,12 @@
|
|||||||
|
---
|
||||||
|
# Copyright (C) 2022 Robert Wimmer
|
||||||
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||||
|
|
||||||
|
- hosts: all
|
||||||
|
remote_user: vagrant
|
||||||
|
become: true
|
||||||
|
gather_facts: true
|
||||||
|
tasks:
|
||||||
|
- name: Include WireGuard role
|
||||||
|
ansible.builtin.include_role:
|
||||||
|
name: githubixx.ansible_role_wireguard
|
@ -0,0 +1,95 @@
|
|||||||
|
---
|
||||||
|
# Copyright (C) 2022 Robert Wimmer
|
||||||
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||||
|
|
||||||
|
dependency:
|
||||||
|
name: galaxy
|
||||||
|
|
||||||
|
driver:
|
||||||
|
name: vagrant
|
||||||
|
provider:
|
||||||
|
name: libvirt
|
||||||
|
type: libvirt
|
||||||
|
options:
|
||||||
|
memory: 192
|
||||||
|
cpus: 2
|
||||||
|
|
||||||
|
platforms:
|
||||||
|
- name: test-wg-ubuntu2004
|
||||||
|
box: generic/ubuntu2004
|
||||||
|
interfaces:
|
||||||
|
- auto_config: true
|
||||||
|
network_name: private_network
|
||||||
|
type: static
|
||||||
|
ip: 192.168.10.10
|
||||||
|
groups:
|
||||||
|
- vpn
|
||||||
|
- ubuntu
|
||||||
|
- name: test-wg-ubuntu1804
|
||||||
|
box: generic/ubuntu1804
|
||||||
|
interfaces:
|
||||||
|
- auto_config: true
|
||||||
|
network_name: private_network
|
||||||
|
type: static
|
||||||
|
ip: 192.168.10.20
|
||||||
|
groups:
|
||||||
|
- vpn
|
||||||
|
- ubuntu
|
||||||
|
- name: test-wg-debian11
|
||||||
|
box: generic/debian11
|
||||||
|
interfaces:
|
||||||
|
- auto_config: true
|
||||||
|
network_name: private_network
|
||||||
|
type: static
|
||||||
|
ip: 192.168.10.30
|
||||||
|
groups:
|
||||||
|
- vpn
|
||||||
|
- debian
|
||||||
|
- name: test-wg-ubuntu2204
|
||||||
|
box: alvistack/ubuntu-22.04
|
||||||
|
interfaces:
|
||||||
|
- auto_config: true
|
||||||
|
network_name: private_network
|
||||||
|
type: static
|
||||||
|
ip: 192.168.10.40
|
||||||
|
groups:
|
||||||
|
- vpn
|
||||||
|
- ubuntu
|
||||||
|
|
||||||
|
provisioner:
|
||||||
|
name: ansible
|
||||||
|
connection_options:
|
||||||
|
ansible_ssh_user: vagrant
|
||||||
|
ansible_become: true
|
||||||
|
log: true
|
||||||
|
lint:
|
||||||
|
name: ansible-lint
|
||||||
|
inventory:
|
||||||
|
host_vars:
|
||||||
|
test-wg-ubuntu2004:
|
||||||
|
wireguard_address: "10.10.10.10/24"
|
||||||
|
wireguard_port: 51820
|
||||||
|
wireguard_persistent_keepalive: "30"
|
||||||
|
wireguard_endpoint: "192.168.10.10"
|
||||||
|
test-wg-ubuntu1804:
|
||||||
|
wireguard_address: "10.10.10.20/24"
|
||||||
|
wireguard_persistent_keepalive: "30"
|
||||||
|
wireguard_endpoint: ""
|
||||||
|
test-wg-debian11:
|
||||||
|
wireguard_address: "10.10.10.30/24"
|
||||||
|
wireguard_persistent_keepalive: "30"
|
||||||
|
wireguard_endpoint: ""
|
||||||
|
ansible_python_interpreter: "/usr/bin/python3"
|
||||||
|
test-wg-ubuntu2204:
|
||||||
|
wireguard_address: "10.10.10.40/24"
|
||||||
|
wireguard_persistent_keepalive: "30"
|
||||||
|
wireguard_endpoint: ""
|
||||||
|
|
||||||
|
scenario:
|
||||||
|
name: kvm-single-server
|
||||||
|
test_sequence:
|
||||||
|
- prepare
|
||||||
|
- converge
|
||||||
|
|
||||||
|
verifier:
|
||||||
|
name: ansible
|
@ -0,0 +1,13 @@
|
|||||||
|
---
|
||||||
|
# Copyright (C) 2022 Robert Wimmer
|
||||||
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||||
|
|
||||||
|
- hosts: ubuntu
|
||||||
|
remote_user: vagrant
|
||||||
|
become: true
|
||||||
|
gather_facts: true
|
||||||
|
tasks:
|
||||||
|
- name: Update APT package cache
|
||||||
|
ansible.builtin.apt:
|
||||||
|
update_cache: true
|
||||||
|
cache_valid_time: 3600
|
@ -0,0 +1,33 @@
|
|||||||
|
---
|
||||||
|
# Copyright (C) 2022 Robert Wimmer
|
||||||
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||||
|
|
||||||
|
- name: Verify setup
|
||||||
|
hosts: all
|
||||||
|
vars:
|
||||||
|
hosts_count: "{{ groups['vpn'] | length }}"
|
||||||
|
tasks:
|
||||||
|
- name: Count WireGuard interfaces
|
||||||
|
ansible.builtin.shell: |
|
||||||
|
set -o errexit
|
||||||
|
set -o pipefail
|
||||||
|
set -o nounset
|
||||||
|
wg | grep "peer: " | wc -l
|
||||||
|
exit 0
|
||||||
|
args:
|
||||||
|
executable: "/bin/bash"
|
||||||
|
register: wireguard__interfaces_count
|
||||||
|
changed_when: false
|
||||||
|
|
||||||
|
- name: Print WireGuard interface count
|
||||||
|
ansible.builtin.debug:
|
||||||
|
var: wireguard__interfaces_count.stdout
|
||||||
|
|
||||||
|
- name: Print hosts count in vpn group
|
||||||
|
ansible.builtin.debug:
|
||||||
|
var: hosts_count
|
||||||
|
|
||||||
|
- name: There should be as much WireGuard interfaces as hosts in vpn group minus one
|
||||||
|
ansible.builtin.assert:
|
||||||
|
that:
|
||||||
|
- "hosts_count|int -1 == wireguard__interfaces_count.stdout|int"
|
@ -0,0 +1,12 @@
|
|||||||
|
---
|
||||||
|
# Copyright (C) 2020-2022 Robert Wimmer
|
||||||
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||||
|
|
||||||
|
- hosts: all
|
||||||
|
remote_user: vagrant
|
||||||
|
become: true
|
||||||
|
gather_facts: true
|
||||||
|
tasks:
|
||||||
|
- name: Include WireGuard role
|
||||||
|
ansible.builtin.include_role:
|
||||||
|
name: githubixx.ansible_role_wireguard
|
@ -0,0 +1,297 @@
|
|||||||
|
---
|
||||||
|
# Copyright (C) 2020-2022 Robert Wimmer
|
||||||
|
# Copyright (C) 2020 Pierre Ozoux
|
||||||
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||||
|
|
||||||
|
dependency:
|
||||||
|
name: galaxy
|
||||||
|
|
||||||
|
driver:
|
||||||
|
name: vagrant
|
||||||
|
provider:
|
||||||
|
name: libvirt
|
||||||
|
type: libvirt
|
||||||
|
|
||||||
|
platforms:
|
||||||
|
- name: test-wg-ubuntu2004
|
||||||
|
box: generic/ubuntu2004
|
||||||
|
memory: 1024
|
||||||
|
cpus: 2
|
||||||
|
interfaces:
|
||||||
|
- auto_config: true
|
||||||
|
network_name: private_network
