From 8e3a6b943e585abe6d7bbc4177c86b59fa94f068 Mon Sep 17 00:00:00 2001 From: nd Date: Sat, 13 Nov 2021 13:58:17 +0100 Subject: [PATCH] add support for network namespaces and hook scripts --- defaults/main.yml | 8 ++++++++ templates/networkinterface.j2 | 29 ++++++++++++++++++++--------- templates/wireguard.conf.j2 | 7 ++++++- 3 files changed, 34 insertions(+), 10 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index ad163f3..9ce4da2 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -8,5 +8,13 @@ wireguard: route6: [] peers: {} mtu: 1420 + netns: ~ + scripts: + "pre-up": ~ + up: ~ + "post-up": ~ + "pre-down": ~ + down: ~ + "post-down": ~ connections: {} diff --git a/templates/networkinterface.j2 b/templates/networkinterface.j2 index 8289447..2106f87 100644 --- a/templates/networkinterface.j2 +++ b/templates/networkinterface.j2 @@ -1,30 +1,41 @@ +{% set ip_netns_prefix = '' if not item.netns else '-n "{}"'.format(item.netns) %} auto wg_{{ item.name }} iface wg_{{ item.name }} inet manual post-down ip link del $IFACE pre-up ip link add $IFACE type wireguard || true pre-up wg setconf $IFACE /etc/wireguard/$IFACE.conf - up ip link set dev $IFACE mtu {{ item.mtu }} +{% if item.netns %} + pre-up ip link set dev $IFACE netns "{{ item.netns }}" +{% endif %} + # set ips and routs + up ip {{ ip_netns_prefix }} link set dev $IFACE up mtu {{ item.mtu }} {% if item.route|length == 1 and item.ip|length == 1%} - pre-up ip a add {{ item.ip[0] }} peer {{ item.route[0] }} dev $IFACE - up ip route replace {{ item.route[0] }} src {{ item.ip[0].split('/')[0] }} dev $IFACE + pre-up ip {{ip_netns_prefix}} addr add {{ item.ip[0] }} peer {{ item.route[0] }} dev $IFACE + up ip {{ ip_netns_prefix }} route replace {{ item.route[0] }} src {{ item.ip[0].split('/')[0] }} dev $IFACE {% else %} {% for i in item.ip %} - pre-up ip a add {{ i }} dev $IFACE + pre-up ip {{ ip_netns_prefix }} addr add {{ i }} dev $IFACE {% endfor %} {% for i in item.route %} - up ip route replace {{ i }} dev $IFACE + up ip {{ ip_netns_prefix }} route replace {{ i }} dev $IFACE {% endfor %} {% endif %} + # custom hooks +{% for scriptname in ["pre-up", "up", "post-up", "pre-down", "down", "post-down"]%} +{% for scriptline in item.scripts[scriptname] or [] %} + {{ scriptname }} {{ scriptline }} +{% endfor %} +{% endfor %} iface wg_{{ item.name }} inet6 manual {% if item.route6|length == 1 and item.ip6|length == 1%} - pre-up ip -6 a add {{ item.ip6[0] }} peer {{ item.route6[0] }} dev $IFACE - up ip -6 route replace {{ item.route6[0] }} src {{ item.ip6[0].split('/')[0] }} dev $IFACE + pre-up ip -6 {{ ip_netns_prefix }} addr add {{ item.ip6[0] }} peer {{ item.route6[0] }} dev $IFACE + up ip -6 {{ ip_netns_prefix }} route replace {{ item.route6[0] }} src {{ item.ip6[0].split('/')[0] }} dev $IFACE {% else %} {% for i in item.ip6 %} - pre-up ip -6 a add {{ i }} dev $IFACE + pre-up ip -6 {{ ip_netns_prefix }} addr add {{ i }} dev $IFACE {% endfor %} {% for i in item.route6 %} - up ip -6 route replace {{ i }} dev $IFACE + up ip -6 {{ ip_netns_prefix }} route replace {{ i }} dev $IFACE {% endfor %} {% endif %} diff --git a/templates/wireguard.conf.j2 b/templates/wireguard.conf.j2 index c9f5ea2..89a905a 100644 --- a/templates/wireguard.conf.j2 +++ b/templates/wireguard.conf.j2 @@ -9,5 +9,10 @@ PrivateKey = {{ item.privkey }} # {{ peer.name }} PublicKey = {{ peer.PublicKey }} AllowedIPs = {{ peer.AllowedIPs|d(['0.0.0.0/0', '::/0'])|join(', ') }} -{% if peer.Endpoint is defined %}Endpoint = {{ peer.Endpoint }}{% endif %} +{% if peer.PresharedKey is defined %} +PresharedKey = {{ peer.PresharedKey }} +{% endif %} +{% if peer.Endpoint is defined %} +Endpoint = {{ peer.Endpoint }} +{% endif %} {% endfor %}