add support for network namespaces and hook scripts

2021-11-13 13:58:17 +01:00 · 2021-11-13 13:58:17 +01:00 · 8e3a6b943e
commit 8e3a6b943e
parent d0ee4e64e9
3 changed files with 34 additions and 10 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -8,5 +8,13 @@ wireguard:
    route6: []
    peers: {}
    mtu: 1420
    netns: ~
    scripts:
      "pre-up": ~
      up: ~
      "post-up": ~
      "pre-down": ~
      down: ~
      "post-down": ~
  connections: {}
--- a/templates/networkinterface.j2
+++ b/templates/networkinterface.j2
@ -1,30 +1,41 @@
 {% set ip_netns_prefix = '' if not item.netns else '-n "{}"'.format(item.netns) %}
 auto wg_{{ item.name }}
 iface wg_{{ item.name }} inet manual
 	post-down ip link del $IFACE
 	pre-up ip link add $IFACE type wireguard || true
 	pre-up wg setconf $IFACE /etc/wireguard/$IFACE.conf
-	up ip link set dev $IFACE mtu {{ item.mtu }}
+{% if item.netns %}
 	pre-up ip link set dev $IFACE netns "{{ item.netns }}"
 {% endif %}
 	# set ips and routs
 	up ip {{ ip_netns_prefix }} link set dev $IFACE up mtu {{ item.mtu }}
 {% if item.route|length == 1 and item.ip|length == 1%}
-	pre-up ip a add {{ item.ip[0] }} peer {{ item.route[0] }} dev $IFACE
+	pre-up ip {{ip_netns_prefix}} addr add {{ item.ip[0] }} peer {{ item.route[0] }} dev $IFACE
-	up ip route replace {{ item.route[0] }} src {{ item.ip[0].split('/')[0] }} dev $IFACE
+	up ip  {{ ip_netns_prefix }} route replace {{ item.route[0] }} src {{ item.ip[0].split('/')[0] }} dev $IFACE
 {% else %}
 {% for i in item.ip %}
-	pre-up ip a add {{ i }} dev $IFACE
+	pre-up ip {{ ip_netns_prefix }} addr add {{ i }} dev $IFACE
 {% endfor %}
 {% for i in item.route %}
-	up ip route replace {{ i }} dev $IFACE
+	up ip {{ ip_netns_prefix }} route replace {{ i }} dev $IFACE
 {% endfor %}
 {% endif %}
 	# custom hooks
 {% for scriptname in ["pre-up", "up", "post-up", "pre-down", "down", "post-down"]%}
 {% for scriptline in item.scripts[scriptname] or [] %}
 	{{ scriptname }} {{ scriptline }}
 {% endfor %}
 {% endfor %}
 iface wg_{{ item.name }} inet6 manual
 {% if item.route6|length == 1 and item.ip6|length == 1%}
-	pre-up ip -6 a add {{ item.ip6[0] }} peer {{ item.route6[0] }} dev $IFACE
+	pre-up ip -6 {{ ip_netns_prefix }} addr add {{ item.ip6[0] }} peer {{ item.route6[0] }} dev $IFACE
-	up ip -6 route replace {{ item.route6[0] }} src {{ item.ip6[0].split('/')[0] }} dev $IFACE
+	up ip -6 {{ ip_netns_prefix }} route replace {{ item.route6[0] }} src {{ item.ip6[0].split('/')[0] }} dev $IFACE
 {% else %}
 {% for i in item.ip6 %}
-	pre-up ip -6 a add {{ i }} dev $IFACE
+	pre-up ip -6 {{ ip_netns_prefix }} addr add {{ i }} dev $IFACE
 {% endfor %}
 {% for i in item.route6 %}
-	up ip -6 route replace {{ i }} dev $IFACE
+	up ip -6 {{ ip_netns_prefix }} route replace {{ i }} dev $IFACE
 {% endfor %}
 {% endif %}
--- a/templates/wireguard.conf.j2
+++ b/templates/wireguard.conf.j2
@ -9,5 +9,10 @@ PrivateKey = {{ item.privkey }}
 # {{ peer.name }}
 PublicKey = {{ peer.PublicKey }}
 AllowedIPs = {{ peer.AllowedIPs|d(['0.0.0.0/0', '::/0'])|join(', ') }}
-{% if peer.Endpoint is defined %}Endpoint = {{ peer.Endpoint }}{% endif %}
+{% if peer.PresharedKey is defined %}
 PresharedKey = {{ peer.PresharedKey }}
 {% endif %}
 {% if peer.Endpoint is defined %}
 Endpoint = {{ peer.Endpoint }}
 {% endif %}
 {% endfor %}