first commit

2024-11-24 15:26:41 +00:00 · 2022-07-13 14:51:25 +03:00 · 2022-07-13 14:51:25 +03:00 · 871667ef0c
commit 871667ef0c
12 changed files with 178 additions and 0 deletions
--- a/defaults/main.yaml
+++ b/defaults/main.yaml
@ -0,0 +1,29 @@
+wireguard_ui_container_engine: "{{ container_engine | default('podman') }}"
+wireguard_ui_container_name: "wireguard-ui"
+wireguard_ui_network_mode: "host"
+wireguard_ui_config_dir: "/opt/{{ wireguard_ui_container_name }}"
+wireguard_ui_container_registry: "{{ container_registry | default(docker_registry) | default('docker.io') }}"
+wireguard_ui_image_name: "ngoduykhanh/wireguard-ui"
+wireguard_ui_image_tag: "latest"
+wireguard_ui_systemd_unit_name: "{{ wireguard_ui_container_name }}.service"
+wireguard_ui_watcher_systemd_service_unit_name: "{{ wireguard_ui_container_name }}-watcher.service"
+wireguard_ui_watcher_systemd_path_unit_name: "{{ wireguard_ui_container_name }}-watcher.path"
+
+wireguard_ui_default_volumes:
+  - "/etc/wireguard:/etc/wireguard:Z"
+  - "{{ wireguard_ui_config_dir }}:/app/db:Z"
+
+wireguard_ui_default_env:
+  WGUI_USERNAME: admin
+  WGUI_PASSWORD: admin
+  WGUI_MTU: 1420
+  BIND_ADDRESS: 127.0.0.1:5001
+  SESSION_SECRET: 74f8155b3c91437db6e6c29c28e23ecc
+  WGUI_CONFIG_FILE_PATH: /etc/wireguard/wg0.conf
+
+# Example for auth
+#wireguard_ui_container_registry_auth:
+#  registry.example.com:
+#    username: '{{ username }}'
+#    password: '{{ password }}'
+
--- a/handlers/main.yaml
+++ b/handlers/main.yaml
@ -0,0 +1,28 @@
+- name: Restart WireGuard UI with docker
+  community.docker.docker_container:
+    name: "{{ wireguard_ui_container_name }}"
+    image: "{{ wireguard_ui_container_registry }}/{{ wireguard_ui_image_name }}:{{ wireguard_ui_image_tag }}"
+    state: started
+    restart: yes
+    container_default_behavior: no_defaults
+    detach: true
+    restart_policy: unless-stopped
+    env: "{{ wireguard_ui_combined_env }}"
+    volumes: "{{ wireguard_ui_combined_volumes }}"
+  when:
+    - wireguard_ui_container_engine == 'docker'
+    - not wireguard_ui_container.changed
+
+- name: Restart WireGuard UI with podman
+  containers.podman.podman_container:
+    name: "{{ wireguard_ui_container_name }}"
+    hostname: "{{ wireguard_ui_container_name }}"
+    network: "{{ wireguard_ui_network_mode }}"
+    image: "{{ wireguard_ui_container_registry }}/{{ wireguard_ui_image_name }}:{{ wireguard_ui_image_tag }}"
+    state: started
+    restart: yes
+    env: "{{ wireguard_ui_combined_env }}"
+    volumes: "{{ wireguard_ui_combined_volumes }}"
+  when:
+    - wireguard_ui_container_engine == 'podman'
+    - not wireguard_ui_container.changed
--- a/meta/main.yaml
+++ b/meta/main.yaml
@ -0,0 +1,7 @@
+---
+galaxy_info:
+  description: WireGuard UI
+  galaxy_tags:
+  - wireguard-ui
+
+dependencies: []
--- a/tasks/Debian/main.yaml
+++ b/tasks/Debian/main.yaml
--- a/tasks/RedHat/main.yaml
+++ b/tasks/RedHat/main.yaml
@ -0,0 +1,3 @@
+- name: "Include WireGuard UI install with podman"
+  include_tasks: podman.yaml
+  when: wireguard_ui_container_engine == 'podman'
--- a/tasks/RedHat/podman.yaml
+++ b/tasks/RedHat/podman.yaml
@ -0,0 +1,57 @@
+- name: Install WireGuard UI with container
+  block:
+    - name: Login to image registries with podman
+      containers.podman.podman_login:
+        registry: '{{ item.key }}'
+        username: '{{ item.value.username }}'
+        password: '{{ item.value.password }}'
+      become: true
+      no_log: true
+      changed_when: False
+      loop: '{{ wireguard_ui_container_registry_auth | dict2items }}'
+      when: wireguard_ui_container_registry_auth is defined
+
+    - name: Create configuration dir for WireGuard UI
+      file:
+        name: "{{ wireguard_ui_config_dir }}"
+        state: directory
