add wireguard role
This commit is contained in:
parent
2b6b7aca79
commit
0760ae4c2c
13
roles/wireguard/defaults/main.yaml
Normal file
13
roles/wireguard/defaults/main.yaml
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
---
|
||||||
|
wireguard_package_name: wireguard
|
||||||
|
wireguard_package_state: present
|
||||||
|
|
||||||
|
wireguard_service_name: "wg-quick"
|
||||||
|
wireguard_service_state: started
|
||||||
|
wireguard_service_enabled: true
|
||||||
|
|
||||||
|
wireguard_etc_path: /etc/wireguard
|
||||||
|
wireguard_port: 51820
|
||||||
|
wireguard_interface: wg0
|
||||||
|
|
||||||
|
wireguard_peers: {}
|
6
roles/wireguard/handlers/main.yaml
Normal file
6
roles/wireguard/handlers/main.yaml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
- name: restart wg-quick
|
||||||
|
systemd:
|
||||||
|
name: "wg-quick@{{ item }}"
|
||||||
|
state: restarted
|
||||||
|
loop: "{{ wireguard_interfaces.keys() | list }}"
|
15
roles/wireguard/tasks/configure-interface.yaml
Normal file
15
roles/wireguard/tasks/configure-interface.yaml
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
---
|
||||||
|
- name: configure interface
|
||||||
|
template:
|
||||||
|
src: wg-multi.conf.j2
|
||||||
|
dest: "{{ wireguard_etc_path }}/{{ _wireguard_interface }}.conf"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0400
|
||||||
|
notify: restart wg-quick
|
||||||
|
|
||||||
|
- name: manage service
|
||||||
|
service:
|
||||||
|
name: "{{ wireguard_service_name }}@{{ _wireguard_interface }}"
|
||||||
|
state: "{{ wireguard_service_state }}"
|
||||||
|
enabled: "{{ wireguard_service_enabled }}"
|
1
roles/wireguard/tasks/configure.yaml
Normal file
1
roles/wireguard/tasks/configure.yaml
Normal file
@ -0,0 +1 @@
|
|||||||
|
---
|
0
roles/wireguard/tasks/default.yaml
Normal file
0
roles/wireguard/tasks/default.yaml
Normal file
5
roles/wireguard/tasks/install.yaml
Normal file
5
roles/wireguard/tasks/install.yaml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
- name: install package
|
||||||
|
package:
|
||||||
|
name: "{{ wireguard_package_name }}"
|
||||||
|
state: "{{ wireguard_package_state }}"
|
36
roles/wireguard/tasks/main.yaml
Normal file
36
roles/wireguard/tasks/main.yaml
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
---
|
||||||
|
- name: gather os specific variables
|
||||||
|
include_vars: "{{ lookup('first_found', possible_files) }}"
|
||||||
|
vars:
|
||||||
|
possible_files:
|
||||||
|
files:
|
||||||
|
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
|
||||||
|
- "{{ ansible_distribution }}.yaml"
|
||||||
|
- "{{ ansible_os_family }}.yaml"
|
||||||
|
- "default.yaml"
|
||||||
|
paths:
|
||||||
|
- vars
|
||||||
|
|
||||||
|
- name: include os specific tasks
|
||||||
|
include_tasks: "{{ lookup('first_found', possible_files) }}"
|
||||||
|
vars:
|
||||||
|
possible_files:
|
||||||
|
files:
|
||||||
|
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
|
||||||
|
- "{{ ansible_distribution }}.yaml"
|
||||||
|
- "{{ ansible_os_family }}.yaml"
|
||||||
|
- "default.yaml"
|
||||||
|
paths:
|
||||||
|
- tasks
|
||||||
|
|
||||||
|
- include: install.yaml
|
||||||
|
|
||||||
|
#- include: configure.yaml
|
||||||
|
|
||||||
|
- include: configure-interface.yaml
|
||||||
|
loop: "{{ wireguard_interfaces.keys() | list }}"
|
||||||
|
loop_control:
|
||||||
|
loop_var: _wireguard_interface
|
||||||
|
when:
|
||||||
|
- wireguard_interfaces is mapping
|
||||||
|
