From 2a7ad7fd86d6195e1080d3e8a6a09d453426db3e Mon Sep 17 00:00:00 2001 From: Trygve Laugstøl Date: Mon, 7 Jan 2019 09:17:06 +0100 Subject: wireguard: Support for removing configuration. --- ansible/roles/wireguard/defaults/main.yml | 1 + ansible/roles/wireguard/tasks/main.yml | 59 +++++++++++++++++++++++-------- 2 files changed, 46 insertions(+), 14 deletions(-) (limited to 'ansible/roles/wireguard') diff --git a/ansible/roles/wireguard/defaults/main.yml b/ansible/roles/wireguard/defaults/main.yml index 62705a7..9b1bf59 100644 --- a/ansible/roles/wireguard/defaults/main.yml +++ b/ansible/roles/wireguard/defaults/main.yml @@ -1 +1,2 @@ +wireguard__state: present wireguard__role: client diff --git a/ansible/roles/wireguard/tasks/main.yml b/ansible/roles/wireguard/tasks/main.yml index 5330535..3590636 100644 --- a/ansible/roles/wireguard/tasks/main.yml +++ b/ansible/roles/wireguard/tasks/main.yml @@ -1,8 +1,14 @@ - tags: - wireguard become: yes + when: wireguard__state == 'present' + vars: + wg_if: "wg-{{ wireguard__net_id }}" + netdev_path: "/etc/systemd/network/60-{{ wg_if }}.netdev" + network_path: "/etc/systemd/network/61-{{ wg_if }}.network" block: - name: Install packages + tags: packages apt: name: "{{ items }}" install_recommends: no @@ -45,10 +51,10 @@ notify: systemctl restart systemd-networkd tags: wireguard-config copy: - dest: /etc/systemd/network/60-wg-{{ wireguard__net_id }}.netdev + dest: "{{ netdev_path }}" content: | [NetDev] - Name=wg-{{ wireguard__net_id }} + Name={{ wg_if }} Kind=wireguard Description=Net id: {{ wireguard__net_id }} @@ -67,10 +73,10 @@ notify: systemctl restart systemd-networkd tags: wireguard-config copy: - dest: /etc/systemd/network/60-wg-{{ wireguard__net_id }}.netdev + dest: "{{ netdev_path }}" content: | [NetDev] - Name=wg-{{ wireguard__net_id }} + Name={{ wg_if }} Kind=wireguard Description=Net id: {{ wireguard__net_id }} @@ -92,21 +98,15 @@ {% endfor %} - - name: rm /etc/systemd/network/60-wg-XXX.network - tags: wireguard-config - file: - path: /etc/systemd/network/60-wg-{{ wireguard__net_id }}.network - state: absent - - name: Make /etc/systemd/network/61-wg-XXX.network (Client) when: wireguard__role == 'client' tags: wireguard-config notify: systemctl restart systemd-networkd copy: - dest: /etc/systemd/network/61-wg-{{ wireguard__net_id }}.network + dest: "{{ network_path }}" content: | [Match] - Name=wg-{{ wireguard__net_id }} + Name={{ wg_if }} [Network] Address={{ wireguard__clients[ansible_hostname].ipv4 }}/{{ wireguard__server.ipv4.prefix }} @@ -117,10 +117,10 @@ tags: wireguard-config notify: systemctl restart systemd-networkd copy: - dest: /etc/systemd/network/61-wg-{{ wireguard__net_id }}.network + dest: "{{ network_path }}" content: | [Match] - Name=wg-{{ wireguard__net_id }} + Name={{ wg_if }} [Network] Address={{ wireguard__server.ipv4.address }}/{{ wireguard__server.ipv4.prefix }} @@ -134,6 +134,37 @@ port: "{{ wireguard__listen_port }}" proto: udp +- tags: + - wireguard + become: yes + when: wireguard__state == 'absent' + vars: + wg_if: "wg-{{ wireguard__net_id }}" + netdev_path: "/etc/systemd/network/60-{{ wg_if }}.netdev" + network_path: "/etc/systemd/network/61-{{ wg_if }}.network" + block: + - file: + path: /etc/wireguard + state: absent + notify: systemctl restart systemd-networkd + + - file: + path: "{{ netdev_path }}" + state: absent + notify: systemctl restart systemd-networkd + + - file: + path: "{{ network_path }}" + state: absent + notify: systemctl restart systemd-networkd + + - shell: "ip -j link show {{ wg_if }}" + changed_when: False + register: ip_link + + - shell: "ip -j link delete {{ wg_if }}" + when: ip_link.stdout_lines|length != "0" + - name: generate dns records tags: - wireguard -- cgit v1.2.3