fallback to wg-quick because of the clusterfuck of configuration types between the OSs

This commit is contained in:
histausse 2021-07-08 00:33:13 +02:00
parent 82bd1cfb32
commit 199932a2fa
Signed by: histausse
GPG key ID: 67486F107F62E9E9
19 changed files with 63 additions and 56 deletions

View file

@ -1,6 +1,7 @@
--- ---
vpn_interfaces: vpn_interfaces:
wg0: wg0:
ip: "{{ interfaces.wg0.ipv4 }}"
private_key: "{{ vpn_vault_azerty_key }}" private_key: "{{ vpn_vault_azerty_key }}"
public_key: "o9rdoSdnp4twbNbZAMl0wY4sFQh647qqRv6V8HJwMQY=" public_key: "o9rdoSdnp4twbNbZAMl0wY4sFQh647qqRv6V8HJwMQY="
keepalive: true keepalive: true

View file

@ -1,6 +1,7 @@
--- ---
vpn_interfaces: vpn_interfaces:
wg0: wg0:
ip: "{{ interfaces.wg0.ipv4 }}"
private_key: "{{ vpn_vault_hellman_key }}" private_key: "{{ vpn_vault_hellman_key }}"
public_key: "+qV1RHAgSigOkrxUKqpGR83bydmlIHrEiw+A7zjbRk4=" public_key: "+qV1RHAgSigOkrxUKqpGR83bydmlIHrEiw+A7zjbRk4="
keepalive: true keepalive: true

View file

@ -1,6 +1,7 @@
--- ---
vpn_interfaces: vpn_interfaces:
wg0: wg0:
ip: "{{ interfaces.wg0.ipv4 }}"
private_key: "{{ vpn_vault_hindley_key }}" private_key: "{{ vpn_vault_hindley_key }}"
public_key: "Ce48/ZdvpI2S82bIivhiWHQsyidzTAtxCnEYojY3xEA=" public_key: "Ce48/ZdvpI2S82bIivhiWHQsyidzTAtxCnEYojY3xEA="
keepalive: false keepalive: false

View file

@ -1,6 +1,7 @@
--- ---
vpn_interfaces: vpn_interfaces:
wg0: wg0:
ip: "{{ interfaces.wg0.ipv4 }}"
private_key: "{{ vpn_vault_rossum_key }}" private_key: "{{ vpn_vault_rossum_key }}"
public_key: "YNEp3V5wsDLxDR29WhzECOCdOxiOuxuAqUUwS3gJWT4=" public_key: "YNEp3V5wsDLxDR29WhzECOCdOxiOuxuAqUUwS3gJWT4="
keepalive: true keepalive: true

View file

@ -1,7 +1,7 @@
--- ---
interfaces: interfaces:
enp0s3: enp0s3:
ipv4: 10.0.2.14 ipv4: 10.0.2.5
netmaskv4: 24 netmaskv4: 24
type: static type: static
routes: routes:

View file

@ -1,6 +1,7 @@
--- ---
vpn_interfaces: vpn_interfaces:
wg0: wg0:
ip: "{{ interfaces.wg0.ipv4 }}"
private_key: "{{ vpn_vault_vm1_key }}" private_key: "{{ vpn_vault_vm1_key }}"
public_key: "uccS/p19vinH/S2GpVarDTYah4oRiSIABue8uEqKzRs=" public_key: "uccS/p19vinH/S2GpVarDTYah4oRiSIABue8uEqKzRs="
keepalive: true keepalive: true

View file

@ -1,7 +1,7 @@
--- ---
interfaces: interfaces:
enp0s3: enp0s3:
ipv4: 10.0.2.16 ipv4: 10.0.2.6
netmaskv4: 24 netmaskv4: 24
type: static type: static
routes: routes:

