From aefa7a4f57f91ed62ca166ecf5fdfc2eacc04f6a Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Sat, 23 Jan 2021 22:17:02 +0100
Subject: move wireguard to network sub-dir

---
 roles/wireguard/base/tasks/main.yml                | 33 -----------
 roles/wireguard/gateway/defaults/main.yml          | 27 ---------
 roles/wireguard/gateway/handlers/main.yml          |  6 --
 roles/wireguard/gateway/tasks/main.yml             | 68 ----------------------
 .../templates/systemd-fix-default-gw.service.j2    | 12 ----
 .../gateway/templates/systemd-iptables.service.j2  | 42 -------------
 .../wireguard/gateway/templates/systemd.netdev.j2  | 26 ---------
 .../wireguard/gateway/templates/systemd.network.j2 | 20 -------
 roles/wireguard/p2p/defaults/main.yml              | 18 ------
 roles/wireguard/p2p/handlers/main.yml              |  6 --
 roles/wireguard/p2p/tasks/main.yml                 | 20 -------
 .../p2p/tasks/systemd-iptables.service.j2          | 42 -------------
 roles/wireguard/p2p/templates/systemd.netdev.j2    | 26 ---------
 roles/wireguard/p2p/templates/systemd.network.j2   |  7 ---
 14 files changed, 353 deletions(-)
 delete mode 100644 roles/wireguard/base/tasks/main.yml
 delete mode 100644 roles/wireguard/gateway/defaults/main.yml
 delete mode 100644 roles/wireguard/gateway/handlers/main.yml
 delete mode 100644 roles/wireguard/gateway/tasks/main.yml
 delete mode 100644 roles/wireguard/gateway/templates/systemd-fix-default-gw.service.j2
 delete mode 100644 roles/wireguard/gateway/templates/systemd-iptables.service.j2
 delete mode 100644 roles/wireguard/gateway/templates/systemd.netdev.j2
 delete mode 100644 roles/wireguard/gateway/templates/systemd.network.j2
 delete mode 100644 roles/wireguard/p2p/defaults/main.yml
 delete mode 100644 roles/wireguard/p2p/handlers/main.yml
 delete mode 100644 roles/wireguard/p2p/tasks/main.yml
 delete mode 100644 roles/wireguard/p2p/tasks/systemd-iptables.service.j2
 delete mode 100644 roles/wireguard/p2p/templates/systemd.netdev.j2
 delete mode 100644 roles/wireguard/p2p/templates/systemd.network.j2

(limited to 'roles/wireguard')

diff --git a/roles/wireguard/base/tasks/main.yml b/roles/wireguard/base/tasks/main.yml
deleted file mode 100644
index 4d60150d..00000000
--- a/roles/wireguard/base/tasks/main.yml
+++ /dev/null
@@ -1,33 +0,0 @@
----
-- name: enable spreadspace repo
-  when: (ansible_distribution == 'Debian' and (ansible_distribution_major_version | int) < 11) or (ansible_distribution == 'Ubuntu' and (ansible_distribution_major_version | int) < 20)
-  import_role:
-    name: apt-repo/spreadspace
-
-- name: install dkms
-  import_role:
-    name: prepare-dkms
-
-- name: install wireguard packages
-  apt:
-    name:
-    - wireguard-dkms
-    - wireguard-tools
-    state: present
-
-- name: check if module is available for the currently running kernel
-  command: modprobe --dry-run wireguard
-  check_mode: no
-  register: wireguard_module_available
-  failed_when: false
-  changed_when: false
-
-- name: rebuild wireguard module
-  when: wireguard_module_available.rc != 0
-  command: dpkg-reconfigure wireguard-dkms
-
-- name: check again if module is available for the currently running kernel
-  when: wireguard_module_available.rc != 0
-  command: modprobe --dry-run wireguard
