From 2a7ad7fd86d6195e1080d3e8a6a09d453426db3e Mon Sep 17 00:00:00 2001
From: Trygve Laugstøl <trygvis@inamo.no>
Date: Mon, 7 Jan 2019 09:17:06 +0100
Subject: wireguard: Support for removing configuration.

---
 ansible/all.yml                           |  7 ++--
 ansible/roles/wireguard/defaults/main.yml |  1 +
 ansible/roles/wireguard/tasks/main.yml    | 59 +++++++++++++++++++++++--------
 ansible/wireguard.yml                     |  5 +++
 4 files changed, 53 insertions(+), 19 deletions(-)
 create mode 100644 ansible/wireguard.yml

(limited to 'ansible')

diff --git a/ansible/all.yml b/ansible/all.yml
index 4e6de9e..326417c 100644
--- a/ansible/all.yml
+++ b/ansible/all.yml
@@ -46,12 +46,9 @@
   roles:
     - lxc-host
 
-- hosts:
-    - wireguard_net1
-  roles:
-    - wireguard
-
 - hosts:
     - borg_clients
   roles:
     - borg-client
+
+- import_playbook: wireguard.yml
diff --git a/ansible/roles/wireguard/defaults/main.yml b/ansible/roles/wireguard/defaults/main.yml
index 62705a7..9b1bf59 100644
--- a/ansible/roles/wireguard/defaults/main.yml
+++ b/ansible/roles/wireguard/defaults/main.yml
@@ -1 +1,2 @@
+wireguard__state: present
 wireguard__role: client
diff --git a/ansible/roles/wireguard/tasks/main.yml b/ansible/roles/wireguard/tasks/main.yml
index 5330535..3590636 100644
--- a/ansible/roles/wireguard/tasks/main.yml
+++ b/ansible/roles/wireguard/tasks/main.yml
@@ -1,8 +1,14 @@
 - tags:
     - wireguard
   become: yes
+  when: wireguard__state == 'present'
+  vars:
+    wg_if: "wg-{{ wireguard__net_id }}"
+    netdev_path: "/etc/systemd/network/60-{{ wg_if }}.netdev"
+    network_path: "/etc/systemd/network/61-{{ wg_if }}.network"
   block:
     - name: Install packages
+      tags: packages
       apt:
         name: "{{ items }}"
         install_recommends: no
@@ -45,10 +51,10 @@
       notify: systemctl restart systemd-networkd
       tags: wireguard-config
       copy:
-        dest: /etc/systemd/network/60-wg-{{ wireguard__net_id }}.netdev
+        dest: "{{ netdev_path }}"
         content: |
           [NetDev]
-          Name=wg-{{ wireguard__net_id }}
+          Name={{ wg_if }}
           Kind=wireguard
           Description=Net id: {{ wireguard__net_id }}
 
@@ -67,10 +73,10 @@
       notify: systemctl restart systemd-networkd
       tags: wireguard-config
       copy:
-        dest: /etc/systemd/network/60-wg-{{ wireguard__net_id }}.netdev
+        dest: "{{ netdev_path }}"
         content: |
           [NetDev]
-          Name=wg-{{ wireguard__net_id }}
+          Name={{ wg_if }}
           Kind=wireguard
           Description=Net id: {{ wireguard__net_id }}
 
@@ -92,21 +98,15 @@
 
           {% endfor %}
 
-    - name: rm /etc/systemd/network/60-wg-XXX.network
-      tags: wireguard-config
-      file:
-        path: /etc/systemd/network/60-wg-{{ wireguard__net_id }}.network
-        state: absent
-
     - name: Make /etc/systemd/network/61-wg-XXX.network (Client)
       when: wireguard__role == 'client'
       tags: wireguard-config
       notify: systemctl restart systemd-networkd
       copy:
-        dest: /etc/systemd/network/61-wg-{{ wireguard__net_id }}.network
+        dest: "{{ network_path }}"
         content: |
           [Match]
-          Name=wg-{{ wireguard__net_id }}
+          Name={{ wg_if }}
 
           [Network]
           Address={{ wireguard__clients[ansible_hostname].ipv4 }}/{{ wireguard__server.ipv4.prefix }}
@@ -117,10 +117,10 @@
       tags: wireguard-config
       notify: systemctl restart systemd-networkd
       copy:
-        dest: /etc/systemd/network/61-wg-{{ wireguard__net_id }}.network
+        dest: "{{ network_path }}"
         content: |
           [Match]
-          Name=wg-{{ wireguard__net_id }}
+          Name={{ wg_if }}
 
           [Network]
           Address={{ wireguard__server.ipv4.address }}/{{ wireguard__server.ipv4.prefix }}
@@ -134,6 +134,37 @@
         port: "{{ wireguard__listen_port }}"
         proto: udp
 
+- tags:
+    - wireguard
+  become: yes
+  when: wireguard__state == 'absent'
+  vars:
+    wg_if: "wg-{{ wireguard__net_id }}"
+    netdev_path: "/etc/systemd/network/60-{{ wg_if }}.netdev"
+    network_path: "/etc/systemd/network/61-{{ wg_if }}.network"
+  block:
+    - file:
+        path: /etc/wireguard
+        state: absent
+      notify: systemctl restart systemd-networkd
+
+    - file:
+        path: "{{ netdev_path }}"
+        state: absent
+      notify: systemctl restart systemd-networkd
+
+    - file:
+        path: "{{ network_path }}"
+        state: absent
+      notify: systemctl restart systemd-networkd
+
+    - shell: "ip -j link show {{ wg_if }}"
+      changed_when: False
+      register: ip_link
+
+    - shell: "ip -j link delete {{ wg_if }}"
+      when: ip_link.stdout_lines|length != "0"
+
 - name: generate dns records
   tags:
     - wireguard
diff --git a/ansible/wireguard.yml b/ansible/wireguard.yml
new file mode 100644
index 0000000..e5acba5
--- /dev/null
+++ b/ansible/wireguard.yml
@@ -0,0 +1,5 @@
+- hosts:
+    - wireguard_net1
+  roles:
+    - wireguard
+
-- 
cgit v1.2.3