View file

@ -1,6 +1,7 @@
--- ---
vpn_interfaces: vpn_interfaces:
wg0: wg0:
ip: "{{ interfaces.wg0.ipv4 }}"
private_key: "{{ vpn_vault_vm2_key }}" private_key: "{{ vpn_vault_vm2_key }}"
public_key: "pxsYnL8N3VVVLlkXA8NOkqWsrSMrgdL1vj/VnZfKdRo=" public_key: "pxsYnL8N3VVVLlkXA8NOkqWsrSMrgdL1vj/VnZfKdRo="
keepalive: true keepalive: true

View file

@ -1,7 +1,7 @@
--- ---
interfaces: interfaces:
enp0s3: enp0s3:
ipv4: 10.0.2.17 ipv4: 10.0.2.7
netmaskv4: 24 netmaskv4: 24
type: static type: static
routes: routes:

View file

@ -1,6 +1,7 @@
--- ---
vpn_interfaces: vpn_interfaces:
wg0: wg0:
ip: "{{ interfaces.wg0.ipv4 }}"
private_key: "{{ vpn_vault_vm3_key }}" private_key: "{{ vpn_vault_vm3_key }}"
public_key: "Cj3HAjXXr9DcmJoOkQkHvLWujZm8h6tBt2d54g0pqEg=" public_key: "Cj3HAjXXr9DcmJoOkQkHvLWujZm8h6tBt2d54g0pqEg="
keepalive: true keepalive: true

View file

@ -1,11 +1,12 @@
--- ---
interfaces: interfaces:
enp0s3: enp0s3:
ipv4: 10.0.2.32 ipv4: 10.0.2.8
netmaskv4: 24 netmaskv4: 24
type: static type: static
routes: gateway: 10.0.2.1
- {subnet: 0.0.0.0, netmask: 0, gateway: 10.0.2.1} # routes:
# - {subnet: 0.0.0.0, netmask: 0, gateway: 10.0.2.1}
wg0: wg0:
ipv4: "{{ intranet.subnets.test.subnets.vm4.ipv4 }}" ipv4: "{{ intranet.subnets.test.subnets.vm4.ipv4 }}"
netmaskv4: "{{ intranet.netmaskv4 }}" netmaskv4: "{{ intranet.netmaskv4 }}"

View file

@ -1,6 +1,7 @@
--- ---
vpn_interfaces: vpn_interfaces:
wg0: wg0:
ip: "{{ interfaces.wg0.ipv4 }}"
private_key: "{{ vpn_vault_vm4_key }}" private_key: "{{ vpn_vault_vm4_key }}"
public_key: "5M84IO6uobYkMPupCI9h9y3iJXVIXAyDY8wkrMPcaRw=" public_key: "5M84IO6uobYkMPupCI9h9y3iJXVIXAyDY8wkrMPcaRw="
keepalive: true keepalive: true

View file

@ -1,4 +1,4 @@
--- ---
- name: Reload network interfaces - name: Reload network interfaces debian
become: true become: true
command: /sbin/ifreload -a command: /sbin/ifreload -a

View file

@ -45,15 +45,6 @@
owner: root owner: root
group: root group: root
mode: '644' mode: '644'
notify: Reload network interfaces notify: Reload network interfaces debian
when: ("raspbian_buster" not in group_names) and ("ubuntu" not in group_names)
- name: Create interface config files
ansible.builtin.template:
src: "interface.conf.j2"
dest: "/etc/network/interfaces.d/{{ item.key }}.conf"
owner: root
group: root
mode: '640'
notify: Reload network interfaces
when: (item.value.type == "wireguard") or ("raspbian_buster" not in group_names)
loop: "{{ lookup('dict', interfaces) }}"

