From 683967697d42fbc68f614478781fc633e4e04dd5 Mon Sep 17 00:00:00 2001
From: Someone <someone@somenet.org>
Date: Mon, 29 Apr 2024 10:46:28 +0200
Subject: [PATCH] [roles/base/wireguard] install wireguard tools

---
 roles/base/wireguard/defaults/main.yml        | 13 +++++++++
 roles/base/wireguard/files/default/wg0.conf   | 17 ++++++++++++
 roles/base/wireguard/handlers/main.yml        | 13 +++++++++
 roles/base/wireguard/tasks/main.yml           | 23 ++++++++++++++++
 .../wireguard/tasks/wireguard_interface.yml   | 27 +++++++++++++++++++
 5 files changed, 93 insertions(+)
 create mode 100644 roles/base/wireguard/defaults/main.yml
 create mode 100644 roles/base/wireguard/files/default/wg0.conf
 create mode 100644 roles/base/wireguard/handlers/main.yml
 create mode 100644 roles/base/wireguard/tasks/main.yml
 create mode 100644 roles/base/wireguard/tasks/wireguard_interface.yml

diff --git a/roles/base/wireguard/defaults/main.yml b/roles/base/wireguard/defaults/main.yml
new file mode 100644
index 0000000..f72d7af
--- /dev/null
+++ b/roles/base/wireguard/defaults/main.yml
@@ -0,0 +1,13 @@
+#####################################
+### someone's ansible provisioner ###
+#####################################
+# Part of: https://git.somenet.org/root/pub/somesible.git
+# 2017-2024 by someone <someone@somenet.org>
+#
+# If not overridden in inventory or as a parameter, this is the value that will be used
+#
+---
+setup_wireguard: False
+
+wireguard_interfaces:
+  - wg0
diff --git a/roles/base/wireguard/files/default/wg0.conf b/roles/base/wireguard/files/default/wg0.conf
new file mode 100644
index 0000000..39c47a9
--- /dev/null
+++ b/roles/base/wireguard/files/default/wg0.conf
@@ -0,0 +1,17 @@
+#
+################################################
+### Managed by someone's ansible provisioner ###
+################################################
+# Part of: https://git.somenet.org/root/pub/somesible.git
+# 2017-2024 by someone <someone@somenet.org>
+#
+
+[Interface]
+Address = .../24
+PrivateKey = ...
+
+[Peer]
+PublicKey = ...
+AllowedIPs = .../24
+Endpoint = ...:51820
+PersistentKeepalive = 25
diff --git a/roles/base/wireguard/handlers/main.yml b/roles/base/wireguard/handlers/main.yml
new file mode 100644
index 0000000..9cbe491
--- /dev/null
+++ b/roles/base/wireguard/handlers/main.yml
@@ -0,0 +1,13 @@
+#####################################
+### someone's ansible provisioner ###
+#####################################
+# Part of: https://git.somenet.org/root/pub/somesible.git
+# 2017-2024 by someone <someone@somenet.org>
+#
+---
+- name: restart wg-quick.target
+  systemd:
+    name: wg-quick.target
+    daemon_reload: yes
+    state: restarted
+  ignore_errors: yes
diff --git a/roles/base/wireguard/tasks/main.yml b/roles/base/wireguard/tasks/main.yml
new file mode 100644
index 0000000..1da2abe
--- /dev/null
+++ b/roles/base/wireguard/tasks/main.yml
@@ -0,0 +1,23 @@
+#####################################
+### someone's ansible provisioner ###
+#####################################
+# Part of: https://git.somenet.org/root/pub/somesible.git
+# 2017-2024 by someone <someone@somenet.org>
+#
+---
+- name: install wireguard
+  apt:
+    pkg:
+    - wireguard
+    state: present
+    policy_rc_d: 101
+  when: setup_wireguard | bool
+  tags: "online"
+  ignore_errors: "{{ignore_online_errors | bool}}"
+
+
+- include_tasks: wireguard_interface.yml
+  with_items: "{{wireguard_interfaces}}"
+  loop_control:
+    loop_var: wg
+  when: setup_wireguard | bool
diff --git a/roles/base/wireguard/tasks/wireguard_interface.yml b/roles/base/wireguard/tasks/wireguard_interface.yml
new file mode 100644
index 0000000..c0f300b
--- /dev/null
+++ b/roles/base/wireguard/tasks/wireguard_interface.yml
@@ -0,0 +1,27 @@
+#####################################
+### someone's ansible provisioner ###
+#####################################
+# Part of: https://git.somenet.org/root/pub/somesible.git
+# 2017-2024 by someone <someone@somenet.org>
+#
+---
+- name: copy wireguard interface {{wg}} config
+  copy:
+    src: "{{item}}"
+    dest: "/etc/wireguard/{{wg}}.conf"
+    mode: 0600
+    owner: "root"
+    group: "root"
+  with_first_found:
+    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/{{wg}}.conf"
+    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/{{wg}}.conf"
+    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/{{wg}}.conf"
+    - "default/{{wg}}.conf"
+  # does not work. Also register + when changed breaks the connections immediately, do not use!
+  #notify: restart wg-quick.target
+
+
+- name: "enable and start wireguard interface wg-quick@{{wg}}.service"
+  include_role: name="base/systemd/enable-and-start"
+  vars:
+    service_name: "wg-quick@{{wg}}.service"
-- 
2.43.0