summaryrefslogtreecommitdiff
path: root/roles/wireguard/gateway
diff options
context:
space:
mode:
Diffstat (limited to 'roles/wireguard/gateway')
-rw-r--r--roles/wireguard/gateway/defaults/main.yml27
-rw-r--r--roles/wireguard/gateway/handlers/main.yml6
-rw-r--r--roles/wireguard/gateway/tasks/main.yml68
-rw-r--r--roles/wireguard/gateway/templates/systemd-fix-default-gw.service.j212
-rw-r--r--roles/wireguard/gateway/templates/systemd-iptables.service.j242
-rw-r--r--roles/wireguard/gateway/templates/systemd.netdev.j226
-rw-r--r--roles/wireguard/gateway/templates/systemd.network.j220
7 files changed, 0 insertions, 201 deletions
diff --git a/roles/wireguard/gateway/defaults/main.yml b/roles/wireguard/gateway/defaults/main.yml
deleted file mode 100644
index 69846fc3..00000000
--- a/roles/wireguard/gateway/defaults/main.yml
+++ /dev/null
@@ -1,27 +0,0 @@
----
-# wireguard_gateway_tunnels:
-# wg-test:
-# description: some wireguard tunnel
-# priv_key: secret
-# listen_port: 1234
-# addresses:
-# - 192.168.255.254/24
-# ip_masq: yes
-# ip_snat:
-# interface: eth1
-# to: 1.2.3.4
-# port_forwardings:
-# - dest: 1.2.3.4
-# tcp_ports:
-# 80: 192.158.255.3:80
-# udp_ports:
-# 123: 192.158.255.3:200
-# peers:
-# - pub_key: public_key_of_peer
-# keepalive_interval: 10
-# endpoint:
-# host: 5.6.7.8
-# port: 1234
-# allowed_ips:
-# - 192.168.255.3/32
-# - 192.168.123.0/24
diff --git a/roles/wireguard/gateway/handlers/main.yml b/roles/wireguard/gateway/handlers/main.yml
deleted file mode 100644
index 625032dc..00000000
--- a/roles/wireguard/gateway/handlers/main.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-- name: restart systemd-networkd
- systemd:
- daemon_reload: yes
- name: systemd-networkd
- state: restarted
diff --git a/roles/wireguard/gateway/tasks/main.yml b/roles/wireguard/gateway/tasks/main.yml
deleted file mode 100644
index bc14db1b..00000000
--- a/roles/wireguard/gateway/tasks/main.yml
+++ /dev/null
@@ -1,68 +0,0 @@
----
-- name: install wireguard interfaces (netdev)
- loop: "{{ wireguard_gateway_tunnels | dict2items }}"
- loop_control:
- label: "{{ item.key }}"
- template:
- src: systemd.netdev.j2
- dest: "/etc/systemd/network/{{ item.key }}.netdev"
- mode: 0640
- group: systemd-network
- notify: restart systemd-networkd
-
-- name: install wireguard interfaces (network)
- loop: "{{ wireguard_gateway_tunnels | dict2items }}"
- loop_control:
- label: "{{ item.key }}"
- template:
- src: systemd.network.j2
- dest: "/etc/systemd/network/{{ item.key }}.network"
- notify: restart systemd-networkd
-
-- name: enable systemd-networkd
- systemd:
- name: systemd-networkd
- enabled: yes
- state: started
-
-
-- name: create iptables service unit
- loop: "{{ wireguard_gateway_tunnels | dict2items }}"
- loop_control:
- label: "{{ item.key }}"
- when: "'ip_snat' in item.value or 'port_forwardings' in item.value"
- template:
- src: systemd-iptables.service.j2
- dest: "/etc/systemd/system/wireguard-gateway-{{ item.key }}-iptables.service"
-
-- name: enable/start iptables service unit
- loop: "{{ wireguard_gateway_tunnels | dict2items }}"
- loop_control:
- label: "{{ item.key }}"
- when: "'ip_snat' in item.value or 'port_forwardings' in item.value"
- systemd:
- daemon_reload: yes
- name: "wireguard-gateway-{{ item.key }}-iptables.service"
- enabled: yes
- state: started
-
-
-- name: install workaround for default-gateway handling
- loop: "{{ wireguard_gateway_tunnels | dict2items }}"
- loop_control:
- label: "{{ item.key }}"
- when: "'default_gateway' in item.value"
- template:
- src: systemd-fix-default-gw.service.j2
- dest: "/etc/systemd/system/wireguard-gateway-{{ item.key }}-fix-default-gw.service"
-
-- name: enable/start workaround for default-gateway handling
- loop: "{{ wireguard_gateway_tunnels | dict2items }}"
- loop_control:
- label: "{{ item.key }}"
- when: "'default_gateway' in item.value"
- systemd:
- daemon_reload: yes
- name: "wireguard-gateway-{{ item.key }}-fix-default-gw.service"
- enabled: yes
- state: started
diff --git a/roles/wireguard/gateway/templates/systemd-fix-default-gw.service.j2 b/roles/wireguard/gateway/templates/systemd-fix-default-gw.service.j2
deleted file mode 100644
