Merge pull request #1 from roles-ansible/u

Finishing v1 of l3d.wireguard

.github/workflows/ansible-linting-check.yml

@@ -20,3 +20,4 @@ jobs:
         uses: ansible-actions/[email protected]
         with:
           target: "./"
+          required_collections: 'ansible.posix'

README.md

@@ -1,4 +1,62 @@
-# ansible_collections_wireguard
-Ansible Collection to configure wireguard
+[![collection l3d.wireguard](https://ansible.l3d.space/svg/l3d.wireguard_ansible-collection_collection.svg)](https://galaxy.ansible.com/ui/repo/published/l3d/wireguard/)
+[![Maintainance](https://ansible.l3d.space/svg/l3d.wireguard_maintainance_collection.svg)](https://ansible.l3d.space/#l3d.wireguard)
+[![License](https://ansible.l3d.space/svg/l3d.wireguard_license_collection.svg)](LICENSE)
 
-Work in Progress
+ Ansible Collection - l3d.wireguard
+============================
+
+This is the Ansible Collection ``l3d.wireguard``. A collection to to install wireguard-ui on linux servers.
+
+## Ansible Roles in l3d.wireguard
+- [![l3d.wireguard.wireguardui](https://ansible.l3d.space/svg/l3d.wireguard.wireguardui_ansible-role.svg)](https://galaxy.ansible.com/ui/repo/published/l3d/wireguard/content/role/wireguardui/) - Ansible role to install wireguard-ui
+
+## Using this Collection
+You can install the collection using ansible-galaxy by running:
+```bash
+ansible-galaxy collection install l3d.wireguard:1.0.0
+```
+
+Remember you can to Upgrade to the latest version of the l3d.wireguard collection using the ``--upgrade`` parameter:
+```bash
+ansible-galaxy collection install l3d.wireguard --upgrade
+```
+
+
+Or you could clone this collection in your local ansible project for example to ``collections/ansible_collections/l3d.wireguard/``. Make sure you checkout [git submodules](https://git-scm.com/docs/git-submodule) too. Example:
+```
+# Clone git Repo with submodules to specified path
+git clone --recursive https://github.com/roles-ansible/ansible_collection_wireguard.git collections/ansible_collections/l3d/wireguard/
+
+# change directory
+cd collections/ansible_collections/l3d.wireguard/
+
+# optionally init git submodules
+git submodule update --init --recursive
+
+# optionally install all requirements
+ansible-galaxy collection install -r requirements.yml --upgrade
+```
+
+You can also list a collection in ``requirements.yml``:
+```yaml
+---
+collections:
+  - name: l3d.wireguard
+    version: ">=1.0.0"
+```
+
+## Example Playbook
+Example Playbook using the l3d.wireguard.wireguardui role:
+
+```yaml
+---
+- name: "Install and Setup Wireguard-UI"
+  hosts: wireguard.example.com
+  roles:
+    - {role: l3d.wireguard.wireguardui, tags: wireguardui}
+  vars:
+    wireguardui__conf_int_address: '10.42.42.0/24,fd42:1337:4223::/48'
+```
+
+## Requirements
+The roles in this collection using the ``community.general`` and ``ansible.posix`` ansible Collections.

galaxy.yml

@@ -42,6 +42,7 @@ tags:
 # range specifiers can be set and are separated by ','
 dependencies:
   "community.general": ">=9.5.0,<11.0.0"
+  "ansible.posix": ">=1.5.4,<2.0.0"
 