-  check_mode: no
-  changed_when: false
diff --git a/roles/wireguard/gateway/defaults/main.yml b/roles/wireguard/gateway/defaults/main.yml
deleted file mode 100644
index 69846fc3..00000000
--- a/roles/wireguard/gateway/defaults/main.yml
+++ /dev/null
@@ -1,27 +0,0 @@
----
-# wireguard_gateway_tunnels:
-#   wg-test:
-#     description: some wireguard tunnel
-#     priv_key: secret
-#     listen_port: 1234
-#     addresses:
-#     - 192.168.255.254/24
-#     ip_masq: yes
-#     ip_snat:
-#       interface: eth1
-#       to: 1.2.3.4
-#     port_forwardings:
-#     - dest: 1.2.3.4
-#       tcp_ports:
-#         80: 192.158.255.3:80
-#       udp_ports:
-#         123: 192.158.255.3:200
-#     peers:
-#     - pub_key: public_key_of_peer
-#       keepalive_interval: 10
-#       endpoint:
-#         host: 5.6.7.8
-#         port: 1234
-#       allowed_ips:
-#         - 192.168.255.3/32
-#         - 192.168.123.0/24
diff --git a/roles/wireguard/gateway/handlers/main.yml b/roles/wireguard/gateway/handlers/main.yml
deleted file mode 100644
index 625032dc..00000000
--- a/roles/wireguard/gateway/handlers/main.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-- name: restart systemd-networkd
-  systemd:
-    daemon_reload: yes
-    name: systemd-networkd
-    state: restarted
diff --git a/roles/wireguard/gateway/tasks/main.yml b/roles/wireguard/gateway/tasks/main.yml
deleted file mode 100644
index bc14db1b..00000000
--- a/roles/wireguard/gateway/tasks/main.yml
+++ /dev/null
@@ -1,68 +0,0 @@
----
-- name: install wireguard interfaces (netdev)
-  loop: "{{ wireguard_gateway_tunnels | dict2items }}"
-  loop_control:
-    label: "{{ item.key }}"
-  template:
-    src: systemd.netdev.j2
-    dest: "/etc/systemd/network/{{ item.key }}.netdev"
-    mode: 0640
-    group: systemd-network
-  notify: restart systemd-networkd
-
-- name: install wireguard interfaces (network)
-  loop: "{{ wireguard_gateway_tunnels | dict2items }}"
-  loop_control:
-    label: "{{ item.key }}"
-  template:
-    src: systemd.network.j2
-    dest: "/etc/systemd/network/{{ item.key }}.network"
-  notify: restart systemd-networkd
-
-- name: enable systemd-networkd
-  systemd:
-    name: systemd-networkd
-    enabled: yes
-    state: started
-
-
-- name: create iptables service unit
-  loop: "{{ wireguard_gateway_tunnels | dict2items }}"
-  loop_control:
-    label: "{{ item.key }}"
-  when: "'ip_snat' in item.value or 'port_forwardings' in item.value"
-  template:
-    src: systemd-iptables.service.j2
-    dest: "/etc/systemd/system/wireguard-gateway-{{ item.key }}-iptables.service"
-
-- name: enable/start iptables service unit
-  loop: "{{ wireguard_gateway_tunnels | dict2items }}"
-  loop_control:
-    label: "{{ item.key }}"
-  when: "'ip_snat' in item.value or 'port_forwardings' in item.value"
-  systemd:
-    daemon_reload: yes
-    name: "wireguard-gateway-{{ item.key }}-iptables.service"
-    enabled: yes
-    state: started
-
-
-- name: install workaround for default-gateway handling
-  loop: "{{ wireguard_gateway_tunnels | dict2items }}"
-  loop_control:
-    label: "{{ item.key }}"
-  when: "'default_gateway' in item.value"
-  template:
-    src: systemd-fix-default-gw.service.j2
-    dest: "/etc/systemd/system/wireguard-gateway-{{ item.key }}-fix-default-gw.service"
-
