diff options
Diffstat (limited to 'roles/wireguard')
-rw-r--r-- | roles/wireguard/gateway/defaults/main.yml | 15 | ||||
-rw-r--r-- | roles/wireguard/gateway/handlers/main.yml | 6 | ||||
-rw-r--r-- | roles/wireguard/gateway/tasks/main.yml | 20 | ||||
-rw-r--r-- | roles/wireguard/gateway/templates/systemd.netdev.j2 | 26 | ||||
-rw-r--r-- | roles/wireguard/gateway/templates/systemd.network.j2 | 7 |
5 files changed, 74 insertions, 0 deletions
diff --git a/roles/wireguard/gateway/defaults/main.yml b/roles/wireguard/gateway/defaults/main.yml new file mode 100644 index 00000000..9ee0523c --- /dev/null +++ b/roles/wireguard/gateway/defaults/main.yml @@ -0,0 +1,15 @@ +--- +# wireguard_gateway_tunnels: +# wg-test: +# description: some wireguard tunnel +# priv_key: secret +# listen_port: 1234 +# addresses: +# - 192.168.255.254/24 +# peers: +# - pub_key: public_key_of_peer +# keepalive_interval: 10 +# endpoint: 5.6.7.8:1234 +# allowed_ips: +# - 192.168.255.3/32 +# - 192.168.123.0/24 diff --git a/roles/wireguard/gateway/handlers/main.yml b/roles/wireguard/gateway/handlers/main.yml new file mode 100644 index 00000000..625032dc --- /dev/null +++ b/roles/wireguard/gateway/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: restart systemd-networkd + systemd: + daemon_reload: yes + name: systemd-networkd + state: restarted diff --git a/roles/wireguard/gateway/tasks/main.yml b/roles/wireguard/gateway/tasks/main.yml new file mode 100644 index 00000000..906ee640 --- /dev/null +++ b/roles/wireguard/gateway/tasks/main.yml @@ -0,0 +1,20 @@ +--- +- name: install wireguard interfaces (netdev) + loop: "{{ wireguard_gateway_tunnels | dict2items }}" + loop_control: + label: "{{ item.key }}" + template: + src: systemd.netdev.j2 + dest: "/etc/systemd/network/{{ item.key }}.netdev" + mode: 0640 + group: systemd-network + notify: restart systemd-networkd + +- name: install wireguard interfaces (network) + loop: "{{ wireguard_gateway_tunnels | dict2items }}" + loop_control: + label: "{{ item.key }}" + template: + src: systemd.network.j2 + dest: "/etc/systemd/network/{{ item.key }}.network" + notify: restart systemd-networkd diff --git a/roles/wireguard/gateway/templates/systemd.netdev.j2 b/roles/wireguard/gateway/templates/systemd.netdev.j2 new file mode 100644 index 00000000..62f0d0a6 --- /dev/null +++ b/roles/wireguard/gateway/templates/systemd.netdev.j2 @@ -0,0 +1,26 @@ +[NetDev] +Name={{ item.key }} +Kind=wireguard +{% if 'description' in item.value %} +Description={{ item.value.description }} +{% endif %} + + +[WireGuard] +PrivateKey={{ item.value.priv_key }} +ListenPort={{ item.value.listen_port | default(51820) }} + +{% for peer in item.value.peers %} + +[WireGuardPeer] +PublicKey={{ peer.pub_key }} +{% for ip in peer.allowed_ips %} +AllowedIPs={{ ip }} +{% endfor %} +{% if 'endpoint' in peer %} +Endpoint={{ peer.endpoint }} +{% endif %} +{% if 'keepalive_interval' in peer %} +PersistentKeepalive={{ peer.keepalive_interval }} +{% endif %} +{% endfor %} diff --git a/roles/wireguard/gateway/templates/systemd.network.j2 b/roles/wireguard/gateway/templates/systemd.network.j2 new file mode 100644 index 00000000..8d8af966 --- /dev/null +++ b/roles/wireguard/gateway/templates/systemd.network.j2 @@ -0,0 +1,7 @@ +[Match] +Name={{ item.key }} + +[Network] +{% for addr in item.value.addresses %} +Address={{ addr }} +{% endfor %} |