|
||||||
|
type: static
|
||||||
|
ip: 192.168.10.10
|
||||||
|
groups:
|
||||||
|
- vpn
|
||||||
|
- ubuntu
|
||||||
|
- name: test-wg-ubuntu1804
|
||||||
|
box: generic/ubuntu1804
|
||||||
|
memory: 1024
|
||||||
|
cpus: 2
|
||||||
|
interfaces:
|
||||||
|
- auto_config: true
|
||||||
|
network_name: private_network
|
||||||
|
type: static
|
||||||
|
ip: 192.168.10.20
|
||||||
|
groups:
|
||||||
|
- vpn
|
||||||
|
- ubuntu
|
||||||
|
- name: test-wg-fedora36
|
||||||
|
box: generic/fedora36
|
||||||
|
memory: 1024
|
||||||
|
cpus: 2
|
||||||
|
interfaces:
|
||||||
|
- auto_config: true
|
||||||
|
network_name: private_network
|
||||||
|
type: static
|
||||||
|
ip: 192.168.10.40
|
||||||
|
groups:
|
||||||
|
- vpn
|
||||||
|
- fedora
|
||||||
|
- name: test-wg-centos7
|
||||||
|
box: generic/centos7
|
||||||
|
memory: 1024
|
||||||
|
cpus: 2
|
||||||
|
interfaces:
|
||||||
|
- auto_config: true
|
||||||
|
network_name: private_network
|
||||||
|
type: static
|
||||||
|
ip: 192.168.10.50
|
||||||
|
groups:
|
||||||
|
- vpn
|
||||||
|
- el7
|
||||||
|
- name: test-wg-arch
|
||||||
|
box: archlinux/archlinux
|
||||||
|
memory: 1024
|
||||||
|
cpus: 2
|
||||||
|
interfaces:
|
||||||
|
- auto_config: true
|
||||||
|
network_name: private_network
|
||||||
|
type: static
|
||||||
|
ip: 192.168.10.60
|
||||||
|
groups:
|
||||||
|
- vpn
|
||||||
|
- archlinux
|
||||||
|
- name: test-wg-debian11
|
||||||
|
box: generic/debian11
|
||||||
|
memory: 1024
|
||||||
|
cpus: 2
|
||||||
|
interfaces:
|
||||||
|
- auto_config: true
|
||||||
|
network_name: private_network
|
||||||
|
type: static
|
||||||
|
ip: 192.168.10.70
|
||||||
|
groups:
|
||||||
|
- vpn
|
||||||
|
- debian
|
||||||
|
- name: test-wg-rocky8
|
||||||
|
box: generic/rocky8
|
||||||
|
memory: 1024
|
||||||
|
cpus: 2
|
||||||
|
interfaces:
|
||||||
|
- auto_config: true
|
||||||
|
network_name: private_network
|
||||||
|
type: static
|
||||||
|
ip: 192.168.10.80
|
||||||
|
groups:
|
||||||
|
- vpn
|
||||||
|
- el8
|
||||||
|
- name: test-wg-alma8
|
||||||
|
box: generic/alma8
|
||||||
|
memory: 1024
|
||||||
|
cpus: 2
|
||||||
|
interfaces:
|
||||||
|
- auto_config: true
|
||||||
|
network_name: private_network
|
||||||
|
type: static
|
||||||
|
ip: 192.168.10.90
|
||||||
|
groups:
|
||||||
|
- vpn
|
||||||
|
- el8
|
||||||
|
- name: test-wg-centos7-kernel-plus
|
||||||
|
box: generic/centos7
|
||||||
|
memory: 1024
|
||||||
|
cpus: 2
|
||||||
|
interfaces:
|
||||||
|
- auto_config: true
|
||||||
|
network_name: private_network
|
||||||
|
type: static
|
||||||
|
ip: 192.168.10.100
|
||||||
|
groups:
|
||||||
|
- vpn
|
||||||
|
- el7
|
||||||
|
- name: test-wg-rocky8-dkms
|
||||||
|
box: generic/rocky8
|
||||||
|
memory: 1024
|
||||||
|
cpus: 2
|
||||||
|
interfaces:
|
||||||
|
- auto_config: true
|
||||||
|
network_name: private_network
|
||||||
|
type: static
|
||||||
|
ip: 192.168.10.130
|
||||||
|
groups:
|
||||||
|
- vpn
|
||||||
|
- el8
|
||||||
|
- el8dkms
|
||||||
|
- name: test-wg-ubuntu2204
|
||||||
|
box: generic/ubuntu2004
|
||||||
|
memory: 1024
|
||||||
|
cpus: 2
|
||||||
|
interfaces:
|
||||||
|
- auto_config: true
|
||||||
|
network_name: private_network
|
||||||
|
type: static
|
||||||
|
ip: 192.168.10.140
|
||||||
|
groups:
|
||||||
|
- vpn
|
||||||
|
- ubuntu
|
||||||
|
- name: test-wg-opensuse-leap-15-4
|
||||||
|
box: opensuse/Leap-15.4.x86_64
|
||||||
|
memory: 1024
|
||||||
|
cpus: 2
|
||||||
|
interfaces:
|
||||||
|
- auto_config: true
|
||||||
|
network_name: private_network
|
||||||
|
type: static
|
||||||
|
ip: 192.168.10.150
|
||||||
|
groups:
|
||||||
|
- vpn
|
||||||
|
- opensuse
|
||||||
|
- name: test-wg-rocky9
|
||||||
|
box: generic/rocky9
|
||||||
|
memory: 1024
|
||||||
|
cpus: 2
|
||||||
|
interfaces:
|
||||||
|
- auto_config: true
|
||||||
|
network_name: private_network
|
||||||
|
type: static
|
||||||
|
ip: 192.168.10.160
|
||||||
|
groups:
|
||||||
|
- vpn
|
||||||
|
- el9
|
||||||
|
- name: test-wg-alma9
|
||||||
|
box: generic/alma9
|
||||||
|
memory: 1024
|
||||||
|
cpus: 2
|
||||||
|
interfaces:
|
||||||
|
- auto_config: true
|
||||||
|
network_name: private_network
|
||||||
|
type: static
|
||||||
|
ip: 192.168.10.170
|
||||||
|
groups:
|
||||||
|
- vpn
|
||||||
|
- el9
|
||||||
|
- name: test-wg-oracle9
|
||||||
|
box: generic/oracle9
|
||||||
|
memory: 1024
|
||||||
|
cpus: 2
|
||||||
|
interfaces:
|
||||||
|
- auto_config: true
|
||||||
|
network_name: private_network
|
||||||
|
type: static
|
||||||
|
ip: 192.168.10.180
|
||||||
|
groups:
|
||||||
|
- vpn
|
||||||
|
- el9
|
||||||
|
|
||||||
|
provisioner:
|
||||||
|
name: ansible
|
||||||
|
connection_options:
|
||||||
|
ansible_ssh_user: vagrant
|
||||||
|
ansible_become: true
|
||||||
|
log: true
|
||||||
|
lint:
|
||||||
|
name: ansible-lint
|
||||||
|
inventory:
|
||||||
|
host_vars:
|
||||||
|
test-wg-ubuntu2004:
|
||||||
|
wireguard_address: "10.10.10.10/24"
|
||||||
|
wireguard_port: 51820
|
||||||
|
wireguard_persistent_keepalive: "30"
|
||||||
|
wireguard_endpoint: "192.168.10.10"
|
||||||
|
test-wg-ubuntu1804:
|
||||||
|
wireguard_address: "10.10.10.20/24"
|
||||||
|
wireguard_port: 51820
|
||||||
|
wireguard_persistent_keepalive: "30"
|
||||||
|
wireguard_endpoint: "192.168.10.20"
|
||||||
|
test-wg-fedora36:
|
||||||
|
wireguard_address: "10.10.10.40/24"
|
||||||
|
wireguard_port: 51820
|
||||||
|
wireguard_persistent_keepalive: "30"
|
||||||
|
wireguard_endpoint: "192.168.10.40"
|
||||||
|
wireguard_interface_restart: true
|
||||||
|
test-wg-centos7:
|
||||||
|
wireguard_address: "10.10.10.50/24"
|
||||||
|
wireguard_port: 51820
|
||||||
|
wireguard_persistent_keepalive: "30"
|
||||||
|
wireguard_endpoint: "192.168.10.50"
|
||||||
|
wireguard_interface_restart: true