-- name: enable/start workaround for default-gateway handling
-  loop: "{{ wireguard_gateway_tunnels | dict2items }}"
-  loop_control:
-    label: "{{ item.key }}"
-  when: "'default_gateway' in item.value"
-  systemd:
-    daemon_reload: yes
-    name: "wireguard-gateway-{{ item.key }}-fix-default-gw.service"
-    enabled: yes
-    state: started
diff --git a/roles/wireguard/gateway/templates/systemd-fix-default-gw.service.j2 b/roles/wireguard/gateway/templates/systemd-fix-default-gw.service.j2
deleted file mode 100644
index d2d8a470..00000000
--- a/roles/wireguard/gateway/templates/systemd-fix-default-gw.service.j2
+++ /dev/null
@@ -1,12 +0,0 @@
-[Unit]
-Wants=network-online.target
-After=network-online.target
-
-[Service]
-Type=oneshot
-ExecStart=/sbin/ip route add {{ item.value.default_gateway.outer }} via {{ ansible_default_ipv4.gateway }}
-ExecStop=/sbin/ip route del {{ item.value.default_gateway.outer }} via {{ ansible_default_ipv4.gateway }}
-RemainAfterExit=yes
-
-[Install]
-WantedBy=multi-user.target
diff --git a/roles/wireguard/gateway/templates/systemd-iptables.service.j2 b/roles/wireguard/gateway/templates/systemd-iptables.service.j2
deleted file mode 100644
index 11cf4b8a..00000000
--- a/roles/wireguard/gateway/templates/systemd-iptables.service.j2
+++ /dev/null
@@ -1,42 +0,0 @@
-[Unit]
-Wants=network-online.target
-After=network-online.target
-
-
-[Service]
-Type=oneshot
-
-{% if 'ip_snat' in item.value %}
-ExecStart=/usr/sbin/sysctl net.ipv4.ip_forward=1
-{%   for addr in item.value.addresses %}
-ExecStart=/sbin/iptables -t nat -A POSTROUTING -s {{ addr | ipaddr('network/prefix') }} -o {{ item.value.ip_snat.interface }} -j SNAT --to {{ item.value.ip_snat.to }}
-{%   endfor %}
-{% endif %}
-{% for forward in item.value.port_forwardings | default([]) %}
-{%   for port in forward.tcp_ports | default([]) %}
-ExecStart=/sbin/iptables -t nat -A PREROUTING -d {{ forward.dest }} -p tcp --dport {{ port }} -j DNAT --to {{ forward.tcp_ports[port] }}
-{%   endfor %}
-{%   for port in forward.udp_ports | default([]) %}
-ExecStart=/sbin/iptables -t nat -A PREROUTING -d {{ forward.dest }} -p udp --dport {{ port }} -j DNAT --to {{ forward.udp_ports[port] }}
-{%   endfor %}
-{% endfor %}
-
-{% if 'ip_snat' in item.value %}
-{%   for addr in item.value.addresses %}
-ExecStop=/sbin/iptables -t nat -D POSTROUTING -s {{ addr | ipaddr('network/prefix') }} -o {{ item.value.ip_snat.interface }} -j SNAT --to {{ item.value.ip_snat.to }}
-{%   endfor %}
-{% endif %}
-{% for forward in item.value.port_forwardings | default([]) %}
-{%   for port in forward.tcp_ports | default([]) %}
-ExecStop=/sbin/iptables -t nat -D PREROUTING -d {{ forward.dest }} -p tcp --dport {{ port }} -j DNAT --to {{ forward.tcp_ports[port] }}
-{%   endfor %}
-{%   for port in forward.udp_ports | default([]) %}
-ExecStop=/sbin/iptables -t nat -D PREROUTING -d {{ forward.dest }} -p udp --dport {{ port }} -j DNAT --to {{ forward.udp_ports[port] }}
-{%   endfor %}
-{% endfor %}
-
-RemainAfterExit=yes
-
-
-[Install]
-WantedBy=multi-user.target
diff --git a/roles/wireguard/gateway/templates/systemd.netdev.j2 b/roles/wireguard/gateway/templates/systemd.netdev.j2
deleted file mode 100644
index 96399b52..00000000
--- a/roles/wireguard/gateway/templates/systemd.netdev.j2
+++ /dev/null
