commit 871667ef0c778e6cb328a191a0bd210def55c6d0 Author: ace Date: Wed Jul 13 14:51:25 2022 +0300 first commit diff --git a/defaults/main.yaml b/defaults/main.yaml new file mode 100644 index 0000000..2e764a4 --- /dev/null +++ b/defaults/main.yaml @@ -0,0 +1,29 @@ +wireguard_ui_container_engine: "{{ container_engine | default('podman') }}" +wireguard_ui_container_name: "wireguard-ui" +wireguard_ui_network_mode: "host" +wireguard_ui_config_dir: "/opt/{{ wireguard_ui_container_name }}" +wireguard_ui_container_registry: "{{ container_registry | default(docker_registry) | default('docker.io') }}" +wireguard_ui_image_name: "ngoduykhanh/wireguard-ui" +wireguard_ui_image_tag: "latest" +wireguard_ui_systemd_unit_name: "{{ wireguard_ui_container_name }}.service" +wireguard_ui_watcher_systemd_service_unit_name: "{{ wireguard_ui_container_name }}-watcher.service" +wireguard_ui_watcher_systemd_path_unit_name: "{{ wireguard_ui_container_name }}-watcher.path" + +wireguard_ui_default_volumes: + - "/etc/wireguard:/etc/wireguard:Z" + - "{{ wireguard_ui_config_dir }}:/app/db:Z" + +wireguard_ui_default_env: + WGUI_USERNAME: admin + WGUI_PASSWORD: admin + WGUI_MTU: 1420 + BIND_ADDRESS: 127.0.0.1:5001 + SESSION_SECRET: 74f8155b3c91437db6e6c29c28e23ecc + WGUI_CONFIG_FILE_PATH: /etc/wireguard/wg0.conf + +# Example for auth +#wireguard_ui_container_registry_auth: +# registry.example.com: +# username: '{{ username }}' +# password: '{{ password }}' + diff --git a/handlers/main.yaml b/handlers/main.yaml new file mode 100644 index 0000000..0bf54b3 --- /dev/null +++ b/handlers/main.yaml @@ -0,0 +1,28 @@ +- name: Restart WireGuard UI with docker + community.docker.docker_container: + name: "{{ wireguard_ui_container_name }}" + image: "{{ wireguard_ui_container_registry }}/{{ wireguard_ui_image_name }}:{{ wireguard_ui_image_tag }}" + state: started + restart: yes + container_default_behavior: no_defaults + detach: true + restart_policy: unless-stopped + env: "{{ wireguard_ui_combined_env }}" + volumes: "{{ wireguard_ui_combined_volumes }}" + when: + - wireguard_ui_container_engine == 'docker' + - not wireguard_ui_container.changed + +- name: Restart WireGuard UI with podman + containers.podman.podman_container: + name: "{{ wireguard_ui_container_name }}" + hostname: "{{ wireguard_ui_container_name }}" + network: "{{ wireguard_ui_network_mode }}" + image: "{{ wireguard_ui_container_registry }}/{{ wireguard_ui_image_name }}:{{ wireguard_ui_image_tag }}" + state: started + restart: yes + env: "{{ wireguard_ui_combined_env }}" + volumes: "{{ wireguard_ui_combined_volumes }}" + when: + - wireguard_ui_container_engine == 'podman' + - not wireguard_ui_container.changed diff --git a/meta/main.yaml b/meta/main.yaml new file mode 100644 index 0000000..110f0cc --- /dev/null +++ b/meta/main.yaml @@ -0,0 +1,7 @@ +--- +galaxy_info: + description: WireGuard UI + galaxy_tags: + - wireguard-ui + +dependencies: [] diff --git a/tasks/Debian/main.yaml b/tasks/Debian/main.yaml new file mode 100644 index 0000000..e69de29 diff --git a/tasks/RedHat/main.yaml b/tasks/RedHat/main.yaml new file mode 100644 index 0000000..7ace204 --- /dev/null +++ b/tasks/RedHat/main.yaml @@ -0,0 +1,3 @@ +- name: "Include WireGuard UI install with podman" + include_tasks: podman.yaml + when: wireguard_ui_container_engine == 'podman' diff --git a/tasks/RedHat/podman.yaml b/tasks/RedHat/podman.yaml new file mode 100644 index 0000000..37e342a --- /dev/null +++ b/tasks/RedHat/podman.yaml @@ -0,0 +1,57 @@ +- name: Install WireGuard UI with container + block: + - name: Login to image registries with podman + containers.podman.podman_login: + registry: '{{ item.key }}' + username: '{{ item.value.username }}' + password: '{{ item.value.password }}' + become: true + no_log: true + changed_when: False + loop: '{{ wireguard_ui_container_registry_auth | dict2items }}' + when: wireguard_ui_container_registry_auth is defined + + - name: Create configuration dir for WireGuard UI + file: + name: "{{ wireguard_ui_config_dir }}" + state: directory + + - name: Create WireGuard UI with podman + containers.podman.podman_container: + name: "{{ wireguard_ui_container_name }}" + hostname: "{{ wireguard_ui_container_name }}" + network_mode: "{{ wireguard_ui_network_mode }}" + image: "{{ wireguard_ui_container_registry }}/{{ wireguard_ui_image_name }}:{{ wireguard_ui_image_tag }}" + state: created + env: "{{ wireguard_ui_combined_env }}" + volumes: "{{ wireguard_ui_combined_volumes }}" + register: wireguard_ui_container + + - name: Generate container systemd unit + shell: "podman generate systemd {{ wireguard_ui_container_name }}" + register: wireguard_ui_systemd_unit + changed_when: False + + - name: Create WireGuard UI systemd unit + copy: + dest: "/etc/systemd/system/{{ wireguard_ui_systemd_unit_name }}" + content: "{{ wireguard_ui_systemd_unit.stdout | regex_replace('^#.*', multiline=True) | trim }}" + + - name: Create WireGuard UI systemd watcher unit + copy: + dest: "/etc/systemd/system/{{ wireguard_ui_watcher_systemd_service_unit_name }}" + src: wireguard-ui-watcher.service.j2 + + - name: Create WireGuard UI systemd watcher path + copy: + dest: "/etc/systemd/system/{{ wireguard_ui_watcher_systemd_path_unit_name }}" + src: wireguard-ui-watcher.path.j2 + + - name: Logout from image registries + containers.podman.podman_logout: + registry: '{{ item.key }}' + become: true + no_log: true + changed_when: False + loop: '{{ wireguard_ui_container_registry_auth | dict2items }}' + when: wireguard_ui_container_registry_auth is defined diff --git a/tasks/main.yaml b/tasks/main.yaml new file mode 100644 index 0000000..7fc6cdc --- /dev/null +++ b/tasks/main.yaml @@ -0,0 +1,36 @@ +- name: Make sure handlers are flushed immediately + meta: flush_handlers + +- name: Load a variable file based on the OS type + include_vars: "{{ lookup('first_found', params) }}" + vars: + params: + files: + - "{{ ansible_facts['distribution'] }}.yaml" + - "{{ ansible_facts['os_family'] }}.yaml" + paths: + - "vars" + tags: wireguard_ui_vars + +- set_fact: + wireguard_ui_combined_env: "{{ wireguard_ui_default_env | combine(wireguard_ui_env, recursive=true) }}" + wireguard_ui_combined_volumes: "{{ wireguard_ui_default_volumes | combine(wireguard_ui_volumes, recursive=true) }}" + +- name: "Install WireGuard UI for {{ ansible_facts['os_family'] }}" + include_tasks: "{{ ansible_facts['os_family'] }}/main.yaml" + tags: wireguard_ui_install + +- name: Enable and start WireGuard UI services + systemd: + daemon_reload: true + name: "{{ item }}" + enabled: true + state: started + masked: no + loop: + - "{{ wireguard_ui_systemd_unit_name }}" + - "{{ wireguard_ui_watcher_systemd_service_unit_name }}" + - "{{ wireguard_ui_watcher_systemd_path_unit_name }}" + + tags: wireguard_ui_start + diff --git a/templates/wireguard-ui-watcher.path.j2 b/templates/wireguard-ui-watcher.path.j2 new file mode 100644 index 0000000..42f30db --- /dev/null +++ b/templates/wireguard-ui-watcher.path.j2 @@ -0,0 +1,8 @@ +[Unit] +Description=Watch {{ wireguard_ui_combined_env['WGUI_CONFIG_FILE_PATH'] }} for changes + +[Path] +PathModified={{ wireguard_ui_combined_env['WGUI_CONFIG_FILE_PATH'] }} + +[Install] +WantedBy=multi-user.target diff --git a/templates/wireguard-ui-watcher.service.j2 b/templates/wireguard-ui-watcher.service.j2 new file mode 100644 index 0000000..e99de6c --- /dev/null +++ b/templates/wireguard-ui-watcher.service.j2 @@ -0,0 +1,10 @@ +[Unit] +Description=Restart WireGuard +After=network.target + +[Service] +Type=oneshot +ExecStart=/usr/bin/systemctl restart wg-quick@{{ wireguard_ui_combined_env['WGUI_CONFIG_FILE_PATH'] | basename | split(".")[0] }}.service + +[Install] +RequiredBy=wireguard-ui-watcher.path diff --git a/vars/Debian.yaml b/vars/Debian.yaml new file mode 100644 index 0000000..e69de29 diff --git a/vars/RedHat.yaml b/vars/RedHat.yaml new file mode 100644 index 0000000..e69de29 diff --git a/vars/main.yaml b/vars/main.yaml new file mode 100644 index 0000000..e69de29