|
||||||
|
test-wg-arch:
|
||||||
|
wireguard_address: "10.10.10.60/24"
|
||||||
|
wireguard_port: 51820
|
||||||
|
wireguard_persistent_keepalive: "30"
|
||||||
|
wireguard_endpoint: "192.168.10.60"
|
||||||
|
ansible_python_interpreter: "/usr/bin/python"
|
||||||
|
test-wg-debian11:
|
||||||
|
wireguard_address: "10.10.10.70/24"
|
||||||
|
wireguard_port: 51820
|
||||||
|
wireguard_persistent_keepalive: "30"
|
||||||
|
wireguard_endpoint: "192.168.10.70"
|
||||||
|
ansible_python_interpreter: "/usr/bin/python3"
|
||||||
|
test-wg-rocky8:
|
||||||
|
wireguard_address: "10.10.10.80/24"
|
||||||
|
wireguard_port: 51820
|
||||||
|
wireguard_persistent_keepalive: "30"
|
||||||
|
wireguard_endpoint: "192.168.10.80"
|
||||||
|
test-wg-alma8:
|
||||||
|
wireguard_address: "10.10.10.90/24"
|
||||||
|
wireguard_port: 51820
|
||||||
|
wireguard_persistent_keepalive: "30"
|
||||||
|
wireguard_endpoint: "192.168.10.90"
|
||||||
|
test-wg-centos7-kernel-plus:
|
||||||
|
wireguard_address: "10.10.10.100/24"
|
||||||
|
wireguard_port: 51821
|
||||||
|
wireguard_persistent_keepalive: "30"
|
||||||
|
wireguard_endpoint: "192.168.10.100"
|
||||||
|
wireguard_centos7_installation_method: "kernel-plus"
|
||||||
|
test-wg-rocky8-dkms:
|
||||||
|
wireguard_address: "10.10.10.130/24"
|
||||||
|
wireguard_port: 51820
|
||||||
|
wireguard_persistent_keepalive: "30"
|
||||||
|
wireguard_endpoint: "192.168.10.130"
|
||||||
|
wireguard_rockylinux8_installation_method: "dkms"
|
||||||
|
test-wg-ubuntu2204:
|
||||||
|
wireguard_address: "10.10.10.140/24"
|
||||||
|
wireguard_port: 51820
|
||||||
|
wireguard_persistent_keepalive: "30"
|
||||||
|
wireguard_endpoint: "192.168.10.140"
|
||||||
|
test-wg-opensuse-leap-15-4:
|
||||||
|
wireguard_address: "10.10.10.150/24"
|
||||||
|
wireguard_port: 51820
|
||||||
|
wireguard_persistent_keepalive: "30"
|
||||||
|
wireguard_endpoint: "192.168.10.150"
|
||||||
|
test-wg-rocky9:
|
||||||
|
wireguard_address: "10.10.10.160/24"
|
||||||
|
wireguard_port: 51820
|
||||||
|
wireguard_persistent_keepalive: "30"
|
||||||
|
wireguard_endpoint: "192.168.10.160"
|
||||||
|
test-wg-alma9:
|
||||||
|
wireguard_address: "10.10.10.170/24"
|
||||||
|
wireguard_port: 51820
|
||||||
|
wireguard_persistent_keepalive: "30"
|
||||||
|
wireguard_endpoint: "192.168.10.170"
|
||||||
|
test-wg-oracle9:
|
||||||
|
wireguard_address: "10.10.10.180/24"
|
||||||
|
wireguard_port: 51820
|
||||||
|
wireguard_persistent_keepalive: "30"
|
||||||
|
wireguard_endpoint: "192.168.10.180"
|
||||||
|
|
||||||
|
scenario:
|
||||||
|
name: kvm
|
||||||
|
test_sequence:
|
||||||
|
- prepare
|
||||||
|
- converge
|
||||||
|
|
||||||
|
verifier:
|
||||||
|
name: ansible
|
@ -0,0 +1,70 @@
|
|||||||
|
---
|
||||||
|
# Copyright (C) 2021-2023 Robert Wimmer
|
||||||
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||||
|
|
||||||
|
- hosts: opensuse
|
||||||
|
remote_user: vagrant
|
||||||
|
become: true
|
||||||
|
gather_facts: true
|
||||||
|
tasks:
|
||||||
|
- name: Remove backports repositories
|
||||||
|
ansible.builtin.raw: |
|
||||||
|
zypper rr repo-backports-debug-update
|
||||||
|
zypper rr repo-backports-update
|
||||||
|
changed_when: false
|
||||||
|
failed_when: false
|
||||||
|
|
||||||
|
- hosts: archlinux
|
||||||
|
remote_user: vagrant
|
||||||
|
become: true
|
||||||
|
gather_facts: false
|
||||||
|
tasks:
|
||||||
|
- name: Init pacman
|
||||||
|
ansible.builtin.raw: |
|
||||||
|
pacman-key --init
|
||||||
|
pacman-key --populate archlinux
|
||||||
|
changed_when: false
|
||||||
|
failed_when: false
|
||||||
|
|
||||||
|
- name: Updating pacman cache
|
||||||
|
raw: pacman -Sy
|
||||||
|
|
||||||
|
- name: Install Python
|
||||||
|
ansible.builtin.raw: |
|
||||||
|
pacman -S --noconfirm python
|
||||||
|
args:
|
||||||
|
executable: /bin/bash
|
||||||
|
changed_when: false
|
||||||
|
|
||||||
|
- hosts: proxmox
|
||||||
|
remote_user: vagrant
|
||||||
|
become: true
|
||||||
|
gather_facts: true
|
||||||
|
tasks:
|
||||||
|
- name: (Proxmox) Delete /var/lib/apt/lists/lock
|
||||||
|
ansible.builtin.file:
|
||||||
|
name: /var/lib/apt/lists/lock
|
||||||
|
state: absent
|
||||||
|
|
||||||
|
- hosts: ubuntu
|
||||||
|
remote_user: vagrant
|
||||||
|
become: true
|
||||||
|
gather_facts: true
|
||||||
|
tasks:
|
||||||
|
- name: Update APT package cache
|
||||||
|
ansible.builtin.apt:
|
||||||
|
update_cache: true
|
||||||
|
cache_valid_time: 3600
|
||||||
|
|
||||||
|
- hosts: el8dkms
|
||||||
|
remote_user: vagrant
|
||||||
|
become: true
|
||||||
|
gather_facts: true
|
||||||
|
tasks:
|
||||||
|
- name: Install ELRepo mainline kernel
|
||||||
|
ansible.builtin.raw: |
|
||||||
|
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
|
||||||
|
dnf install -y https://www.elrepo.org/elrepo-release-8.el8.elrepo.noarch.rpm
|
||||||
|
dnf --enablerepo=elrepo-kernel install -y kernel-ml
|
||||||
|
changed_when: false
|
||||||
|
failed_when: false
|
@ -0,0 +1,33 @@
|
|||||||
|
---
|
||||||
|
# Copyright (C) 2022 Robert Wimmer
|
||||||
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||||
|
|
||||||
|
- name: Verify setup
|
||||||
|
hosts: all
|
||||||
|
vars:
|
||||||
|
hosts_count: "{{ groups['vpn'] | length }}"
|
||||||
|
tasks:
|
||||||
|
- name: Count WireGuard interfaces
|
||||||
|
ansible.builtin.shell: |
|
||||||
|
set -o errexit
|
||||||
|
set -o pipefail
|
||||||
|
set -o nounset
|
||||||
|
wg | grep "peer: " | wc -l
|
||||||
|
exit 0
|
||||||
|
args:
|
||||||
|
executable: "/bin/bash"
|
||||||
|
register: wireguard__interfaces_count
|
||||||
|
changed_when: false
|
||||||
|
|
||||||
|
- name: Print WireGuard interface count
|
||||||
|
ansible.builtin.debug:
|
||||||
|
var: wireguard__interfaces_count.stdout
|