@@ -1,26 +0,0 @@
-[NetDev]
-Name={{ item.key }}
-Kind=wireguard
-{% if 'description' in item.value %}
-Description={{ item.value.description }}
-{% endif %}
-
-
-[WireGuard]
-PrivateKey={{ item.value.priv_key }}
-ListenPort={{ item.value.listen_port | default(51820) }}
-
-{% for peer in item.value.peers %}
-
-[WireGuardPeer]
-PublicKey={{ peer.pub_key }}
-{%   for ip in peer.allowed_ips %}
-AllowedIPs={{ ip }}
-{%   endfor %}
-{%   if 'endpoint' in peer %}
-Endpoint={{ peer.endpoint.host }}:{{ peer.endpoint.port | default(51820) }}
-{%   endif %}
-{%   if 'keepalive_interval' in peer %}
-PersistentKeepalive={{ peer.keepalive_interval }}
-{%   endif %}
-{% endfor %}
diff --git a/roles/wireguard/gateway/templates/systemd.network.j2 b/roles/wireguard/gateway/templates/systemd.network.j2
deleted file mode 100644
index 6847aa6a..00000000
--- a/roles/wireguard/gateway/templates/systemd.network.j2
+++ /dev/null
@@ -1,20 +0,0 @@
-[Match]
-Name={{ item.key }}
-
-[Network]
-{% for addr in item.value.addresses %}
-Address={{ addr }}
-{% endfor %}
-{% if 'ip_masq' in item.value and item.value.ip_masq %}
-IPMasquerade=yes
-{% endif %}
-{% if 'default_gateway' in item.value %}
-
-[Route]
-Destination=0.0.0.0/1
-Gateway={{ item.value.default_gateway.inner }}
-
-[Route]
-Destination=128.0.0.0/1
-Gateway={{ item.value.default_gateway.inner }}
-{% endif %}
diff --git a/roles/wireguard/p2p/defaults/main.yml b/roles/wireguard/p2p/defaults/main.yml
deleted file mode 100644
index 9d93b810..00000000
--- a/roles/wireguard/p2p/defaults/main.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-# wireguard_p2p_interface:
-#   name: p2p
-#   description: some wireguard tunnel
-#   priv_key: secret
-#   listen_port: 1234
-#   addresses:
-#   - 192.168.123.254/24
-
-# wireguard_p2p_peer:
-#   pub_key: public_key_of_peer
-#   keepalive_interval: 10
-#   endpoint:
-#     host: 5.6.7.8
-#     port: 1234
-#   allowed_ips:
-#     - 192.168.255.3/32
-#     - 192.168.123.0/24
diff --git a/roles/wireguard/p2p/handlers/main.yml b/roles/wireguard/p2p/handlers/main.yml
deleted file mode 100644
index 625032dc..00000000
--- a/roles/wireguard/p2p/handlers/main.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-- name: restart systemd-networkd
-  systemd:
-    daemon_reload: yes
-    name: systemd-networkd
-    state: restarted
diff --git a/roles/wireguard/p2p/tasks/main.yml b/roles/wireguard/p2p/tasks/main.yml
deleted file mode 100644
index 78cfaf43..00000000
--- a/roles/wireguard/p2p/tasks/main.yml
+++ /dev/null
@@ -1,20 +0,0 @@
----
-- name: install wireguard interfaces (netdev)
-  template:
-    src: systemd.netdev.j2
-    dest: "/etc/systemd/network/{{ wireguard_p2p_interface.name }}.netdev"
-    mode: 0640
-    group: systemd-network
-  notify: restart systemd-networkd
-
-- name: install wireguard interfaces (network)
-  template:
-    src: systemd.network.j2
-    dest: "/etc/systemd/network/{{ wireguard_p2p_interface.name }}.network"
-  notify: restart systemd-networkd
-
-- name: enable systemd-networkd
-  systemd:
-    name: systemd-networkd
-    enabled: yes
-    state: started
diff --git a/roles/wireguard/p2p/tasks/systemd-iptables.service.j2 b/roles/wireguard/p2p/tasks/systemd-iptables.service.j2
deleted file mode 100644
index 11cf4b8a..00000000
