inital commit

.gitignore

@@ -0,0 +1 @@
+test

README.md

@@ -0,0 +1,45 @@
+# WireGuard
+
+## Dependencies
+This role does not take care of generating keys for you.  You should be able to
+take care of that yourself.
+
+### RHEL/CentOS
+This role depends on the fact that you have the EPEL repositories installed on
+your machine.  It does not manage that for you.
+
+## Usage
+This example below should be pretty self-explanitory.
+
+    ---
+    - hosts: vpn1.internal
+      roles:
+          - wireguard
+      vars:
+          wireguard_links:
+          - name: wg0
+              address: 10.0.0.1
+              port: 51820
+              private_key: eCpvWOe8zI0HCj/KjK3TZP71kd+glDxvDo5JaQhw3mw=
+              post_up: iptables ...
+              post_down: iptables ...
+              peers:
+              - public_key: UB9Lhk0JgwAPFD8F3k3Dq9iS7r/jLD+oYMX98T+fmGw=
+                  endpoint: vpn2.internal:51820
+                  allowed_ips: 10.0.0.2
+
+    - hosts: vpn2.internal
+      roles:
+          - wireguard
+      vars:
+          wireguard_links:
+          - name: wg0
+              address: 10.0.0.2
+              port: 51820
+              private_key: aIPcdRd6ncwRa+DJLaiq0Jmbvx1FjtLnWE2EApgcr2E=
+              post_up: iptables ...
+              post_down: iptables ...
+              peers:
+              - public_key: E/MU5hNb1mQ55ww0H0luxigNTXNNo/x49MRm5AcHLSI=
+                  endpoint: vpn1.internal:51820
+                  allowed_ips: 10.0.0.1

tasks/main.yaml

@@ -0,0 +1,28 @@
+---
+- name: Gather variables for each operating system
+  include_vars: "{{ ansible_distribution | lower }}.yaml"
+
+- include_tasks: "setup-repo/{{ ansible_distribution | lower }}.yaml"
+
+- name: Install packages
+  become: true
+  package:
+    name: "{{ wireguard_packages }}"
+
+- name: Drop configuration files
+  become: true
+  template:
+    src: wg.conf.j2
+    dest: "/etc/wireguard/{{ item.name }}.conf"
+  loop: "{{ wireguard_links }}"
+  loop_control:
+    label: "{{ item.name }}"
+
+- name: Enable and start services
+  service:
+    name: "wg-quick@{{ item.name }}"
+    state: started
+    enabled: true
+  loop: "{{ wireguard_links }}"
+  loop_control:
+    label: "{{ item.name }}"

tasks/setup-repo/redhat.yaml

@@ -0,0 +1,10 @@
+---
+- name: Configure repository
+  become: true
+  yum_repository:
+    name: wireguard
+    description: WireGuard Repository
+    baseurl: https://copr-be.cloud.fedoraproject.org/results/jdoss/wireguard/epel-7-$basearch/
+    gpgkey: https://copr-be.cloud.fedoraproject.org/results/jdoss/wireguard/pubkey.gpg
+    gpgcheck: true
+    skip_if_unavailable: true

tasks/setup-repo/ubuntu.yaml

@@ -0,0 +1,5 @@
+---
+- name: Configure repository
+  become: true
+  apt_repository:
+    repo: ppa:wireguard/wireguard

templates/wg.conf.j2

@@ -0,0 +1,17 @@
+[Interface]
+PrivateKey = {{ item.private_key }}
+Address = {{ item.address }}
+ListenPort = {{ item.port }}
+{% if 'post_up' in item %}
+PostUp = {{ item.post_up }}
+{% endif %}
+{% if 'post_down' in item %}
+PostDown = {{ item.post_down }}
+{% endif %}
+
+{% for peer in item.peers %}
+[Peer]
+PublicKey = {{ peer.public_key }}
+Endpoint = {{ peer.endpoint }}
+AllowedIPs = {{ peer.allowed_ips }}
+{% endfor %}

vars/redhat.yaml

@@ -0,0 +1,4 @@
+---
+wireguard_packages:
+  - wireguard-dkms
+  - wireguard-tools

vars/ubuntu.yaml

@@ -0,0 +1,3 @@
+---
+wireguard_packages:
+  - wireguard