- wireguard_interfaces.keys() | length
|
49
roles/wireguard/templates/wg-multi.conf.j2
Normal file
49
roles/wireguard/templates/wg-multi.conf.j2
Normal file
@ -0,0 +1,49 @@
|
|||||||
|
{%- macro render_interface(i) %}
|
||||||
|
[Interface]
|
||||||
|
{% if "private_key" in i %}
|
||||||
|
PrivateKey = {{ i.private_key }}
|
||||||
|
{% endif %}
|
||||||
|
{% if "address" in i %}
|
||||||
|
{% if i.address is string %}
|
||||||
|
Address = {{ i.address }}
|
||||||
|
{% elif i.address is sequence %}
|
||||||
|
{% for address in i.address %}
|
||||||
|
Address = {{ address }}
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
{% endif %}
|
||||||
|
{% if "listen_port" in i %}
|
||||||
|
ListenPort = {{ i.listen_port }}
|
||||||
|
{% endif %}
|
||||||
|
{% endmacro -%}
|
||||||
|
|
||||||
|
{%- macro render_peer(p) %}
|
||||||
|
{% if "comment" in p %}
|
||||||
|
# {{ p.comment }}
|
||||||
|
{% endif %}
|
||||||
|
[Peer]
|
||||||
|
{% if "public_key" in p %}
|
||||||
|
PublicKey = {{ p.public_key }}
|
||||||
|
{% endif %}
|
||||||
|
{% if "endpoint" in p %}
|
||||||
|
Endpoint = {{ p.endpoint }}
|
||||||
|
{% endif %}
|
||||||
|
{% if "allowed_ips" in p %}
|
||||||
|
{% if p.allowed_ips is string %}
|
||||||
|
AllowedIPs = {{ p.allowed_ips }}
|
||||||
|
{% elif p.allowed_ips is sequence %}
|
||||||
|
AllowedIPs = {{ p.allowed_ips | join(', ') }}
|
||||||
|
{% endif %}
|
||||||
|
{% endif %}
|
||||||
|
{% endmacro -%}
|
||||||
|
|
||||||
|
{% if wireguard_interfaces[_wireguard_interface] and
|
||||||
|
wireguard_interfaces[_wireguard_interface] is mapping %}
|
||||||
|
{{ render_interface(wireguard_interfaces[_wireguard_interface]) }}
|
||||||
|
{% endif %}
|
||||||
|
{% if wireguard_peers[_wireguard_interface] and
|
||||||
|
wireguard_peers[_wireguard_interface] is sequence %}
|
||||||
|
{% for peer in wireguard_peers[_wireguard_interface] %}
|
||||||
|
{{ render_peer(peer) }}
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
33
roles/wireguard/templates/wg.conf.j2
Normal file
33
roles/wireguard/templates/wg.conf.j2
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
[Interface]
|
||||||
|
PrivateKey = {{ wireguard_private_key }}
|
||||||
|
{% if wireguard_address %}
|
||||||
|
{% if wireguard_address is string %}
|
||||||
|
Address = {{ wireguard_address }}
|
||||||
|
{% elif wireguard_address is sequence %}
|
||||||
|
{% for address in wireguard_address %}
|
||||||
|
Address = {{ address }}
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
{% endif %}
|
||||||
|
{% if wireguard_port %}
|
||||||
|
ListenPort = {{ wireguard_port }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{% if wireguard_peers is not string and wireguard_peers is sequence %}
|
||||||
|
{% for peer in wireguard_peers %}
|
||||||
|
[Peer]
|
||||||
|
{% if "public_key" in peer %}
|
||||||
|
PublicKey = {{ peer.public_key }}
|
||||||
|
{% endif %}
|
||||||
|
{% if "endpoint" in peer %}
|
||||||
|
Endpoint = {{ peer.endpoint }}
|
||||||
|
{% endif %}
|
||||||
|
{% if "allowed_ips" in peer %}
|
||||||
|
{% if peer.allowed_ips is string %}
|
||||||
|
AllowedIPs = {{ peer.allowed_ips }}
|
||||||
|
{% elif peer.allowed_ips is sequence %}
|
||||||
|
AllowedIPs = {{ peer.allowed_ips.join(', ') }}
|
||||||
|
{% endif %}
|
||||||
|
{% endif %}
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
0
roles/wireguard/vars/default.yaml
Normal file
0
roles/wireguard/vars/default.yaml
Normal file
Loading…
Reference in New Issue
Block a user