--- a/roles/wireguard/p2p/tasks/systemd-iptables.service.j2
+++ /dev/null
@@ -1,42 +0,0 @@
-[Unit]
-Wants=network-online.target
-After=network-online.target
-
-
-[Service]
-Type=oneshot
-
-{% if 'ip_snat' in item.value %}
-ExecStart=/usr/sbin/sysctl net.ipv4.ip_forward=1
-{%   for addr in item.value.addresses %}
-ExecStart=/sbin/iptables -t nat -A POSTROUTING -s {{ addr | ipaddr('network/prefix') }} -o {{ item.value.ip_snat.interface }} -j SNAT --to {{ item.value.ip_snat.to }}
-{%   endfor %}
-{% endif %}
-{% for forward in item.value.port_forwardings | default([]) %}
-{%   for port in forward.tcp_ports | default([]) %}
-ExecStart=/sbin/iptables -t nat -A PREROUTING -d {{ forward.dest }} -p tcp --dport {{ port }} -j DNAT --to {{ forward.tcp_ports[port] }}
-{%   endfor %}
-{%   for port in forward.udp_ports | default([]) %}
-ExecStart=/sbin/iptables -t nat -A PREROUTING -d {{ forward.dest }} -p udp --dport {{ port }} -j DNAT --to {{ forward.udp_ports[port] }}
-{%   endfor %}
-{% endfor %}
-
-{% if 'ip_snat' in item.value %}
-{%   for addr in item.value.addresses %}
-ExecStop=/sbin/iptables -t nat -D POSTROUTING -s {{ addr | ipaddr('network/prefix') }} -o {{ item.value.ip_snat.interface }} -j SNAT --to {{ item.value.ip_snat.to }}
-{%   endfor %}
-{% endif %}
-{% for forward in item.value.port_forwardings | default([]) %}
-{%   for port in forward.tcp_ports | default([]) %}
-ExecStop=/sbin/iptables -t nat -D PREROUTING -d {{ forward.dest }} -p tcp --dport {{ port }} -j DNAT --to {{ forward.tcp_ports[port] }}
-{%   endfor %}
-{%   for port in forward.udp_ports | default([]) %}
-ExecStop=/sbin/iptables -t nat -D PREROUTING -d {{ forward.dest }} -p udp --dport {{ port }} -j DNAT --to {{ forward.udp_ports[port] }}
-{%   endfor %}
-{% endfor %}
-
-RemainAfterExit=yes
-
-
-[Install]
-WantedBy=multi-user.target
diff --git a/roles/wireguard/p2p/templates/systemd.netdev.j2 b/roles/wireguard/p2p/templates/systemd.netdev.j2
deleted file mode 100644
index 04abfa1d..00000000
--- a/roles/wireguard/p2p/templates/systemd.netdev.j2
+++ /dev/null
@@ -1,26 +0,0 @@
-[NetDev]
-Name={{ wireguard_p2p_interface.name }}
-Kind=wireguard
-{% if 'description' in wireguard_p2p_interface %}
-Description={{ wireguard_p2p_interface.description }}
-{% endif %}
-
-
-[WireGuard]
-PrivateKey={{ wireguard_p2p_interface.priv_key }}
-{% if 'listen_port' in wireguard_p2p_interface %}
-ListenPort={{ wireguard_p2p_interface.listen_port }}
-{% endif %}
-
-
-[WireGuardPeer]
-PublicKey={{ wireguard_p2p_peer.pub_key }}
-{% for ip in wireguard_p2p_peer.allowed_ips %}
-AllowedIPs={{ ip }}
-{% endfor %}
-{% if 'endpoint' in wireguard_p2p_peer %}
-Endpoint={{ wireguard_p2p_peer.endpoint.host }}:{{ wireguard_p2p_peer.endpoint.port | default(51820) }}
-{% endif %}
-{% if 'keepalive_interval' in wireguard_p2p_peer %}
-PersistentKeepalive={{ wireguard_p2p_peer.keepalive_interval }}
-{% endif %}
diff --git a/roles/wireguard/p2p/templates/systemd.network.j2 b/roles/wireguard/p2p/templates/systemd.network.j2
deleted file mode 100644
index 3d1e2431..00000000
--- a/roles/wireguard/p2p/templates/systemd.network.j2
+++ /dev/null
@@ -1,7 +0,0 @@
-[Match]
-Name={{ wireguard_p2p_interface.name }}
-
-[Network]
-{% for addr in wireguard_p2p_interface.addresses %}
-Address={{ addr }}
-{% endfor %}
-- 
cgit v1.2.3