WIP: Auto generate keys#2
Conversation
Update template and variables data format.
MemberIT
force-pushed
the
auto_generate_keys
branch
from
57fb676 to
dc35877
Compare
|
Hi, thank you for you contribution. I briefly glanced over the code and it looks good to me, hopefully I'll have time to properly test it tomorrow. In the meantime, the tests failures seem to be related |
| wireguard_listen_port: 5888 | ||
| wireguard_wg0_preshared_key: secret_preshared_key | ||
| wireguard_wg0_peer_settings: > | ||
| {% set _peers = {} -%} |
There was a problem hiding this comment.
I didn't know one could do jinja templating within host/group vars files. Could you point me to docs where this is described?
There was a problem hiding this comment.
I did not find a direct indication in the official documentation. But here is a link to changing variables using the filters https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html#transforming-variables-with-jinja2-filters
and a links to the possibility of using a jean in the values of variables:
https://groups.google.com/forum/m/#!topic/ansible-project/ZDz-8tcsdTA
Probably, I can transfer this part of the code to the template, but this can lead to loss of flexibility in the settings. In any case, I'll think about how to improve the code. If you have any suggestions, I will be glad to hear them.
P.S. Sorry for the delay in response, I was on vacation.
P.P.S. This PR is an attempt to combine the functionality of your role and this role https://github.com/mawalu/wireguard-private-networking
MemberIT
force-pushed
the
auto_generate_keys
branch
from
a686524 to
414802e
Compare
MemberIT
force-pushed
the
auto_generate_keys
branch
from
414802e to
0cb8227
Compare
adamruzicka
left a comment
adamruzicka
left a comment
There was a problem hiding this comment.
I tested the manage_keys: False route and left some comments inline
| ### `wireguard_manage_keys` | ||
|
|
||
| Each host needs to have `wireguard_networks` variable set. It should be a list of WireGuard interface name the host should use, by default it is an empty list. For each `$INTERFACE` specified here the host should have `wireguard_$INTERFACE_interface` and `wireguard_$INTERFACE_peers` vars set. | ||
| If `True` ansible automatically generated public and private pair keys. Default `False`. |
There was a problem hiding this comment.
s/ansible automatically generated/will automatically generate/
| shell: "umask 077; wg genkey | tee /etc/wireguard/privatekey_{{ item }} | wg pubkey > /etc/wireguard/publickey_{{ item }}" | ||
| when: | ||
| - not privatekey_{{ item }}.stat.exists | ||
| - wireguard_manage_keys |
There was a problem hiding this comment.
I had to swap these two to have it work with wireguard_manage_keys: False
| - name: Install linux headers (Ubuntu) | ||
| apt: | ||
| name: | ||
| - linux-headers-generic |
There was a problem hiding this comment.
I'm not an ubuntu guy, are headers-generic required if you install kernel flavor specific headers (linux-headers-{{ ansible_kernel }}
| when: ansible_distribution == "Ubuntu" | ||
|
|
||
| - name: Install kernel headers (Debian) | ||
| apt: |
There was a problem hiding this comment.
This fails on obscure devices with
fatal: [c2]: FAILED! => {"changed": false, "msg": "No package matching 'linux-headers-4.18.8-odroidc2' is available"}
2 participants
Add support auto generate private and public keys;
Fix permissions of wireguard config;
Update structure variables.