||||||
|
|
||||||
|
- name: Print hosts count in vpn group
|
||||||
|
ansible.builtin.debug:
|
||||||
|
var: hosts_count
|
||||||
|
|
||||||
|
- name: There should be as much WireGuard interfaces as hosts in vpn group minus one
|
||||||
|
ansible.builtin.assert:
|
||||||
|
that:
|
||||||
|
- "hosts_count|int -1 == wireguard__interfaces_count.stdout|int"
|
@ -0,0 +1,23 @@
|
|||||||
|
---
|
||||||
|
# Copyright (C) 2021-2022 Robert Wimmer
|
||||||
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||||
|
|
||||||
|
- name: (AlmaLinux 8) Install EPEL & ELRepo repository
|
||||||
|
ansible.builtin.yum:
|
||||||
|
name:
|
||||||
|
- epel-release
|
||||||
|
- elrepo-release
|
||||||
|
update_cache: "{{ wireguard_update_cache }}"
|
||||||
|
|
||||||
|
- name: (AlmaLinux 8) Ensure WireGuard DKMS package is removed
|
||||||
|
ansible.builtin.yum:
|
||||||
|
name:
|
||||||
|
- "wireguard-dkms"
|
||||||
|
state: absent
|
||||||
|
|
||||||
|
- name: (AlmaLinux 8) Install WireGuard packages
|
||||||
|
ansible.builtin.yum:
|
||||||
|
name:
|
||||||
|
- "kmod-wireguard"
|
||||||
|
- "wireguard-tools"
|
||||||
|
state: present
|
@ -0,0 +1,9 @@
|
|||||||
|
---
|
||||||
|
# Copyright (C) 2022 Robert Wimmer
|
||||||
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||||
|
|
||||||
|
- name: (AlmaLinux) Install wireguard-tools package
|
||||||
|
ansible.builtin.yum:
|
||||||
|
name: wireguard-tools
|
||||||
|
state: present
|
||||||
|
update_cache: "{{ wireguard_update_cache }}"
|
@ -0,0 +1,77 @@
|
|||||||
|
---
|
||||||
|
# Copyright (C) 2020 Roman Danko
|
||||||
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||||
|
|
||||||
|
- name: (CentOS 7) Tasks for standard kernel
|
||||||
|
when:
|
||||||
|
- wireguard_centos7_installation_method == "standard"
|
||||||
|
block:
|
||||||
|
- name: (CentOS 7) Install EPEL & ELRepo repository
|
||||||
|
ansible.builtin.yum:
|
||||||
|
name:
|
||||||
|
- epel-release
|
||||||
|
- https://www.elrepo.org/elrepo-release-7.el7.elrepo.noarch.rpm
|
||||||
|
update_cache: "{{ wireguard_update_cache }}"
|
||||||
|
|
||||||
|
- name: (CentOS 7) Install yum-plugin-elrepo
|
||||||
|
ansible.builtin.yum:
|
||||||
|
name: yum-plugin-elrepo
|
||||||
|
update_cache: "{{ wireguard_update_cache }}"
|
||||||
|
|
||||||
|
- name: (CentOS 7) Install WireGuard packages
|
||||||
|
ansible.builtin.yum:
|
||||||
|
name:
|
||||||
|
- "kmod-wireguard"
|
||||||
|
- "wireguard-tools"
|
||||||
|
state: present
|
||||||
|
register: wireguard__centos7_yum_updates
|
||||||
|
|
||||||
|
- name: (CentOS 7) Reboot Instance to update kernel
|
||||||
|
when:
|
||||||
|
- wireguard_centos7_standard_reboot
|
||||||
|
- wireguard__centos7_yum_updates.changed
|
||||||
|
ansible.builtin.reboot:
|
||||||
|
reboot_timeout: "{{ wireguard_centos7_standard_reboot_timeout }}"
|
||||||
|
|
||||||
|
- name: (CentOS 7) Ensure WireGuard DKMS package is removed
|
||||||
|
ansible.builtin.yum:
|
||||||
|
name:
|
||||||
|
- "wireguard-dkms"
|
||||||
|
state: absent
|
||||||
|
|
||||||
|
- name: (CentOS 7 - kernel-plus) Tasks for kernel-plus
|
||||||
|
when:
|
||||||
|
- wireguard_centos7_installation_method == "kernel-plus"
|
||||||
|
block:
|
||||||
|
- name: (CentOS 7) Install EPEL repository & yum utils
|
||||||
|
ansible.builtin.yum:
|
||||||
|
name:
|
||||||
|
- epel-release
|
||||||
|
- yum-utils
|
||||||
|
update_cache: "{{ wireguard_update_cache }}"
|
||||||
|
|
||||||
|
- name: (CentOS 7 - kernel-plus) Enable CentosPlus repo
|
||||||
|
ansible.builtin.command: yum-config-manager --setopt=centosplus.includepkgs=kernel-plus --enablerepo=centosplus --save
|
||||||
|
changed_when: false
|
||||||
|
|
||||||
|
- name: (CentOS 7 - kernel-plus) Update to kernel-plus
|
||||||
|
ansible.builtin.replace:
|
||||||
|
path: /etc/sysconfig/kernel
|
||||||
|
regexp: '^DEFAULTKERNEL=kernel$'
|
||||||
|
replace: 'DEFAULTKERNEL=kernel-plus'
|
||||||
|
|
||||||
|
- name: (CentOS 7 - kernel-plus) Install WireGuard packages
|
||||||
|
ansible.builtin.yum:
|
||||||
|
name:
|
||||||
|
- "kernel-plus"
|
||||||
|
- "wireguard-tools"
|
||||||
|
state: present
|
||||||
|
register: wireguard__centos7_yum_updates
|
||||||
|
|
||||||
|
- name: (CentOS 7 - kernel-plus) Reboot Instance to update kernel
|
||||||
|
when:
|
||||||
|
- wireguard_centos7_kernel_plus_reboot
|
||||||
|
- wireguard__centos7_yum_updates.changes is defined
|
||||||
|
- wireguard__centos7_yum_updates.changes.installed|flatten|select('regex', '^kernel-plus$') is any
|
||||||
|
ansible.builtin.reboot:
|
||||||
|
reboot_timeout: "{{ wireguard_centos7_kernel_plus_reboot_timeout }}"
|
@ -1,19 +0,0 @@
|
|||||||
---
|
|
||||||
- name: (CentOS) Add WireGuard repository
|
|
||||||
get_url:
|
|
||||||
url: https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo
|
|
||||||
dest: /etc/yum.repos.d/wireguard.repo
|
|
||||||
|
|
||||||
- name: (CentOS) Install EPEL repository
|
|
||||||
yum:
|
|
||||||
name: epel-release
|
|
||||||
update_cache: yes
|
|
||||||
|
|
||||||
- name: (CentOS) Install wireguard packages
|
|
||||||
yum:
|
|
||||||
name:
|
|
||||||
- "wireguard-dkms"
|
|
||||||
- "wireguard-tools"
|
|
||||||
state: present
|
|
||||||
tags:
|
|
||||||
- wg-install
|
|
@ -0,0 +1,16 @@
|
|||||||
|
---
|
||||||
|
# Copyright (C) 2021 Tobias Richter
|
||||||
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||||
|
|
||||||
|
- name: (Proxmox) Add WireGuard repository
|
||||||
|
ansible.builtin.apt_repository:
|
||||||
|
repo: "deb http://deb.debian.org/debian buster-backports main"
|
||||||
|
state: "{{ 'present' if (ansible_distribution_version | int <= 10) else 'absent' }}"
|
||||||
|
update_cache: "{{ wireguard_update_cache }}"
|
||||||
|
|
||||||
|
- name: (Proxmox lxc) Install wireguard-tools.