+
+    - name: Create WireGuard UI with podman
+      containers.podman.podman_container:
+        name: "{{ wireguard_ui_container_name }}"
+        hostname: "{{ wireguard_ui_container_name }}"
+        network_mode: "{{ wireguard_ui_network_mode }}"
+        image: "{{ wireguard_ui_container_registry }}/{{ wireguard_ui_image_name }}:{{ wireguard_ui_image_tag }}"
+        state: created
+        env: "{{ wireguard_ui_combined_env }}"
+        volumes: "{{ wireguard_ui_combined_volumes }}"
+      register: wireguard_ui_container
+
+    - name: Generate container systemd unit
+      shell: "podman generate systemd {{ wireguard_ui_container_name }}"
+      register: wireguard_ui_systemd_unit
+      changed_when: False
+
+    - name: Create WireGuard UI systemd unit
+      copy:
+        dest: "/etc/systemd/system/{{ wireguard_ui_systemd_unit_name }}"
+        content: "{{ wireguard_ui_systemd_unit.stdout | regex_replace('^#.*', multiline=True) | trim }}"
+
+    - name: Create WireGuard UI systemd watcher unit
+      copy:
+        dest: "/etc/systemd/system/{{ wireguard_ui_watcher_systemd_service_unit_name }}"
+        src: wireguard-ui-watcher.service.j2
+
+    - name: Create WireGuard UI systemd watcher path
+      copy:
+        dest: "/etc/systemd/system/{{ wireguard_ui_watcher_systemd_path_unit_name }}"
+        src: wireguard-ui-watcher.path.j2
+
+    - name: Logout from image registries
+      containers.podman.podman_logout:
+        registry: '{{ item.key }}'
+      become: true
+      no_log: true
+      changed_when: False
+      loop: '{{ wireguard_ui_container_registry_auth | dict2items }}'
+      when: wireguard_ui_container_registry_auth is defined
--- a/tasks/main.yaml
+++ b/tasks/main.yaml
@ -0,0 +1,36 @@
+- name: Make sure handlers are flushed immediately
+  meta: flush_handlers
+
+- name: Load a variable file based on the OS type
+  include_vars: "{{ lookup('first_found', params) }}"
+  vars:
+    params:
+      files:
+        - "{{ ansible_facts['distribution'] }}.yaml"
+        - "{{ ansible_facts['os_family'] }}.yaml"
+      paths:
+        - "vars"
+  tags: wireguard_ui_vars
+
+- set_fact:
+    wireguard_ui_combined_env: "{{ wireguard_ui_default_env | combine(wireguard_ui_env, recursive=true) }}"
+    wireguard_ui_combined_volumes: "{{ wireguard_ui_default_volumes | combine(wireguard_ui_volumes, recursive=true) }}"
+
+- name: "Install WireGuard UI for {{ ansible_facts['os_family'] }}"
+  include_tasks: "{{ ansible_facts['os_family'] }}/main.yaml"
+  tags: wireguard_ui_install
+
+- name: Enable and start WireGuard UI services
+  systemd:
+    daemon_reload: true
+    name: "{{ item }}"
+    enabled: true
+    state: started
+    masked: no
+  loop:
+    - "{{ wireguard_ui_systemd_unit_name }}"
+    - "{{ wireguard_ui_watcher_systemd_service_unit_name }}"
+    - "{{ wireguard_ui_watcher_systemd_path_unit_name }}"
+
+  tags: wireguard_ui_start
+
--- a/templates/wireguard-ui-watcher.path.j2
+++ b/templates/wireguard-ui-watcher.path.j2
@ -0,0 +1,8 @@
+[Unit]
+Description=Watch {{ wireguard_ui_combined_env['WGUI_CONFIG_FILE_PATH'] }} for changes
+
+[Path]
+PathModified={{ wireguard_ui_combined_env['WGUI_CONFIG_FILE_PATH'] }}
+
+[Install]
+WantedBy=multi-user.target
--- a/templates/wireguard-ui-watcher.service.j2
+++ b/templates/wireguard-ui-watcher.service.j2
@ -0,0 +1,10 @@
+[Unit]
+Description=Restart WireGuard
+After=network.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/systemctl restart wg-quick@{{ wireguard_ui_combined_env['WGUI_CONFIG_FILE_PATH'] | basename | split(".")[0] }}.service
+
+[Install]
+RequiredBy=wireguard-ui-watcher.path
--- a/vars/Debian.yaml
+++ b/vars/Debian.yaml
--- a/vars/RedHat.yaml
+++ b/vars/RedHat.yaml
--- a/vars/main.yaml
+++ b/vars/main.yaml