 # The URL of the originating SCM repository
 repository: https://github.com/roles-ansible/ansible_collection_wireguard.git

roles/wireguardui/README.md

@@ -0,0 +1,50 @@
+[![Ansible Galaxy](https://ansible.l3d.space/svg/l3d.wireguard.wireguardui_ansible-role.svg)](https://galaxy.ansible.com/ui/repo/published/l3d/wireguard/content/role/wireguardui/)
+[![MIT License](https://ansible.l3d.space/svg/l3d.wireguard_license_collection.svg)](LICENSE)
+[![Maintainance](https://ansible.l3d.space/svg/l3d.wireguard_maintainance_collection.svg)](https://ansible.l3d.space/#l3d.wireguard)
+
+ ansible role wireguard-ui
+=======================
+
+Ansible role to install wireguard-ui
+
+Visit [github.com/ngoduykhanh/wireguard-ui](https://github.com/ngoduykhanh/wireguard-ui) for more information about wireguard-ui.
+
+
+ Variables
+-----------
+
+| Variable                          | Value                             | Description                                                  |
+| --------------------------------- | --------------------------------- | ------------------------------------------------------------ |
+| ``wireguardui__version``          | ``latest``                        | Wireguard version to install - ``latest`` for newest release |
+| ``wireguardui__conf_bind``        | ``127.0.0.1:5000``                | Webserver Bind Port                                          |
+| ``wireguardui__conf_int_address`` | ``10.23.42.0/24``                 | Wireguard interface ip addesses *(komma seperated)*          |
+| ``wireguardui__conf_int_port``    | ``51820``                         | Wireguard Port                                               |
+| ``wireguardui__conf_allowed_ips`` | ``wireguardui__conf_int_address`` | Allowed wireguard IP addresses                               |
+| ``wireguardui__conf_endpoint_ip`` | ``ansible_default_ipv4.address``  | Wireguard endpoint ip                                        |
+| ``wireguardui__wg_interface``     | ``wg0``                           | Interface for ip forwarding rule                             |
+| ``wireguardui__ipv4_forward``     | ``true``                          | set ``net.ipv4.conf.wg0.forwarding``                         |
+| ``wireguardui__ipv6_forward``     | ``true``                          | set ``net.ipv6.conf.wg0.forwarding``                         |
+| ``submodules_versioncheck``       | ``false``                         | optional simple version check                                |
+
+## Example Playbook
+Example Playbook using the l3d.wireguard.wireguardui role:
+
+```yaml
+---
+- name: "Install and Setup Wireguard-UI"
+  hosts: wireguard.example.com
+  roles:
+    - {role: l3d.wireguard.wireguardui, tags: wireguardui}
+  vars:
+    wireguardui__conf_int_address: '10.42.42.0/24,fd42:1337:4223::/48'
+```
+
+Contribution
+--------------
+
+Please feel free to open an issue or Pull-Request
+
+ Requirements
+--------------
+
+Ansible Collections ``community.general`` and ``ansible.posix``

roles/wireguardui/defaults/main.yml

@@ -1,5 +1,17 @@
 ---
 wireguardui__version: 'latest'
 
+# config
+wireguardui__conf_bind: '127.0.0.1:5000'
+wireguardui__conf_int_address: '10.23.42.0/24'
+wireguardui__conf_int_port: '51820'
+wireguardui__conf_allowed_ips: "{{ wireguardui__conf_int_address }}"
+wireguardui__conf_endpoint_ip: "{{ ansible_default_ipv4.address }}"
+
+# network
+wireguardui__wg_interface: 'wg0'
+wireguardui__ipv4_forward: true
+wireguardui__ipv6_forward: true
+
 # Optional perform simple Versionscheck
 submodules_versioncheck: false

roles/wireguardui/handlers/main.yml

@@ -6,6 +6,7 @@
     name: 'wgui.path'
     enabled: true
     state: 'restarted'
+  notify: "systemctl restart wireguard-ui.service"
 
 - name: Run systemctl restart wgui.service
   listen: 'systemctl restart wgui.service'
@@ -14,6 +15,7 @@
     name: 'wgui.service'
     enabled: true
     state: 'restarted'
+  notify: "systemctl restart wireguard-ui.service"
 