|
||||||
|
ansible.builtin.apt:
|
||||||
|
install_recommends: false
|
||||||
|
name:
|
||||||
|
- wireguard-tools
|
||||||
|
state: present
|
@ -0,0 +1,23 @@
|
|||||||
|
---
|
||||||
|
# Copyright (C) 2018-2022 Robert Wimmer
|
||||||
|
# Copyright (C) 2019-2020 Ties de Kock
|
||||||
|
# Copyright (C) 2021 Steve Fan
|
||||||
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||||
|
|
||||||
|
- name: (Proxmox) Add WireGuard repository
|
||||||
|
ansible.builtin.apt_repository:
|
||||||
|
repo: "deb http://deb.debian.org/debian buster-backports main"
|
||||||
|
state: "{{ 'present' if (ansible_distribution_version | int <= 10) else 'absent' }}"
|
||||||
|
update_cache: "{{ wireguard_update_cache }}"
|
||||||
|
|
||||||
|
- name: (Proxmox) Install kernel headers for the currently running kernel to compile WireGuard with DKMS
|
||||||
|
ansible.builtin.apt:
|
||||||
|
name:
|
||||||
|
- "pve-headers-{{ ansible_kernel }}"
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: (Proxmox) Install WireGuard packages
|
||||||
|
ansible.builtin.apt:
|
||||||
|
name:
|
||||||
|
- "wireguard"
|
||||||
|
state: present
|
@ -0,0 +1,87 @@
|
|||||||
|
---
|
||||||
|
# Copyright (C) 2020 Stefan Haun
|
||||||
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||||
|
|
||||||
|
# Note: This setup is called for Raspbian 10 (Buster) and lower.
|
||||||
|
# Since Raspbian 11 (Bullseye) wireguard is supported out
|
||||||
|
# of the box.
|
||||||
|
# Any Raspbian-related changes for Bullseye and above need to
|
||||||
|
# go to a separate playbook.
|
||||||
|
|
||||||
|
- name: (Raspbian) Install GPG - required to add WireGuard key
|
||||||
|
ansible.builtin.apt:
|
||||||
|
name: gnupg
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: (Raspbian) Add Debian repository keys
|
||||||
|
ansible.builtin.apt_key:
|
||||||
|
keyserver: "keyserver.ubuntu.com"
|
||||||
|
id: "{{ item }}"
|
||||||
|
state: present
|
||||||
|
when: ansible_lsb.id == "Raspbian"
|
||||||
|
with_items:
|
||||||
|
- "04EE7237B7D453EC"
|
||||||
|
- "648ACFD622F3D138"
|
||||||
|
|
||||||
|
- name: (Raspbian) Add Debian Buster Backports repository for WireGuard
|
||||||
|
ansible.builtin.apt_repository:
|
||||||
|
repo: "deb http://deb.debian.org/debian buster-backports main"
|
||||||
|
state: present
|
||||||
|
update_cache: "{{ wireguard_update_cache }}"
|
||||||
|
|
||||||
|
- name: (Raspbian) Install latest kernel
|
||||||
|
ansible.builtin.apt:
|
||||||
|
name:
|
||||||
|
- "raspberrypi-kernel"
|
||||||
|
state: latest # noqa package-latest
|
||||||
|
register: wireguard__register_kernel_update
|
||||||
|
|
||||||
|
- name: (Raspbian) Reboot after kernel update (Ansible >= 2.8)
|
||||||
|
ansible.builtin.reboot:
|
||||||
|
search_paths: ['/lib/molly-guard', '/usr/sbin', '/sbin']
|
||||||
|
when:
|
||||||
|
- ansible_version.full is version('2.8.0', '>=')
|
||||||
|
- wireguard__register_kernel_update is changed
|
||||||
|
|
||||||
|
- name: (Raspbian) Check if molly-guard is installed (Ansible < 2.8)
|
||||||
|
ansible.builtin.stat:
|
||||||
|
path: /lib/molly-guard/
|
||||||
|
register: wireguard__register_molly_guard
|
||||||
|
|
||||||
|
- name: (Raspbian) Reboot after kernel update (Ansible < 2.8, no molly-guard)
|
||||||
|
ansible.builtin.reboot:
|
||||||
|
when:
|
||||||
|
- ansible_version.full is version('2.8.0', '<')
|
||||||
|
- wireguard__register_kernel_update is changed
|
||||||
|
- not wireguard__register_molly_guard.stat.exists
|
||||||
|
|
||||||
|
- name: (Raspbian) Reboot after kernel update (Ansible < 2.8, with molly-guard)
|
||||||
|
ansible.builtin.command: /lib/molly-guard/shutdown -r now
|
||||||
|
async: 1
|
||||||
|
poll: 0
|
||||||
|
ignore_unreachable: true
|
||||||
|
changed_when: false
|
||||||
|
when:
|
||||||
|
- ansible_version.full is version('2.8.0', '<')
|
||||||
|
- wireguard__register_kernel_update is changed
|
||||||
|
- wireguard__register_molly_guard.stat.exists
|
||||||
|
|
||||||
|
- name: (Raspbian) Waiting for host to be available (Ansible < 2.8, with molly-guard)
|
||||||
|
ansible.builtin.wait_for_connection:
|
||||||
|
when:
|
||||||
|
- ansible_version.full is version('2.8.0', '<')
|
||||||
|
- wireguard__register_kernel_update is changed
|
||||||
|
- wireguard__register_molly_guard.stat.exists
|
||||||
|
|
||||||
|
- name: (Raspbian) Install latest kernel headers to compile Wireguard with DKMS
|
||||||
|
ansible.builtin.apt:
|
||||||
|
name:
|
||||||
|
- "raspberrypi-kernel-headers"
|
||||||
|
state: latest # noqa package-latest
|
||||||
|
|
||||||
|
- name: (Raspbian) Install WireGuard packages
|
||||||
|
ansible.builtin.apt:
|
||||||
|
name:
|
||||||
|
- "wireguard-dkms"
|
||||||
|
- "wireguard-tools"
|
||||||
|
state: present
|
@ -1,93 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: (Raspbian) Install GPG - required to add wireguard key
|
|
||||||
apt:
|
|
||||||
name: gnupg
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: (Raspbian) Add Debian repository key
|
|
||||||
apt_key:
|
|
||||||
keyserver: "keyserver.ubuntu.com"
|
|
||||||
id: "04EE7237B7D453EC"
|
|
||||||
state: present
|
|
||||||
when: ansible_lsb.id == "Raspbian"
|
|
||||||
tags:
|
|
||||||
- wg-install
|
|
||||||
|
|
||||||
- name: (Raspbian) Add Debian Unstable repository for WireGuard
|
|
||||||
apt_repository:
|
|
||||||
repo: "deb http://deb.debian.org/debian unstable main"
|
|
||||||
state: present
|
|
||||||
update_cache: yes
|
|
||||||
tags:
|
|
||||||
- wg-install
|
|
||||||
|
|
||||||
- name: (Raspbian) Install latest kernel
|
|
||||||
apt:
|
|
||||||
name:
|
|
||||||
- "raspberrypi-kernel"
|
|
||||||
state: latest
|
|
||||||
register: kernel_update
|
|
||||||
tags:
|
|
||||||
- wg-install
|
|
||||||
|
|
||||||
- name: (Raspbian) Reboot after kernel update (Ansible >= 2.8)
|
|
||||||
reboot:
|
|
||||||
search_paths: ['/lib/molly-guard', '/usr/sbin']
|
|
||||||
when:
|
|
||||||
- ansible_version.full is version('2.8.0', '>=')
|
|
||||||
- kernel_update is changed
|
|
||||||
tags:
|
|
||||||
- wg-install
|
|
||||||
|
|
||||||
- name: (Raspbian) Check if molly-guard is installed (Ansible < 2.8)
|
|
||||||
stat:
|
|
||||||
path: /lib/molly-guard/
|
|
||||||
register: molly_guard
|
|
||||||
|
|
||||||
- name: (Raspbian) Reboot after kernel update (Ansible < 2.8, no molly-guard)
|
|
||||||
reboot:
|
|
||||||
when:
|
|
||||||
- ansible_version.full is version('2.8.0', '<')
