From cbe04bc54002cc5ead9f4b9e514b12be269ead24 Mon Sep 17 00:00:00 2001
From: Mohammed Naser <mnaser@vexxhost.com>
Date: Thu, 4 Apr 2019 22:16:39 -0400
Subject: [PATCH] inital commit

---
 .gitignore                   |  1 +
 README.md                    | 45 ++++++++++++++++++++++++++++++++++++
 tasks/main.yaml              | 28 ++++++++++++++++++++++
 tasks/setup-repo/redhat.yaml | 10 ++++++++
 tasks/setup-repo/ubuntu.yaml |  5 ++++
 templates/wg.conf.j2         | 17 ++++++++++++++
 vars/redhat.yaml             |  4 ++++
 vars/ubuntu.yaml             |  3 +++
 8 files changed, 113 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 README.md
 create mode 100644 tasks/main.yaml
 create mode 100644 tasks/setup-repo/redhat.yaml
 create mode 100644 tasks/setup-repo/ubuntu.yaml
 create mode 100644 templates/wg.conf.j2
 create mode 100644 vars/redhat.yaml
 create mode 100644 vars/ubuntu.yaml

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..30d74d2
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+test
\ No newline at end of file
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..65b9b4a
--- /dev/null
+++ b/README.md
@@ -0,0 +1,45 @@
+# WireGuard
+
+## Dependencies
+This role does not take care of generating keys for you.  You should be able to
+take care of that yourself.
+
+### RHEL/CentOS
+This role depends on the fact that you have the EPEL repositories installed on
+your machine.  It does not manage that for you.
+
+## Usage
+This example below should be pretty self-explanitory.
+
+    ---
+    - hosts: vpn1.internal
+      roles:
+          - wireguard
+      vars:
+          wireguard_links:
+          - name: wg0
+              address: 10.0.0.1
+              port: 51820
+              private_key: eCpvWOe8zI0HCj/KjK3TZP71kd+glDxvDo5JaQhw3mw=
+              post_up: iptables ...
+              post_down: iptables ...
+              peers:
+              - public_key: UB9Lhk0JgwAPFD8F3k3Dq9iS7r/jLD+oYMX98T+fmGw=
+                  endpoint: vpn2.internal:51820
+                  allowed_ips: 10.0.0.2
+
+    - hosts: vpn2.internal
+      roles:
+          - wireguard
+      vars:
+          wireguard_links:
+          - name: wg0
+              address: 10.0.0.2
+              port: 51820
+              private_key: aIPcdRd6ncwRa+DJLaiq0Jmbvx1FjtLnWE2EApgcr2E=
+              post_up: iptables ...
+              post_down: iptables ...
+              peers:
+              - public_key: E/MU5hNb1mQ55ww0H0luxigNTXNNo/x49MRm5AcHLSI=
+                  endpoint: vpn1.internal:51820
+                  allowed_ips: 10.0.0.1
\ No newline at end of file
diff --git a/tasks/main.yaml b/tasks/main.yaml
new file mode 100644
index 0000000..b42676c
--- /dev/null
+++ b/tasks/main.yaml
@@ -0,0 +1,28 @@
+---
+- name: Gather variables for each operating system
+  include_vars: "{{ ansible_distribution | lower }}.yaml"
+
+- include_tasks: "setup-repo/{{ ansible_distribution | lower }}.yaml"
+
+- name: Install packages
+  become: true
+  package:
+    name: "{{ wireguard_packages }}"
+
+- name: Drop configuration files
+  become: true
+  template:
+    src: wg.conf.j2
+    dest: "/etc/wireguard/{{ item.name }}.conf"
+  loop: "{{ wireguard_links }}"
+  loop_control:
+    label: "{{ item.name }}"
+
+- name: Enable and start services
+  service:
+    name: "wg-quick@{{ item.name }}"
+    state: started
+    enabled: true
+  loop: "{{ wireguard_links }}"
+  loop_control:
+    label: "{{ item.name }}"
\ No newline at end of file
diff --git a/tasks/setup-repo/redhat.yaml b/tasks/setup-repo/redhat.yaml
new file mode 100644
index 0000000..9b97eb2
--- /dev/null
+++ b/tasks/setup-repo/redhat.yaml
@@ -0,0 +1,10 @@
+---
+- name: Configure repository
+  become: true
+  yum_repository:
+    name: wireguard
+    description: WireGuard Repository
+    baseurl: https://copr-be.cloud.fedoraproject.org/results/jdoss/wireguard/epel-7-$basearch/
+    gpgkey: https://copr-be.cloud.fedoraproject.org/results/jdoss/wireguard/pubkey.gpg
+    gpgcheck: true
+    skip_if_unavailable: true
\ No newline at end of file
diff --git a/tasks/setup-repo/ubuntu.yaml b/tasks/setup-repo/ubuntu.yaml
new file mode 100644
index 0000000..4fa6663
--- /dev/null
+++ b/tasks/setup-repo/ubuntu.yaml
@@ -0,0 +1,5 @@
+---
+- name: Configure repository
+  become: true
+  apt_repository:
+    repo: ppa:wireguard/wireguard
\ No newline at end of file
diff --git a/templates/wg.conf.j2 b/templates/wg.conf.j2
new file mode 100644
index 0000000..b38e767
--- /dev/null
+++ b/templates/wg.conf.j2
@@ -0,0 +1,17 @@
+[Interface]
+PrivateKey = {{ item.private_key }}
+Address = {{ item.address }}
+ListenPort = {{ item.port }}
+{% if 'post_up' in item %}
+PostUp = {{ item.post_up }}
+{% endif %}
+{% if 'post_down' in item %}
+PostDown = {{ item.post_down }}
+{% endif %}
+
+{% for peer in item.peers %}
+[Peer]
+PublicKey = {{ peer.public_key }}
+Endpoint = {{ peer.endpoint }}
+AllowedIPs = {{ peer.allowed_ips }}
+{% endfor %}
\ No newline at end of file
diff --git a/vars/redhat.yaml b/vars/redhat.yaml
new file mode 100644
index 0000000..c49af7b
--- /dev/null
+++ b/vars/redhat.yaml
@@ -0,0 +1,4 @@
+---
+wireguard_packages:
+  - wireguard-dkms
+  - wireguard-tools
\ No newline at end of file
diff --git a/vars/ubuntu.yaml b/vars/ubuntu.yaml
new file mode 100644
index 0000000..bd333b2
--- /dev/null
+++ b/vars/ubuntu.yaml
@@ -0,0 +1,3 @@
+---
+wireguard_packages:
+  - wireguard
\ No newline at end of file