aboutsummaryrefslogtreecommitdiff
path: root/ansible
diff options
context:
space:
mode:
authorTrygve Laugstøl <trygvis@inamo.no>2019-01-07 09:17:06 +0100
committerTrygve Laugstøl <trygvis@inamo.no>2019-01-07 09:17:06 +0100
commit2a7ad7fd86d6195e1080d3e8a6a09d453426db3e (patch)
tree7e9d6d53857e2788632c25fc37dd13ce86e8b0d0 /ansible
parent67e8a83408c0e5b03ca4f8189f00092cb63b65d5 (diff)
downloadinfra-2a7ad7fd86d6195e1080d3e8a6a09d453426db3e.tar.gz
infra-2a7ad7fd86d6195e1080d3e8a6a09d453426db3e.tar.bz2
infra-2a7ad7fd86d6195e1080d3e8a6a09d453426db3e.tar.xz
infra-2a7ad7fd86d6195e1080d3e8a6a09d453426db3e.zip
wireguard: Support for removing configuration.
Diffstat (limited to 'ansible')
-rw-r--r--ansible/all.yml7
-rw-r--r--ansible/roles/wireguard/defaults/main.yml1
-rw-r--r--ansible/roles/wireguard/tasks/main.yml59
-rw-r--r--ansible/wireguard.yml5
4 files changed, 53 insertions, 19 deletions
diff --git a/ansible/all.yml b/ansible/all.yml
index 4e6de9e..326417c 100644
--- a/ansible/all.yml
+++ b/ansible/all.yml
@@ -47,11 +47,8 @@
- lxc-host
- hosts:
- - wireguard_net1
- roles:
- - wireguard
-
-- hosts:
- borg_clients
roles:
- borg-client
+
+- import_playbook: wireguard.yml
diff --git a/ansible/roles/wireguard/defaults/main.yml b/ansible/roles/wireguard/defaults/main.yml
index 62705a7..9b1bf59 100644
--- a/ansible/roles/wireguard/defaults/main.yml
+++ b/ansible/roles/wireguard/defaults/main.yml
@@ -1 +1,2 @@
+wireguard__state: present
wireguard__role: client
diff --git a/ansible/roles/wireguard/tasks/main.yml b/ansible/roles/wireguard/tasks/main.yml
index 5330535..3590636 100644
--- a/ansible/roles/wireguard/tasks/main.yml
+++ b/ansible/roles/wireguard/tasks/main.yml
@@ -1,8 +1,14 @@
- tags:
- wireguard
become: yes
+ when: wireguard__state == 'present'
+ vars:
+ wg_if: "wg-{{ wireguard__net_id }}"
+ netdev_path: "/etc/systemd/network/60-{{ wg_if }}.netdev"
+ network_path: "/etc/systemd/network/61-{{ wg_if }}.network"
block:
- name: Install packages
+ tags: packages
apt:
name: "{{ items }}"
install_recommends: no
@@ -45,10 +51,10 @@
notify: systemctl restart systemd-networkd
tags: wireguard-config
copy:
- dest: /etc/systemd/network/60-wg-{{ wireguard__net_id }}.netdev
+ dest: "{{ netdev_path }}"
content: |
[NetDev]
- Name=wg-{{ wireguard__net_id }}
+ Name={{ wg_if }}
Kind=wireguard
Description=Net id: {{ wireguard__net_id }}
@@ -67,10 +73,10 @@
notify: systemctl restart systemd-networkd
tags: wireguard-config
copy:
- dest: /etc/systemd/network/60-wg-{{ wireguard__net_id }}.netdev
+ dest: "{{ netdev_path }}"
content: |
[NetDev]
- Name=wg-{{ wireguard__net_id }}
+ Name={{ wg_if }}
Kind=wireguard
Description=Net id: {{ wireguard__net_id }}
@@ -92,21 +98,15 @@
{% endfor %}
- - name: rm /etc/systemd/network/60-wg-XXX.network
- tags: wireguard-config
- file:
- path: /etc/systemd/network/60-wg-{{ wireguard__net_id }}.network
- state: absent
-
- name: Make /etc/systemd/network/61-wg-XXX.network (Client)
when: wireguard__role == 'client'
tags: wireguard-config
notify: systemctl restart systemd-networkd
copy:
- dest: /etc/systemd/network/61-wg-{{ wireguard__net_id }}.network
+ dest: "{{ network_path }}"
content: |
[Match]
- Name=wg-{{ wireguard__net_id }}
+ Name={{ wg_if }}
[Network]
Address={{ wireguard__clients[ansible_hostname].ipv4 }}/{{ wireguard__server.ipv4.prefix }}
@@ -117,10 +117,10 @@
tags: wireguard-config
notify: systemctl restart systemd-networkd
copy:
- dest: /etc/systemd/network/61-wg-{{ wireguard__net_id }}.network
+ dest: "{{ network_path }}"
content: |
[Match]
- Name=wg-{{ wireguard__net_id }}
+ Name={{ wg_if }}
[Network]
Address={{ wireguard__server.ipv4.address }}/{{ wireguard__server.ipv4.prefix }}
@@ -134,6 +134,37 @@
port: "{{ wireguard__listen_port }}"
proto: udp
+- tags:
+ - wireguard
+ become: yes
+ when: wireguard__state == 'absent'
+ vars:
+ wg_if: "wg-{{ wireguard__net_id }}"
+ netdev_path: "/etc/systemd/network/60-{{ wg_if }}.netdev"
+ network_path: "/etc/systemd/network/61-{{ wg_if }}.network"
+ block:
+ - file:
+ path: /etc/wireguard
+ state: absent
+ notify: systemctl restart systemd-networkd
+
+ - file:
+ path: "{{ netdev_path }}"
+ state: absent
+ notify: systemctl restart systemd-networkd
+
+ - file:
+ path: "{{ network_path }}"
+ state: absent
+ notify: systemctl restart systemd-networkd
+
+ - shell: "ip -j link show {{ wg_if }}"
+ changed_when: False
+ register: ip_link
+
+ - shell: "ip -j link delete {{ wg_if }}"
+ when: ip_link.stdout_lines|length != "0"
+
- name: generate dns records
tags:
- wireguard
diff --git a/ansible/wireguard.yml b/ansible/wireguard.yml
new file mode 100644
index 0000000..e5acba5
--- /dev/null
+++ b/ansible/wireguard.yml
@@ -0,0 +1,5 @@
+- hosts:
+ - wireguard_net1
+ roles:
+ - wireguard
+