|
|
||||||
- kernel_update is changed
|
|
||||||
- not molly_guard.stat.exists
|
|
||||||
tags:
|
|
||||||
- wg-install
|
|
||||||
|
|
||||||
- name: (Raspbian) Reboot after kernel update (Ansible < 2.8, with molly-guard)
|
|
||||||
command: /lib/molly-guard/shutdown -r now
|
|
||||||
async: 1
|
|
||||||
poll: 0
|
|
||||||
ignore_unreachable: yes
|
|
||||||
when:
|
|
||||||
- ansible_version.full is version('2.8.0', '<')
|
|
||||||
- kernel_update is changed
|
|
||||||
- molly_guard.stat.exists
|
|
||||||
tags:
|
|
||||||
- wg-install
|
|
||||||
|
|
||||||
- name: (Raspbian) Waiting for host to be available (Ansible < 2.8, with molly-guard)
|
|
||||||
wait_for_connection:
|
|
||||||
when:
|
|
||||||
- ansible_version.full is version('2.8.0', '<')
|
|
||||||
- kernel_update is changed
|
|
||||||
- molly_guard.stat.exists
|
|
||||||
tags:
|
|
||||||
- wg-install
|
|
||||||
|
|
||||||
- name: (Raspbian) Install latest kernel headers to compile Wireguard with DKMS
|
|
||||||
apt:
|
|
||||||
name:
|
|
||||||
- "raspberrypi-kernel-headers"
|
|
||||||
state: latest
|
|
||||||
tags:
|
|
||||||
- wg-install
|
|
||||||
|
|
||||||
- name: (Raspbian) Install wireguard packages
|
|
||||||
apt:
|
|
||||||
name:
|
|
||||||
- "wireguard-dkms"
|
|
||||||
- "wireguard-tools"
|
|
||||||
state: present
|
|
||||||
tags:
|
|
||||||
- wg-install
|
|
@ -1,37 +1,11 @@
|
|||||||
---
|
---
|
||||||
- name: (Debian) Install GPG - required to add wireguard key
|
# Copyright (C) 2018-2022 Robert Wimmer
|
||||||
apt:
|
# Copyright (C) 2019-2020 Ties de Kock
|
||||||
name: gnupg
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: (Debian) Add WireGuard repository on buster or earlier
|
|
||||||
apt_repository:
|
|
||||||
repo: "deb http://deb.debian.org/debian buster-backports main"
|
|
||||||
state: present
|
|
||||||
update_cache: yes
|
|
||||||
when: ansible_distribution_version | int <= 10
|
|
||||||
tags:
|
|
||||||
- wg-install
|
|
||||||
|
|
||||||
- name: (Debian) Get architecture
|
|
||||||
command: "dpkg --print-architecture"
|
|
||||||
register: dpkg_arch
|
|
||||||
changed_when: False
|
|
||||||
|
|
||||||
- set_fact:
|
|
||||||
kernel_header_version: "{{ ('-cloud-' in ansible_kernel) | ternary(ansible_kernel,dpkg_arch.stdout) }}"
|
|
||||||
|
|
||||||
- name: (Debian) Install kernel headers to compile Wireguard with DKMS
|
|
||||||
apt:
|
|
||||||
name:
|
|
||||||
- "linux-headers-{{ kernel_header_version }}"
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: (Debian) Install wireguard packages
|
- name: (Debian) Install WireGuard packages
|
||||||
apt:
|
ansible.builtin.apt:
|
||||||
name:
|
name:
|
||||||
- "wireguard-dkms"
|
- "wireguard"
|
||||||
- "wireguard-tools"
|
|
||||||
state: present
|
state: present
|
||||||
tags:
|
update_cache: "{{ wireguard_update_cache }}"
|
||||||
- wg-install
|
|
||||||
|
@ -1,8 +1,51 @@
|
|||||||
---
|
---
|
||||||
|
# Copyright (C) 2020 Stefan Haun
|
||||||
|
# Copyright (C) 2021 Steve Fan
|
||||||
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||||
|
|
||||||
- include_tasks: "setup-debian-raspbian.yml"
|
- name: Setup for Raspbian
|
||||||
when: ansible_lsb.id == "Raspbian"
|
ansible.builtin.include_tasks:
|
||||||
register: raspbian_setup
|
file: "setup-debian-raspbian-buster.yml"
|
||||||
|
apply:
|
||||||
|
tags:
|
||||||
|
- wg-install
|
||||||
|
when:
|
||||||
|
- ansible_lsb.id is defined
|
||||||
|
- ansible_lsb.id == "Raspbian"
|
||||||
|
- ansible_lsb.major_release is version('11', '<')
|
||||||
|
register: wireguard__register_raspbian_setup
|
||||||
|
|
||||||
- include_tasks: "setup-debian-vanilla.yml"
|
- name: Setup for Proxmox VE variants
|
||||||
when: raspbian_setup is skipped
|
when:
|
||||||
|
- ansible_kernel.find("pve") != -1
|
||||||
|
block:
|
||||||
|
- name: Setup Proxmox VE host
|
||||||
|
ansible.builtin.include_tasks:
|
||||||
|
file: "setup-debian-pve-host-variant.yml"
|
||||||
|
apply:
|
||||||
|
tags:
|
||||||
|
- wg-install
|
||||||
|
when:
|
||||||
|
- ansible_virtualization_role == "host"
|
||||||
|
register: wireguard__register_pve_host_variant_setup
|
||||||
|
|
||||||
|
- name: Setup Proxmox VE guest
|
||||||
|
ansible.builtin.include_tasks:
|
||||||
|
file: "setup-debian-pve-guest-variant.yml"
|
||||||
|
apply:
|
||||||
|
tags:
|
||||||
|
- wg-install
|
||||||
|
when:
|
||||||
|
- ansible_virtualization_role == "guest"
|
||||||
|
register: wireguard__register_pve_guest_variant_setup
|
||||||
|
|
||||||
|
- name: Setup for Debian
|
||||||
|
ansible.builtin.include_tasks:
|
||||||
|
file: "setup-debian-vanilla.yml"
|
||||||
|
apply:
|
||||||
|
tags:
|
||||||
|
- wg-install
|
||||||
|
when:
|
||||||
|
- wireguard__register_raspbian_setup is skipped
|
||||||
|
- wireguard__register_pve_guest_variant_setup is skipped
|
||||||
|
- wireguard__register_pve_host_variant_setup is skipped
|
||||||
|
@ -0,0 +1,13 @@
|
|||||||
|
---
|
||||||
|
# Copyright (C) 2022 Robert Wimmer
|
||||||
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||||
|
|
||||||
|
- name: (elementary OS) Update APT package cache
|
||||||
|
ansible.builtin.apt:
|
||||||
|
update_cache: "{{ wireguard_ubuntu_update_cache }}"
|
||||||
|
cache_valid_time: "{{ wireguard_ubuntu_cache_valid_time }}"
|
||||||
|
|
||||||
|
- name: (elementary OS) Install wireguard package
|
||||||
|
ansible.builtin.apt:
|
||||||
|
name: "wireguard"
|
||||||
|
state: present
|
@ -1,17 +1,11 @@
|
|||||||
---
|
---
|
||||||
- name: (Fedora) Add wireguard COPR
|
# Copyright (C) 2020 Ties de Kock
|
||||||
yum_repository:
|
# Copyright (C) 2023 Robert Wimmer
|
||||||
name: "jdoss-wireguard"
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||||
description: "Copr repo for wireguard owned by jdoss"
|
|
||||||
baseurl: "https://copr-be.cloud.fedoraproject.org/results/jdoss/wireguard/fedora-$releasever-$basearch/"
|
|
||||||
gpgkey: "https://copr-be.cloud.fedoraproject.org/results/jdoss/wireguard/pubkey.gpg"
|
|
||||||
gpgcheck: yes
|
|
||||||
|
|
||||||
- name: (Fedora) Install wireguard packages
|
- name: (Fedora) Install WireGuard packages
|
||||||
yum:
|
ansible.builtin.yum:
|
||||||
name:
|
name:
|
||||||
- "wireguard-dkms"
|
|
||||||
- "wireguard-tools"
|
- "wireguard-tools"
|
||||||
state: present
|
state: present
|
||||||
tags:
|
update_cache: "{{ wireguard_update_cache }}"
|
||||||
- wg-install
|
|
||||||
|
