initial commit

defaults/main.yml

@@ -0,0 +1,9 @@
+wireguard:
+  defaults:
+    lport: 51820
+    privkey: '' 
+    ip: []
+    ip6: []
+    peers: {}
+  connections: {}
+

meta/main.yml

@@ -0,0 +1,3 @@
+---
+dependencies:
+- { role: packages }

tasks/main.yml

@@ -0,0 +1,11 @@
+- name: install wireguard
+  package:
+    name:
+    - wireguard
+    - wireguard-tools
+
+- name: handle a wireguard network
+  include_tasks: net.yml
+  loop: "{{ wireguard.connections|dict2items }}"
+  loop_control:
+    loop_var: conn

tasks/net.yml

@@ -0,0 +1,12 @@
+- set_fact:
+    item: "{{ {}|combine(wireguard.defaults , {'name': conn.name}, item.value, recursive=True) }}"
+
+- name: generate interface config
+  template:
+    src: networkinterface.j2
+    dest: /etc/network/interfaces.d/wg_{{ item.name }}
+
+- name: generate wireguard config
+  template:
+    src: wireguard.conf.j2
+    dest: /etc/wireguard//wg_{{ item.name }}

templates/networkinterface.j2

@@ -0,0 +1,14 @@
+auto wg_{{ item.name }}
+iface w_{{ item.name }} inet static
+{% for i in item.ip %}
+	address {{ i }}
+{% endif %}
+	pre-up ip link add $IFACE type wireguard
+	pre-up wg setconf $IFACE /etc/wireguard/$IFACE.conf
+	post-down ip link del $IFACE
+
+iface w_{{ item.name }} inet6 static
+	# static IP address 
+{% for i in item.ip6 %}
+	address {{ i }}
+{% endif %}

templates/wireguard.conf.j2

@@ -0,0 +1,11 @@
+[Interface]
+Address = {{ (item.ip + item.ip6)|join(', ') }}
+ListenPort = {{ item.lport }}
+PrivateKey = {{ item.privkey }}
+
+{% for peer in item.peers %}
+[Peer]
+PublicKey = {{ peer.PublicKey }}
+AllowedIPs = {{ peer.AllowedIPs|join(', ') }}
+{% if peer.Endpoint is defined %}Endpoint = {{ peer.Endpoint }}{% endif %}
+{% endfor %}

vars/main.yml

@@ -0,0 +1,2 @@
+packages:
+  repos: '{% if ansible_distribution_release|lower =="buster" %}{ "buster-backports": { "url": "deb http://deb.debian.org/debian buster-backports main" } }{% else %}{}{% endif %}'