initial commit

This commit is contained in:
Jan Christian Grünhage 2020-04-13 12:18:15 +02:00
commit cc47859428
Signed by: jcgruenhage
GPG Key ID: 6594C449C633D10C
7 changed files with 147 additions and 0 deletions

61
README.md Normal file
View File

@ -0,0 +1,61 @@
Network Manager Role
====================
Configure system connections managed by NetworkManager by templating the
`nmconnection` files. Right now, only `wireguard` and `wifi` connection
types are supported.
Requirements
------------
The role doesn't install anything currently, so NetworkManager should already be installed, including the `nmcli` cli tool.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
```yaml
- hosts: all
roles:
- network-manager
vars:
network_manager_connections:
- id: home-wifi
uuid: 851139a3-54b5-4736-8dc0-f04d4b9de366
type: wifi
interface_name: wlan0
wifi:
ssid: home-wifi
key_mgmt: wpa-psk
psk: "secret wifi passphrase"
- id: wireguard
uuid: 3ecc827f-2dfb-4972-885b-98f6316e7d2f
type: wireguard
interface_name: wg0
wireguard:
# generate with `wg genkey > privkey`
private_key: UJHMW7viOL4zEbTSW8t1tHnGzAEqHv7bIYfHeYyLsWg=
listen_port: 45678 # optional
peers:
# generate with `wg pubkey < privkey > pubkey`
- public_key: K5juPTGX3f6ZVwOh4rFYBHtMUPeJHdOWbleMo4l9Ynw=
endpoint: 1.2.3.4:56789 # optional
allowed_ips:
- "0.0.0.0/0"
- "::0/0"
# generate with `wg genpsk > presharedkey`, optional
preshared_key: 9keMl5YXH/rVzdpvJx/lRsyeKVnC7bqlKljTxJ+BJs4=
License
-------
AGPL-3.0-only

1
defaults/main.yml Normal file
View File

@ -0,0 +1 @@
---

4
handlers/main.yml Normal file
View File

@ -0,0 +1,4 @@
---
- name: reload network manager
command: "nmcli reload"
become: yes

12
meta/main.yml Normal file
View File

@ -0,0 +1,12 @@
galaxy_info:
author: Jan Christian Grünhage
description: Managing NetworkManager system-connections
issue_tracker_url: https://git.jcg.re/ansible-roles/network-manager/issues
license: AGPL-3.0-only
min_ansible_version: 2.5
galaxy_tags: []
dependencies: []

10
tasks/main.yml Normal file
View File

@ -0,0 +1,10 @@
---
- name: template connection files
template:
src: nmconnection.j2
dest: "/etc/NetworkManager/system-connections/{{ nmconnection.id }}.nmconnection
mode: "600"
loop: "{{ network_manager_connections }}"
loop_control:
loop_var: 'nmconnection'
notify: "reload network manager"

58
templates/nmconnection.j2 Normal file
View File

@ -0,0 +1,58 @@
[connection]
id={{ nmconnection.id }}
uuid={{ nmconnection.uuid }}
type={{ nmconnection.type }}
interface-name={{ nmconnection.interface_name }}
permissions=
{% if nmconnection.type is 'wifi' %}
[wifi]
mode={{ nmconnection.wifi.mode | default('infrastructure') }}
ssid={{ nmconnection.wifi.ssid }}
cloned-mac-address={{ nmconnection.wifi.cloned_mac_address | default('random') }}
[wifi-security]
{% if nmconnection.wifi.key_mgmt is 'wep %}
auth-alg={{ nmconnection.wifi.auth_alg }}
{% else %}
auth-alg=open
{% endif %}
key-mgmt={{ nmconnection.wifi.key_mgmt }}
{% if nmconnection.wifi.key_mgmt is 'wpa-psk' %}
psk={{ nmconnection.wifi.psk }}
psk-flags=0
{% endif %}
{% endif %}
{% if nmconnection.type is 'wireguard %}
[wireguard]
private-key={{ nmconnection.wireguard.private_key }}
{% if nmconnection.wireguard.listen_port is defined %}
listen-port={{ nmconnection.wireguard.listen_port }}
{% endif %}
fwmark={{ wgpeer.fwmark | default(0) }}
{% for wgpeer in nmconnection.wireguard.peers %}
[wireguard-peer.{{ wgpeer.public_key }}]
{% if wgpeer.endpoint is defined %}
endpoint={{ wgpeer.endpoint }}
{% endif %}
persistent-keepalive={{ wgpeer.persistent_keepalive | default(0) }}
allowed-ips={{ wgpeer.allowed_ips | join(',') }}
{% if wgpeer.preshared_key is defined %}
preshared-key={{ wgpeer.preshared_key }}
preshared-key-flags=0
{% endif %}
{% endfor %}
{% endif %}
[ipv4]
dns-search=
method=disabled
[ipv6]
addr-gen-mode=stable-privacy
dns-search=
method=ignore
[proxy]

1
vars/main.yml Normal file
View File

@ -0,0 +1 @@
---