@ -0,0 +1,14 @@
|
|||||||
|
---
|
||||||
|
# Copyright (C) 2020 Ruben Di Battista
|
||||||
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||||
|
|
||||||
|
- name: (MacOS) Install wireguard package
|
||||||
|
ansible.builtin.package:
|
||||||
|
name: wireguard-go
|
||||||
|
state: present
|
||||||
|
become: true
|
||||||
|
|
||||||
|
- name: (MacOS) Install wireguard-tools package
|
||||||
|
ansible.builtin.package:
|
||||||
|
name: wireguard-tools
|
||||||
|
state: present
|
@ -0,0 +1,10 @@
|
|||||||
|
---
|
||||||
|
# Copyright (C) 2020-2022 Robert Wimmer
|
||||||
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||||
|
|
||||||
|
- name: (openSUSE Leap) Install WireGuard packages
|
||||||
|
community.general.zypper:
|
||||||
|
name:
|
||||||
|
- "wireguard-tools"
|
||||||
|
state: present
|
||||||
|
update_cache: "{{ wireguard_update_cache }}"
|
@ -0,0 +1,8 @@
|
|||||||
|
---
|
||||||
|
# Copyright (C) 2022 Masahiro Koga
|
||||||
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||||
|
|
||||||
|
- name: (OracleLinux) Install wireguard-tools package
|
||||||
|
ansible.builtin.yum:
|
||||||
|
name: wireguard-tools
|
||||||
|
state: present
|
@ -0,0 +1,56 @@
|
|||||||
|
---
|
||||||
|
# Copyright (C) 2021-2022 Robert Wimmer
|
||||||
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||||
|
|
||||||
|
- name: (Rocky Linux 8) Tasks for standard kernel
|
||||||
|
when:
|
||||||
|
- wireguard_rockylinux8_installation_method == "standard"
|
||||||
|
block:
|
||||||
|
- name: (Rocky Linux 8) Install EPEL & ELRepo repository
|
||||||
|
ansible.builtin.yum:
|
||||||
|
name:
|
||||||
|
- epel-release
|
||||||
|
- elrepo-release
|
||||||
|
update_cache: "{{ wireguard_update_cache }}"
|
||||||
|
|
||||||
|
- name: (Rocky Linux 8) Ensure WireGuard DKMS package is removed
|
||||||
|
ansible.builtin.yum:
|
||||||
|
name:
|
||||||
|
- "wireguard-dkms"
|
||||||
|
state: absent
|
||||||
|
|
||||||
|
- name: (Rocky Linux 8) Install WireGuard packages
|
||||||
|
ansible.builtin.yum:
|
||||||
|
name:
|
||||||
|
- "kmod-wireguard"
|
||||||
|
- "wireguard-tools"
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: (Rocky Linux 8) Tasks for non-standard kernel
|
||||||
|
when:
|
||||||
|
- wireguard_rockylinux8_installation_method == "dkms"
|
||||||
|
block:
|
||||||
|
- name: (Rocky Linux 8) Install jdoss/wireguard COPR repository
|
||||||
|
community.general.copr:
|
||||||
|
state: enabled
|
||||||
|
name: jdoss/wireguard
|
||||||
|
chroot: epel-8-{{ ansible_architecture }}
|
||||||
|
|
||||||
|
- name: (Rocky Linux 8) Install EPEL repository
|
||||||
|
ansible.builtin.yum:
|
||||||
|
name:
|
||||||
|
- epel-release
|
||||||
|
update_cache: "{{ wireguard_update_cache }}"
|
||||||
|
|
||||||
|
- name: (Rocky Linux 8) Ensure WireGuard KMOD package is removed
|
||||||
|
ansible.builtin.yum:
|
||||||
|
name:
|
||||||
|
- "kmod-wireguard"
|
||||||
|
state: absent
|
||||||
|
|
||||||
|
- name: (Rocky Linux 8) Install WireGuard packages
|
||||||
|
ansible.builtin.yum:
|
||||||
|
name:
|
||||||
|
- "wireguard-dkms"
|
||||||
|
- "wireguard-tools"
|
||||||
|
state: present
|
@ -0,0 +1,9 @@
|
|||||||
|
---
|
||||||
|
# Copyright (C) 2022 Robert Wimmer
|
||||||
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||||
|
|
||||||
|
- name: (Rocky Linux) Install wireguard-tools package
|
||||||
|
ansible.builtin.yum:
|
||||||
|
name: wireguard-tools
|
||||||
|
state: present
|
||||||
|
update_cache: "{{ wireguard_update_cache }}"
|
@ -0,0 +1,123 @@
|
|||||||
|
#jinja2: lstrip_blocks:"True",trim_blocks:"True"
|
||||||
|
{# Copyright (C) 2018-2022 Robert Wimmer
|
||||||
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||||
|
#}
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
|
[Interface]
|
||||||
|
# {{ inventory_hostname }}
|
||||||
|
{% if wireguard_address is defined %}
|
||||||
|
Address = {{ wireguard_address }}
|
||||||
|
{% endif %}
|
||||||
|
{% if wireguard_addresses is defined %}
|
||||||
|
{% for wg_addr in wireguard_addresses %}
|
||||||
|
Address = {{ wg_addr }}
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
PrivateKey = {{ wireguard_private_key }}
|
||||||
|
ListenPort = {{ wireguard_port }}
|
||||||
|
{% if wireguard_dns is defined %}
|
||||||
|
DNS = {{ wireguard_dns }}
|
||||||
|
{% endif %}
|
||||||
|
{% if wireguard_fwmark is defined %}
|
||||||
|
FwMark = {{ wireguard_fwmark }}
|
||||||
|
{% endif %}
|
||||||
|
{% if wireguard_mtu is defined %}
|
||||||
|
MTU = {{ wireguard_mtu }}
|
||||||
|
{% endif %}
|
||||||
|
{% if wireguard_table is defined %}
|
||||||
|
Table = {{ wireguard_table }}
|
||||||
|
{% endif %}
|
||||||
|
{% if wireguard_preup is defined %}
|
||||||
|
{% for wg_preup in wireguard_preup %}
|
||||||
|
PreUp = {{ wg_preup }}
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
{% if wireguard_postup is defined %}
|
||||||
|
{% for wg_postup in wireguard_postup %}
|
||||||
|
PostUp = {{ wg_postup }}
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
{% if wireguard_predown is defined %}
|
||||||
|
{% for wg_predown in wireguard_predown %}
|
||||||
|
PreDown = {{ wg_predown }}
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
{% if wireguard_postdown is defined %}
|
||||||
|
{% for wg_postdown in wireguard_postdown %}
|
||||||
|
PostDown = {{ wg_postdown }}
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
{% if wireguard_save_config is defined %}
|
||||||
|
SaveConfig = {{ wireguard_save_config }}
|
||||||
|
{% endif %}
|
||||||
|
{% for host in ansible_play_hosts %}
|
||||||
|
{% if host != inventory_hostname %}
|
||||||
|
|
||||||
|
[Peer]
|
||||||
|
# {{ host }}
|
||||||
|
PublicKey = {{hostvars[host].wireguard__fact_public_key}}
|
||||||
|
{% if hostvars[host].wireguard_allowed_ips is defined %}
|
||||||
|
AllowedIPs = {{hostvars[host].wireguard_allowed_ips}}
|
||||||
|
{% else %}
|
||||||
|
{% if wireguard_address is defined %}
|
||||||
|
AllowedIPs = {{ hostvars[host].wireguard_address.split('/')[0] }}/32
|
||||||
|
{% endif %}
|
||||||
|
{% if wireguard_addresses is defined %}
|
||||||
|
{% for wg_addr in hostvars[host].wireguard_addresses %}
|
||||||
|
{% if (wg_addr | ansible.utils.ipv4) %}
|
||||||
|
AllowedIPs = {{ wg_addr.split('/')[0] }}/32
|
||||||
|
{% elif (wg_addr | ansible.utils.ipv6) %}
|
||||||
|
AllowedIPs = {{ wg_addr.split('/')[0] }}/128
|
||||||
|
{% endif %}
