From a895214d8fe4b515fbef15a7f919c5177543ac56 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Sat, 29 Feb 2020 03:29:26 +0100
Subject: wireguard gateway works now (it is quite ugly though)

---
 roles/wireguard/gateway/tasks/main.yml | 48 ++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)

(limited to 'roles/wireguard/gateway/tasks/main.yml')

diff --git a/roles/wireguard/gateway/tasks/main.yml b/roles/wireguard/gateway/tasks/main.yml
index 906ee640..bc14db1b 100644
--- a/roles/wireguard/gateway/tasks/main.yml
+++ b/roles/wireguard/gateway/tasks/main.yml
@@ -18,3 +18,51 @@
     src: systemd.network.j2
     dest: "/etc/systemd/network/{{ item.key }}.network"
   notify: restart systemd-networkd
+
+- name: enable systemd-networkd
+  systemd:
+    name: systemd-networkd
+    enabled: yes
+    state: started
+
+
+- name: create iptables service unit
+  loop: "{{ wireguard_gateway_tunnels | dict2items }}"
+  loop_control:
+    label: "{{ item.key }}"
+  when: "'ip_snat' in item.value or 'port_forwardings' in item.value"
+  template:
+    src: systemd-iptables.service.j2
+    dest: "/etc/systemd/system/wireguard-gateway-{{ item.key }}-iptables.service"
+
+- name: enable/start iptables service unit
+  loop: "{{ wireguard_gateway_tunnels | dict2items }}"
+  loop_control:
+    label: "{{ item.key }}"
+  when: "'ip_snat' in item.value or 'port_forwardings' in item.value"
+  systemd:
+    daemon_reload: yes
+    name: "wireguard-gateway-{{ item.key }}-iptables.service"
+    enabled: yes
+    state: started
+
+
+- name: install workaround for default-gateway handling
+  loop: "{{ wireguard_gateway_tunnels | dict2items }}"
+  loop_control:
+    label: "{{ item.key }}"
+  when: "'default_gateway' in item.value"
+  template:
+    src: systemd-fix-default-gw.service.j2
+    dest: "/etc/systemd/system/wireguard-gateway-{{ item.key }}-fix-default-gw.service"
+
+- name: enable/start workaround for default-gateway handling
+  loop: "{{ wireguard_gateway_tunnels | dict2items }}"
+  loop_control:
+    label: "{{ item.key }}"
+  when: "'default_gateway' in item.value"
+  systemd:
+    daemon_reload: yes
+    name: "wireguard-gateway-{{ item.key }}-fix-default-gw.service"
+    enabled: yes
+    state: started
-- 
cgit v1.2.3