wireguard: Support for removing configuration.

2 files changed, 46 insertions, 14 deletions

diff --git a/ansible/roles/wireguard/defaults/main.yml b/ansible/roles/wireguard/defaults/main.yml
index 62705a7..9b1bf59 100644
--- a/ansible/roles/wireguard/defaults/main.yml
+++ b/ansible/roles/wireguard/defaults/main.yml
@@ -1 +1,2 @@
+wireguard__state: present
 wireguard__role: client
diff --git a/ansible/roles/wireguard/tasks/main.yml b/ansible/roles/wireguard/tasks/main.yml
index 5330535..3590636 100644
--- a/ansible/roles/wireguard/tasks/main.yml
+++ b/ansible/roles/wireguard/tasks/main.yml
@@ -1,8 +1,14 @@
 - tags:
     - wireguard
   become: yes
+  when: wireguard__state == 'present'
+  vars:
+    wg_if: "wg-{{ wireguard__net_id }}"
+    netdev_path: "/etc/systemd/network/60-{{ wg_if }}.netdev"
+    network_path: "/etc/systemd/network/61-{{ wg_if }}.network"
   block:
     - name: Install packages
+      tags: packages
       apt:
         name: "{{ items }}"
         install_recommends: no
@@ -45,10 +51,10 @@
       notify: systemctl restart systemd-networkd
       tags: wireguard-config
       copy:
-        dest: /etc/systemd/network/60-wg-{{ wireguard__net_id }}.netdev
+        dest: "{{ netdev_path }}"
         content: |
           [NetDev]
-          Name=wg-{{ wireguard__net_id }}
+          Name={{ wg_if }}
           Kind=wireguard
           Description=Net id: {{ wireguard__net_id }}
 
@@ -67,10 +73,10 @@
       notify: systemctl restart systemd-networkd
       tags: wireguard-config
       copy:
-        dest: /etc/systemd/network/60-wg-{{ wireguard__net_id }}.netdev
+        dest: "{{ netdev_path }}"
         content: |
           [NetDev]
-          Name=wg-{{ wireguard__net_id }}
+          Name={{ wg_if }}
           Kind=wireguard
           Description=Net id: {{ wireguard__net_id }}
 
@@ -92,21 +98,15 @@
 
           {% endfor %}
 
-    - name: rm /etc/systemd/network/60-wg-XXX.network
-      tags: wireguard-config
-      file:
-        path: /etc/systemd/network/60-wg-{{ wireguard__net_id }}.network
-        state: absent
-
     - name: Make /etc/systemd/network/61-wg-XXX.network (Client)
       when: wireguard__role == 'client'
       tags: wireguard-config
       notify: systemctl restart systemd-networkd
       copy:
-        dest: /etc/systemd/network/61-wg-{{ wireguard__net_id }}.network
+        dest: "{{ network_path }}"
         content: |
           [Match]
-          Name=wg-{{ wireguard__net_id }}
+          Name={{ wg_if }}
 
           [Network]
           Address={{ wireguard__clients[ansible_hostname].ipv4 }}/{{ wireguard__server.ipv4.prefix }}
@@ -117,10 +117,10 @@
       tags: wireguard-config
       notify: systemctl restart systemd-networkd
       copy:
-        dest: /etc/systemd/network/61-wg-{{ wireguard__net_id }}.network
+        dest: "{{ network_path }}"
         content: |
           [Match]
-          Name=wg-{{ wireguard__net_id }}
+          Name={{ wg_if }}
 
           [Network]
           Address={{ wireguard__server.ipv4.address }}/{{ wireguard__server.ipv4.prefix }}
@@ -134,6 +134,37 @@
         port: "{{ wireguard__listen_port }}"
         proto: udp
 
+- tags:
+    - wireguard
+  become: yes
+  when: wireguard__state == 'absent'
+  vars:
+    wg_if: "wg-{{ wireguard__net_id }}"
+    netdev_path: "/etc/systemd/network/60-{{ wg_if }}.netdev"
+    network_path: "/etc/systemd/network/61-{{ wg_if }}.network"
+  block:
+    - file:
+        path: /etc/wireguard
+        state: absent
+      notify: systemctl restart systemd-networkd
+
+    - file:
+        path: "{{ netdev_path }}"
+        state: absent
+      notify: systemctl restart systemd-networkd
+
+    - file:
+        path: "{{ network_path }}"
+        state: absent
+      notify: systemctl restart systemd-networkd
+
+    - shell: "ip -j link show {{ wg_if }}"
+      changed_when: False
+      register: ip_link
+
+    - shell: "ip -j link delete {{ wg_if }}"
+      when: ip_link.stdout_lines|length != "0"
+
 - name: generate dns records
   tags:
     - wireguard