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
{% endif %}
|
||||||
|
{% if hostvars[host].wireguard_persistent_keepalive is defined %}
|
||||||
|
PersistentKeepalive = {{hostvars[host].wireguard_persistent_keepalive}}
|
||||||
|
{% endif %}
|
||||||
|
{% if (
|
||||||
|
hostvars[host].wireguard_dc is defined and
|
||||||
|
wireguard_dc is defined and
|
||||||
|
wireguard_dc['name'] != hostvars[host].wireguard_dc['name']
|
||||||
|
)
|
||||||
|
%}
|
||||||
|
Endpoint = {{hostvars[host].wireguard_dc['endpoint']}}:{{hostvars[host].wireguard_dc['port']}}
|
||||||
|
{% elif hostvars[host].wireguard_port is defined %}
|
||||||
|
{% if hostvars[host].wireguard_endpoint is defined and hostvars[host].wireguard_endpoint != "" %}
|
||||||
|
Endpoint = {{hostvars[host].wireguard_endpoint}}:{{hostvars[host].wireguard_port}}
|
||||||
|
{% else %}
|
||||||
|
Endpoint = {{host}}:{{hostvars[host].wireguard_port}}
|
||||||
|
{% endif %}
|
||||||
|
{% elif hostvars[host].wireguard_endpoint is defined %}
|
||||||
|
{% if hostvars[host].wireguard_endpoint != "" %}
|
||||||
|
Endpoint = {{hostvars[host].wireguard_endpoint}}:{{wireguard_port}}
|
||||||
|
{% else %}
|
||||||
|
# No endpoint defined for this peer
|
||||||
|
{% endif %}
|
||||||
|
{% else %}
|
||||||
|
Endpoint = {{host}}:{{wireguard_port}}
|
||||||
|
{% endif %}
|
||||||
|
{% endif %}
|
||||||
|
{% endfor %}
|
||||||
|
{% if wireguard_unmanaged_peers is defined %}
|
||||||
|
|
||||||
|
# Peers not managed by Ansible from "wireguard_unmanaged_peers" variable
|
||||||
|
{% for peer in wireguard_unmanaged_peers.keys() %}
|
||||||
|
[Peer]
|
||||||
|
# {{ peer }}
|
||||||
|
PublicKey = {{ wireguard_unmanaged_peers[peer].public_key }}
|
||||||
|
{% if wireguard_unmanaged_peers[peer].preshared_key is defined %}
|
||||||
|
PresharedKey = {{ wireguard_unmanaged_peers[peer].preshared_key }}
|
||||||
|
{% endif %}
|
||||||
|
{% if wireguard_unmanaged_peers[peer].allowed_ips is defined %}
|
||||||
|
AllowedIPs = {{ wireguard_unmanaged_peers[peer].allowed_ips }}
|
||||||
|
{% endif %}
|
||||||
|
{% if wireguard_unmanaged_peers[peer].endpoint is defined %}
|
||||||
|
Endpoint = {{ wireguard_unmanaged_peers[peer].endpoint }}
|
||||||
|
{% endif %}
|
||||||
|
{% if wireguard_unmanaged_peers[peer].persistent_keepalive is defined %}
|
||||||
|
PersistentKeepalive = {{ wireguard_unmanaged_peers[peer].persistent_keepalive }}
|
||||||
|
{% endif %}
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
@ -1,70 +0,0 @@
|
|||||||
#jinja2: lstrip_blocks:"True",trim_blocks:"True"
|
|
||||||
[Interface]
|
|
||||||
# {{ inventory_hostname }}
|
|
||||||
Address = {{hostvars[inventory_hostname].wireguard_address}}
|
|
||||||
PrivateKey = {{private_key}}
|
|
||||||
ListenPort = {{wireguard_port}}
|
|
||||||
{% if hostvars[inventory_hostname].wireguard_dns is defined %}
|
|
||||||
DNS = {{hostvars[inventory_hostname].wireguard_dns}}
|
|
||||||
{% endif %}
|
|
||||||
{% if hostvars[inventory_hostname].wireguard_fwmark is defined %}
|
|
||||||
FwMark = {{hostvars[inventory_hostname].wireguard_fwmark}}
|
|
||||||
{% endif %}
|
|
||||||
{% if hostvars[inventory_hostname].wireguard_mtu is defined %}
|
|
||||||
MTU = {{hostvars[inventory_hostname].wireguard_mtu}}
|
|
||||||
{% endif %}
|
|
||||||
{% if hostvars[inventory_hostname].wireguard_table is defined %}
|
|
||||||
Table = {{hostvars[inventory_hostname].wireguard_table}}
|
|
||||||
{% endif %}
|
|
||||||
{% if hostvars[inventory_hostname].wireguard_preup is defined %}
|
|
||||||
{% for wg_preup in hostvars[inventory_hostname].wireguard_preup %}
|
|
||||||
PreUp = {{ wg_preup }}
|
|
||||||
{% endfor %}
|
|
||||||
{% endif %}
|
|
||||||
{% if hostvars[inventory_hostname].wireguard_predown is defined %}
|
|
||||||
{% for wg_predown in hostvars[inventory_hostname].wireguard_predown %}
|
|
||||||
PreDown = {{ wg_predown }}
|
|
||||||
{% endfor %}
|
|
||||||
{% endif %}
|
|
||||||
{% if hostvars[inventory_hostname].wireguard_postup is defined %}
|
|
||||||
{% for wg_postup in hostvars[inventory_hostname].wireguard_postup %}
|
|
||||||
PostUp = {{ wg_postup }}
|
|
||||||
{% endfor %}
|
|
||||||
{% endif %}
|
|
||||||
{% if hostvars[inventory_hostname].wireguard_postdown is defined %}
|
|
||||||
{% for wg_postdown in hostvars[inventory_hostname].wireguard_postdown %}
|
|
||||||
PostDown = {{ wg_postdown }}
|
|
||||||
{% endfor %}
|
|
||||||
{% endif %}
|
|
||||||
{% if hostvars[inventory_hostname].wireguard_save_config is defined %}
|
|
||||||
SaveConfig = true
|
|
||||||
{% endif %}
|
|
||||||
{% for host in ansible_play_hosts %}
|
|
||||||
{% if host != inventory_hostname %}
|
|
||||||
|
|
||||||
[Peer]
|
|
||||||
# {{ host }}
|
|
||||||
PublicKey = {{hostvars[host].public_key}}
|
|
||||||
{% if hostvars[host].wireguard_allowed_ips is defined %}
|
|
||||||
AllowedIPs = {{hostvars[host].wireguard_allowed_ips}}
|
|
||||||
{% else %}
|
|
||||||
AllowedIPs = {{hostvars[host].wireguard_ip}}/32
|
|
||||||
{% endif %}
|
|
||||||
{% if hostvars[host].wireguard_persistent_keepalive is defined %}
|
|
||||||
PersistentKeepalive = {{hostvars[host].wireguard_persistent_keepalive}}
|
|
||||||
{% endif %}
|
|
||||||
{% if hostvars[host].wireguard_port is defined and hostvars[host].wireguard_port is number %}
|
|
||||||
{% if hostvars[host].wireguard_endpoint is defined and hostvars[host].wireguard_endpoint != "" %}
|
|
||||||
Endpoint = {{hostvars[host].wireguard_endpoint}}:{{hostvars[host].wireguard_port}}
|
|
||||||
{% else %}
|
|
||||||
Endpoint = {{host}}:{{hostvars[host].wireguard_port}}
|
|
||||||
{% endif %}
|
|
||||||
{% elif hostvars[host].wireguard_endpoint is defined and hostvars[host].wireguard_endpoint != "" %}
|
|
||||||
Endpoint = {{hostvars[host].wireguard_endpoint}}:{{wireguard_port}}
|
|
||||||
{% elif hostvars[host].wireguard_endpoint == "" %}
|
|
||||||
# No endpoint defined for this peer
|
|
||||||
{% else %}
|
|
||||||
Endpoint = {{host}}:{{wireguard_port}}
|
|
||||||
{% endif %}
|
|
||||||
{% endif %}
|
|
||||||
{% endfor %}
|
|
@ -1,4 +0,0 @@
|
|||||||
wireguard_address: "10.8.0.11"
|
|
||||||
wireguard_port: "51820"
|
|
||||||
wireguard_dns: "1.1.1.1"
|
|
||||||
wireguard_mtu: "1492"
|
|
@ -1,4 +0,0 @@
|
|||||||
wireguard_address: "10.8.0.10"
|
|
||||||
wireguard_port: "51820"
|
|
||||||
wireguard_dns: "1.1.1.1"
|
|
||||||
wireguard_mtu: "1492"
|
|
Loading…
Reference in New Issue