From f1640b44cd6d77861dbf6cfa209ddb90b1d67951 Mon Sep 17 00:00:00 2001 From: Alexandre Le Gall Date: Tue, 10 Oct 2023 11:19:42 +0200 Subject: [PATCH] [EVO] Manager wiregard as kernel module --- tasks/configuration.yml | 42 ---------------------------------- tasks/installation.yml | 33 --------------------------- tasks/main.yml | 50 +++++++++++++++++++++++++++++++++++++---- templates/wgN.j2 | 2 ++ 4 files changed, 48 insertions(+), 79 deletions(-) delete mode 100644 tasks/configuration.yml delete mode 100644 tasks/installation.yml diff --git a/tasks/configuration.yml b/tasks/configuration.yml deleted file mode 100644 index 4cc2517..0000000 --- a/tasks/configuration.yml +++ /dev/null @@ -1,42 +0,0 @@ ---- -# tasks file for wireguard - -- name: Déployer la configuration des interfaces - ansible.builtin.template: - src: wgN.j2 - dest: /etc/wireguard/{{ interface }}.conf - owner: root - group: root - mode: u=rw,g=r,o=r - loop: "{{ wireguard_interfaces }}" - loop_control: - index_var: index - label: "{{ interface }}" - vars: - interface: wg{{ index }} - become: true - register: deploy - notify: - - Activer les services - - Redémarrer les services - -#- name: Activer les services -# ansible.builtin.systemd: -# state: restarted -# enabled: true -# name: wg-quick@wg{{ item }}.service -# become: true -# loop: "{{ deploy.results | selectattr('changed', 'equalto', true) | map(attribute='index') }}" -# loop_control: -# index_var: index -# label: wg{{ index }} -# -#- name: Redémarrer les services -# ansible.builtin.systemd: -# state: restarted -# name: wg-quick@wg{{ item }}.service -# become: true -# loop: "{{ deploy.results | selectattr('changed', 'equalto', true) | map(attribute='index') }}" -# loop_control: -# index_var: index -# label: wg{{ index }} diff --git a/tasks/installation.yml b/tasks/installation.yml deleted file mode 100644 index d6fc101..0000000 --- a/tasks/installation.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -# tasks file for wireguard - -- name: Installer le paquet - ansible.builtin.apt: - update_cache: true - name: wireguard - when: wireguard_module_host | length == 0 - become: true - register: wireguard_install - -- name: Installer le module du noyau sur l'hôte - ansible.builtin.apt: - update_cache: true - name: wireguard-dkms - when: wireguard_module_host | length > 0 - delegate_to: "{{ wireguard_module_host }}" - become: true - -- name: Installer l'outil de configuration - ansible.builtin.apt: - update_cache: true - name: wireguard-tools - when: wireguard_module_host | length > 0 - become: true - -#- name: Créer le dossier contenant la configuration -# ansible.builtin.file: -# state: directory -# mode: u=rwx,g=,o= -# path: "{{ wireguard_conf_path }}" -# delegate_to: "{{ wireguard_server_host }}" -# become: true diff --git a/tasks/main.yml b/tasks/main.yml index e50456c..6ba1629 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,8 +1,50 @@ --- # tasks file for wireguard -- name: Importer les tâches d'installation - ansible.builtin.import_tasks: installation.yml +- name: Installer le paquet + ansible.builtin.apt: + update_cache: true + name: wireguard + when: wireguard_module_host | length == 0 + become: true -- name: Importer les tâches de configuration - ansible.builtin.import_tasks: configuration.yml +- name: Tâches de gestion du module du noyau + block: + - name: Charger le module du noyau + community.general.modprobe: + name: wireguard + state: present + rescue: + - name: Installer le module du noyau sur l'hôte + ansible.builtin.apt: + update_cache: true + name: wireguard-dkms + when: wireguard_module_host | length > 0 + become: true + delegate_to: "{{ wireguard_module_host }}" + +- name: Installer l'outil de configuration + ansible.builtin.apt: + update_cache: true + name: wireguard-tools + when: wireguard_module_host | length > 0 + become: true + +- name: Déployer la configuration des interfaces + ansible.builtin.template: + src: wgN.j2 + dest: /etc/wireguard/{{ interface }}.conf + owner: root + group: root + mode: u=rw,g=r,o=r + loop: "{{ wireguard_interfaces }}" + loop_control: + index_var: index + label: "{{ interface }}" + vars: + interface: wg{{ index }} + become: true + register: deploy + notify: + - Activer les services + - Redémarrer les services diff --git a/templates/wgN.j2 b/templates/wgN.j2 index 6f649b8..fa1b6d8 100644 --- a/templates/wgN.j2 +++ b/templates/wgN.j2 @@ -11,7 +11,9 @@ Address = {{ item.addresses | join(', ') }} [Peer] # {{ peer.name }} PublicKey = {{ peer.pubkey }} +{% if peer.endpoint is defined %} Endpoint = {{ peer.endpoint }} +{% endif %} AllowedIPs = {{ peer.allowed_ips | join(', ') }} {% if peer.persistent_keepalive is defined %} PersistentKeepalive = {{ peer.persistent_keepalive }}