View file

@ -1,30 +0,0 @@
{{ ansible_managed | comment }}
auto {{ item.key }}
{% if item.value.type == 'wireguard' %}
iface {{ item.key }} inet static
{% elif item.value.type == 'dhcp' %}
iface {{ item.key }} inet dhcp
{% elif item.value.type == 'static' %}
iface {{ item.key }} inet static
{% endif %}
{% if item.value.type == 'wireguard' %}
pre-up ip link add $IFACE type wireguard
pre-up wg setconf $IFACE /etc/wireguard/$IFACE.conf
{% endif %}
{% if 'routes' in item.value %}
{% for route in item.value.routes %}
post-up ip route add {{ route.subnet }}/{{ route.netmask }} via {{ route.gateway }}
{% endfor %}
{% endif %}
{% if 'ipv4' in item.value %}
address {{ item.value.ipv4 }}/{{ item.value.netmaskv4 }}
{% endif %}
{% if 'routes' in item.value %}
{% for route in item.value.routes %}
post-down ip route del {{ route.subnet }}/{{ route.netmask }} via {{ route.gateway }}
{% endfor %}
{% endif %}
{% if item.value.type == 'wireguard' %}
post-down ip link del $IFACE
{% endif %}

View file

@ -1,7 +1,30 @@
{{ ansible_managed | comment }} {{ ansible_managed | comment }}
source /etc/network/interfaces.d/*
# The loopback network interface # The loopback network interface
auto lo auto lo
iface lo inet loopback iface lo inet loopback
{% for item in lookup('dict', interfaces) %}
{% if item.value.type not in ['wireguard', ] %}
auto {{ item.key }}
{% if item.value.type == 'dhcp' %}
iface {{ item.key }} inet dhcp
{% elif item.value.type == 'static' %}
iface {{ item.key }} inet static
{% endif %}
{% if 'routes' in item.value %}{# route up #}
{% for route in item.value.routes %}
post-up ip route add {{ route.subnet }}/{{ route.netmask }} via {{ route.gateway }}
{% endfor %}
{% endif %}{# end route up #}
{% if 'ipv4' in item.value %}
address {{ item.value.ipv4 }}/{{ item.value.netmaskv4 }}
{% endif %}
{% if 'routes' in item.value %}{# route dw #}
{% for route in item.value.routes %}
post-down ip route del {{ route.subnet }}/{{ route.netmask }} via {{ route.gateway }}
{% endfor %}
{% endif %}{# end route dw #}
{% endif %}{# end (not in [wireguard, ]) #}
{% endfor %}

View file

@ -1,4 +1,8 @@
--- ---
- name: Reload network interfaces - name: Restart wireguard for interface
become: true systemd:
command: /sbin/ifreload -a name: "wg-quick@{{ item.key }}"
state: restarted
loop:
- "{{ lookup('dict', vpn_interfaces) }}"
no_log: true

View file

@ -3,7 +3,7 @@
apt_repository: apt_repository:
repo: deb http://deb.debian.org/debian buster-backports main repo: deb http://deb.debian.org/debian buster-backports main
state: present state: present
when: "'debian_buster' in group_names or 'proxmox_buster' in group_names" when: ('debian_buster' in group_names) or ('proxmox_buster' in group_names)
- name: Install wireguard dependencies for proxmox - name: Install wireguard dependencies for proxmox
apt: apt:
@ -15,7 +15,7 @@
register: apt_result register: apt_result
retries: 3 retries: 3
until: apt_result is succeeded until: apt_result is succeeded
when: "'proxmox_buster' in group_names" when: ('proxmox_buster' in group_names)
- name: Install wireguard - name: Install wireguard
apt: apt:
@ -35,7 +35,16 @@
owner: root owner: root
group: root group: root
mode: '600' mode: '600'
notify: Reload network interfaces notify: Restart wireguard for interface
loop:
- "{{ lookup('dict', vpn_interfaces) }}"
no_log: true
- name: Enable interface
systemd:
name: "wg-quick@{{ item.key }}"
state: started
enabled: yes
loop: loop:
- "{{ lookup('dict', vpn_interfaces) }}" - "{{ lookup('dict', vpn_interfaces) }}"
no_log: true no_log: true

View file

@ -1,6 +1,7 @@
{{ ansible_managed | comment }} {{ ansible_managed | comment }}
[Interface] [Interface]
Address = {{ item.value.ip }}
PrivateKey = {{ item.value.private_key }} PrivateKey = {{ item.value.private_key }}
ListenPort = {{ vpn_port }} ListenPort = {{ vpn_port }}