From aa5e386c4e668e585ba227cc951c7c8ef62f442c Mon Sep 17 00:00:00 2001 From: Paul ALNET Date: Tue, 26 Dec 2023 12:03:05 +0100 Subject: [PATCH] feat(wg-admin): install wireguard --- group_vars/matrix_servers | 2 ++ .../matrix-admin-wireguard/tasks/install.yml | 14 ++++++++++++++ .../matrix-admin-wireguard/tasks/main.yml | 18 ++++++++++++++++++ .../matrix-admin-wireguard/tasks/uninstall.yml | 17 +++++++++++++++++ setup.yml | 1 + 5 files changed, 52 insertions(+) create mode 100644 roles/custom/matrix-admin-wireguard/tasks/install.yml create mode 100644 roles/custom/matrix-admin-wireguard/tasks/main.yml create mode 100644 roles/custom/matrix-admin-wireguard/tasks/uninstall.yml diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index e5ca46e02..2205eed5e 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -393,6 +393,8 @@ devture_systemd_service_manager_services_list_auto: | ([{'name': (devture_traefik_identifier + '.service'), 'priority': 3000, 'groups': ['matrix', 'traefik', 'reverse-proxies']}] if devture_traefik_enabled else []) + ([{'name': (devture_traefik_certs_dumper_identifier + '.service'), 'priority': 3500, 'groups': ['matrix', 'traefik-certs-dumper']}] if devture_traefik_certs_dumper_enabled else []) + + + ([{'name': 'wg-quick@wg0', 'priority': 650, 'groups': ['matrix', 'matrix-admin-wireguard']}] if matrix_admin_wireguard_enabled else []) }} ######################################################################## diff --git a/roles/custom/matrix-admin-wireguard/tasks/install.yml b/roles/custom/matrix-admin-wireguard/tasks/install.yml new file mode 100644 index 000000000..282a31738 --- /dev/null +++ b/roles/custom/matrix-admin-wireguard/tasks/install.yml @@ -0,0 +1,14 @@ +--- + +- name: Install WireGuard + ansible.builtin.package: + name: wireguard + state: present + +- name: Install WireGuard Configuration Template + ansible.builtin.template: + src: "{{ role_path }}/templates/wg0.conf.j2" + dest: /etc/wireguard/wg0.conf + owner: root + group: root + mode: '0600' diff --git a/roles/custom/matrix-admin-wireguard/tasks/main.yml b/roles/custom/matrix-admin-wireguard/tasks/main.yml new file mode 100644 index 000000000..e3db56066 --- /dev/null +++ b/roles/custom/matrix-admin-wireguard/tasks/main.yml @@ -0,0 +1,18 @@ +--- + +- + tags: + - setup-all + - setup-admin-wireguard + - install-all + - install-admin-wireguard + block: + - when: matrix_admin_wireguard_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/install.yml" + +- tags: + - setup-all + - setup-bot-chatgpt + block: + - when: not matrix_admin_wireguard_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/uninstall.yml" diff --git a/roles/custom/matrix-admin-wireguard/tasks/uninstall.yml b/roles/custom/matrix-admin-wireguard/tasks/uninstall.yml new file mode 100644 index 000000000..1f6927a8f --- /dev/null +++ b/roles/custom/matrix-admin-wireguard/tasks/uninstall.yml @@ -0,0 +1,17 @@ +--- + +- name: Stop and Disable WireGuard Service + ansible.builtin.systemd: + name: "wg-quick@wg0" + state: stopped + enabled: false + +- name: Remove WireGuard Configuration File + ansible.builtin.file: + path: "/etc/wireguard/wg0.conf" + state: absent + +- name: Uninstall WireGuard + ansible.builtin.package: + name: wireguard + state: absent diff --git a/setup.yml b/setup.yml index 5a4ecd383..22275290c 100644 --- a/setup.yml +++ b/setup.yml @@ -118,6 +118,7 @@ - custom/matrix-nginx-proxy - custom/matrix-coturn - custom/matrix-media-repo + - custom/matrix-admin-wireguard - role: galaxy/auxiliary