From 43e87804204d6e0eb0b53b3285830ea0dbab72d8 Mon Sep 17 00:00:00 2001 From: nd Date: Sun, 2 Aug 2020 01:25:44 +0200 Subject: [PATCH] initial commit --- defaults/main.yml | 9 +++++++++ meta/main.yml | 3 +++ tasks/main.yml | 11 +++++++++++ tasks/net.yml | 12 ++++++++++++ templates/networkinterface.j2 | 14 ++++++++++++++ templates/wireguard.conf.j2 | 11 +++++++++++ vars/main.yml | 2 ++ 7 files changed, 62 insertions(+) create mode 100644 defaults/main.yml create mode 100644 meta/main.yml create mode 100644 tasks/main.yml create mode 100644 tasks/net.yml create mode 100644 templates/networkinterface.j2 create mode 100644 templates/wireguard.conf.j2 create mode 100644 vars/main.yml diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..61f58a3 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,9 @@ +wireguard: + defaults: + lport: 51820 + privkey: '' + ip: [] + ip6: [] + peers: {} + connections: {} + diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..5fb2614 --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: +- { role: packages } diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..062068c --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,11 @@ +- name: install wireguard + package: + name: + - wireguard + - wireguard-tools + +- name: handle a wireguard network + include_tasks: net.yml + loop: "{{ wireguard.connections|dict2items }}" + loop_control: + loop_var: conn diff --git a/tasks/net.yml b/tasks/net.yml new file mode 100644 index 0000000..17ce263 --- /dev/null +++ b/tasks/net.yml @@ -0,0 +1,12 @@ +- set_fact: + item: "{{ {}|combine(wireguard.defaults , {'name': conn.name}, item.value, recursive=True) }}" + +- name: generate interface config + template: + src: networkinterface.j2 + dest: /etc/network/interfaces.d/wg_{{ item.name }} + +- name: generate wireguard config + template: + src: wireguard.conf.j2 + dest: /etc/wireguard//wg_{{ item.name }} diff --git a/templates/networkinterface.j2 b/templates/networkinterface.j2 new file mode 100644 index 0000000..8ee8116 --- /dev/null +++ b/templates/networkinterface.j2 @@ -0,0 +1,14 @@ +auto wg_{{ item.name }} +iface w_{{ item.name }} inet static +{% for i in item.ip %} + address {{ i }} +{% endif %} + pre-up ip link add $IFACE type wireguard + pre-up wg setconf $IFACE /etc/wireguard/$IFACE.conf + post-down ip link del $IFACE + +iface w_{{ item.name }} inet6 static + # static IP address +{% for i in item.ip6 %} + address {{ i }} +{% endif %} diff --git a/templates/wireguard.conf.j2 b/templates/wireguard.conf.j2 new file mode 100644 index 0000000..d7056ab --- /dev/null +++ b/templates/wireguard.conf.j2 @@ -0,0 +1,11 @@ +[Interface] +Address = {{ (item.ip + item.ip6)|join(', ') }} +ListenPort = {{ item.lport }} +PrivateKey = {{ item.privkey }} + +{% for peer in item.peers %} +[Peer] +PublicKey = {{ peer.PublicKey }} +AllowedIPs = {{ peer.AllowedIPs|join(', ') }} +{% if peer.Endpoint is defined %}Endpoint = {{ peer.Endpoint }}{% endif %} +{% endfor %} diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 0000000..539a19d --- /dev/null +++ b/vars/main.yml @@ -0,0 +1,2 @@ +packages: + repos: '{% if ansible_distribution_release|lower =="buster" %}{ "buster-backports": { "url": "deb http://deb.debian.org/debian buster-backports main" } }{% else %}{}{% endif %}'