index d2d8a470..00000000
--- a/roles/wireguard/gateway/templates/systemd-fix-default-gw.service.j2
+++ /dev/null
@@ -1,12 +0,0 @@
-[Unit]
-Wants=network-online.target
-After=network-online.target
-
-[Service]
-Type=oneshot
-ExecStart=/sbin/ip route add {{ item.value.default_gateway.outer }} via {{ ansible_default_ipv4.gateway }}
-ExecStop=/sbin/ip route del {{ item.value.default_gateway.outer }} via {{ ansible_default_ipv4.gateway }}
-RemainAfterExit=yes
-
-[Install]
-WantedBy=multi-user.target
diff --git a/roles/wireguard/gateway/templates/systemd-iptables.service.j2 b/roles/wireguard/gateway/templates/systemd-iptables.service.j2
deleted file mode 100644
index 11cf4b8a..00000000
--- a/roles/wireguard/gateway/templates/systemd-iptables.service.j2
+++ /dev/null
@@ -1,42 +0,0 @@
-[Unit]
-Wants=network-online.target
-After=network-online.target
-
-
-[Service]
-Type=oneshot
-
-{% if 'ip_snat' in item.value %}
-ExecStart=/usr/sbin/sysctl net.ipv4.ip_forward=1
-{% for addr in item.value.addresses %}
-ExecStart=/sbin/iptables -t nat -A POSTROUTING -s {{ addr | ipaddr('network/prefix') }} -o {{ item.value.ip_snat.interface }} -j SNAT --to {{ item.value.ip_snat.to }}
-{% endfor %}
-{% endif %}
-{% for forward in item.value.port_forwardings | default([]) %}
-{% for port in forward.tcp_ports | default([]) %}
-ExecStart=/sbin/iptables -t nat -A PREROUTING -d {{ forward.dest }} -p tcp --dport {{ port }} -j DNAT --to {{ forward.tcp_ports[port] }}
-{% endfor %}
-{% for port in forward.udp_ports | default([]) %}
-ExecStart=/sbin/iptables -t nat -A PREROUTING -d {{ forward.dest }} -p udp --dport {{ port }} -j DNAT --to {{ forward.udp_ports[port] }}
-{% endfor %}
-{% endfor %}
-
-{% if 'ip_snat' in item.value %}
-{% for addr in item.value.addresses %}
-ExecStop=/sbin/iptables -t nat -D POSTROUTING -s {{ addr | ipaddr('network/prefix') }} -o {{ item.value.ip_snat.interface }} -j SNAT --to {{ item.value.ip_snat.to }}
-{% endfor %}
-{% endif %}
-{% for forward in item.value.port_forwardings | default([]) %}
-{% for port in forward.tcp_ports | default([]) %}
-ExecStop=/sbin/iptables -t nat -D PREROUTING -d {{ forward.dest }} -p tcp --dport {{ port }} -j DNAT --to {{ forward.tcp_ports[port] }}
-{% endfor %}
-{% for port in forward.udp_ports | default([]) %}
-ExecStop=/sbin/iptables -t nat -D PREROUTING -d {{ forward.dest }} -p udp --dport {{ port }} -j DNAT --to {{ forward.udp_ports[port] }}
-{% endfor %}
-{% endfor %}
-
-RemainAfterExit=yes
-
-
-[Install]
-WantedBy=multi-user.target
diff --git a/roles/wireguard/gateway/templates/systemd.netdev.j2 b/roles/wireguard/gateway/templates/systemd.netdev.j2
deleted file mode 100644
index 96399b52..00000000
--- a/roles/wireguard/gateway/templates/systemd.netdev.j2
+++ /dev/null
@@ -1,26 +0,0 @@
-[NetDev]
-Name={{ item.key }}
-Kind=wireguard
-{% if 'description' in item.value %}
-Description={{ item.value.description }}
-{% endif %}
-
-
-[WireGuard]
-PrivateKey={{ item.value.priv_key }}
-ListenPort={{ item.value.listen_port | default(51820) }}
-
-{% for peer in item.value.peers %}
-
-[WireGuardPeer]
-PublicKey={{ peer.pub_key }}
-{% for ip in peer.allowed_ips %}
-AllowedIPs={{ ip }}
-{% endfor %}
-{% if 'endpoint' in peer %}
-Endpoint={{ peer.endpoint.host }}:{{ peer.endpoint.port | default(51820) }}
-{% endif %}
-{% if 'keepalive_interval' in peer %}
-PersistentKeepalive={{ peer.keepalive_interval }}
-{% endif %}
-{% endfor %}
diff --git a/roles/wireguard/gateway/templates/systemd.network.j2 b/roles/wireguard/gateway/templates/systemd.network.j2
deleted file mode 100644
index 6847aa6a..00000000
--- a/roles/wireguard/gateway/templates/systemd.network.j2
+++ /dev/null
@@ -1,20 +0,0 @@
-[Match]
-Name={{ item.key }}
-
-[Network]
-{% for addr in item.value.addresses %}
-Address={{ addr }}
-{% endfor %}
-{% if 'ip_masq' in item.value and item.value.ip_masq %}
-IPMasquerade=yes
-{% endif %}
-{% if 'default_gateway' in item.value %}
-
-[Route]
-Destination=0.0.0.0/1
-Gateway={{ item.value.default_gateway.inner }}
-
-[Route]
-Destination=128.0.0.0/1
-Gateway={{ item.value.default_gateway.inner }}
-{% endif %}
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-31 10:02:59 +0000