 - name: Run systemctl restart wireguard-ui.service
   listen: 'systemctl restart wireguard-ui.service'

roles/wireguardui/tasks/configure.yml

@@ -1,4 +1,14 @@
 ---
+- name: Create /etc/wireguard-ui.conf config
+  become: true
+  ansible.builtin.template:
+    src: 'templates/wireguard-ui.conf.j2'
+    dest: '/etc/wireguard-ui.conf'
+    owner: 'root'
+    group: 'root'
+    mode: '0640'
+  notify: "systemctl restart wireguard-ui.service"
+
 - name: Create wireguard-ui systemd service
   become: true
   ansible.builtin.template:

roles/wireguardui/tasks/main.yml

@@ -19,3 +19,10 @@
 - name: Create systemd unit
   ansible.builtin.include_tasks:
     file: 'systemd.yml'
+
+- name: Enable IP Forward
+  ansible.builtin.include_tasks:
+    file: 'routing.yml'
+  when:
+    - wireguardui__ipv4_forward | bool
+    - wireguardui__ipv6_forward | bool

roles/wireguardui/tasks/routing.yml

@@ -0,0 +1,22 @@
+---
+- name: Set IPv4 Forwarding
+  become: true
+  ansible.posix.sysctl:
+    name: "net.ipv4.conf.{{ wireguardui__wg_interface }}.forwarding"
+    value: '1'
+    sysctl_set: true
+    state: present
+    reload: true
+  when: wireguardui__ipv4_forward | bool
+  notify: "systemctl restart wireguard-ui.service"
+
+- name: Set IPv6 Forwarding
+  become: true
+  ansible.posix.sysctl:
+    name: "net.ipv6.conf.{{ wireguardui__wg_interface }}.forwarding"
+    value: '1'
+    sysctl_set: true
+    state: present
+    reload: true
+  when: wireguardui__ipv6_forward | bool
+  notify: "systemctl restart wireguard-ui.service"

roles/wireguardui/tasks/systemd.yml

@@ -7,6 +7,9 @@
     owner: 'root'
     group: 'root'
     mode: '0644'
+    modification_time: preserve
+    access_time: preserve
+  notify: "systemctl restart wireguard-ui.service"
 
 - name: Copy systemd units
   become: true
@@ -31,3 +34,4 @@
   with_items:
     - 'wgui.path'
     - 'wgui.service'
+  changed_when: false

roles/wireguardui/tasks/user.yml

@@ -15,3 +15,4 @@
     create_home: true
     system: true
     shell: '/bin/bash'
+  notify: "systemctl restart wireguard-ui.service"

roles/wireguardui/templates/wireguard-ui.conf.j2

@@ -0,0 +1,6 @@
+{{ ansible_managed | comment }}
+BIND_ADDRESS="{{ wireguardui__conf_bind }}"
+WGUI_SERVER_INTERFACE_ADDRESSES="{{ wireguardui__conf_int_address }}"
+WGUI_SERVER_LISTEN_PORT="{{ wireguardui__conf_int_port }}"
+WGUI_DEFAULT_CLIENT_ALLOWED_IPS="{{ wireguardui__conf_allowed_ips }}"
+WGUI_ENDPOINT_ADDRESS="{{ wireguardui__conf_endpoint_ip }}"

roles/wireguardui/templates/wireguard-ui.service.j2

@@ -4,8 +4,9 @@ Description=Wireguard-ui Service
 After=network.target
 
 [Service]
-Type=oneshot
+Type=simple
 ExecStart={{ wireguardui__full_executable_path }}
+EnvironmentFile=/etc/wireguard-ui.conf
 User=root
 Group=root
 

roles/wireguardui/vars/main.yml

@@ -15,5 +15,5 @@ wireguardui__go_arch_map:
 
 wireguardui__arch: "{{ wireguardui__go_arch_map[ansible_architecture] | default(ansible_architecture) }}"
 
-packages__playbook_version_number: 4
+packages__playbook_version_number: 7
 packages__playbook_version_path: 'l3d.wireguard.wireguardui.version'