initial commit
This commit is contained in:
commit
cc47859428
|
@ -0,0 +1,61 @@
|
|||
Network Manager Role
|
||||
====================
|
||||
|
||||
Configure system connections managed by NetworkManager by templating the
|
||||
`nmconnection` files. Right now, only `wireguard` and `wifi` connection
|
||||
types are supported.
|
||||
|
||||
Requirements
|
||||
------------
|
||||
|
||||
The role doesn't install anything currently, so NetworkManager should already be installed, including the `nmcli` cli tool.
|
||||
|
||||
Role Variables
|
||||
--------------
|
||||
|
||||
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
|
||||
|
||||
Dependencies
|
||||
------------
|
||||
|
||||
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
|
||||
|
||||
Example Playbook
|
||||
----------------
|
||||
|
||||
```yaml
|
||||
- hosts: all
|
||||
roles:
|
||||
- network-manager
|
||||
vars:
|
||||
network_manager_connections:
|
||||
- id: home-wifi
|
||||
uuid: 851139a3-54b5-4736-8dc0-f04d4b9de366
|
||||
type: wifi
|
||||
interface_name: wlan0
|
||||
wifi:
|
||||
ssid: home-wifi
|
||||
key_mgmt: wpa-psk
|
||||
psk: "secret wifi passphrase"
|
||||
- id: wireguard
|
||||
uuid: 3ecc827f-2dfb-4972-885b-98f6316e7d2f
|
||||
type: wireguard
|
||||
interface_name: wg0
|
||||
wireguard:
|
||||
# generate with `wg genkey > privkey`
|
||||
private_key: UJHMW7viOL4zEbTSW8t1tHnGzAEqHv7bIYfHeYyLsWg=
|
||||
listen_port: 45678 # optional
|
||||
peers:
|
||||
# generate with `wg pubkey < privkey > pubkey`
|
||||
- public_key: K5juPTGX3f6ZVwOh4rFYBHtMUPeJHdOWbleMo4l9Ynw=
|
||||
endpoint: 1.2.3.4:56789 # optional
|
||||
allowed_ips:
|
||||
- "0.0.0.0/0"
|
||||
- "::0/0"
|
||||
# generate with `wg genpsk > presharedkey`, optional
|
||||
preshared_key: 9keMl5YXH/rVzdpvJx/lRsyeKVnC7bqlKljTxJ+BJs4=
|
||||
|
||||
License
|
||||
-------
|
||||
|
||||
AGPL-3.0-only
|
|
@ -0,0 +1 @@
|
|||
---
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
- name: reload network manager
|
||||
command: "nmcli reload"
|
||||
become: yes
|
|
@ -0,0 +1,12 @@
|
|||
galaxy_info:
|
||||
author: Jan Christian Grünhage
|
||||
description: Managing NetworkManager system-connections
|
||||
issue_tracker_url: https://git.jcg.re/ansible-roles/network-manager/issues
|
||||
|
||||
license: AGPL-3.0-only
|
||||
|
||||
min_ansible_version: 2.5
|
||||
|
||||
galaxy_tags: []
|
||||
|
||||
dependencies: []
|
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
- name: template connection files
|
||||
template:
|
||||
src: nmconnection.j2
|
||||
dest: "/etc/NetworkManager/system-connections/{{ nmconnection.id }}.nmconnection
|
||||
mode: "600"
|
||||
loop: "{{ network_manager_connections }}"
|
||||
loop_control:
|
||||
loop_var: 'nmconnection'
|
||||
notify: "reload network manager"
|
|
@ -0,0 +1,58 @@
|
|||
[connection]
|
||||
id={{ nmconnection.id }}
|
||||
uuid={{ nmconnection.uuid }}
|
||||
type={{ nmconnection.type }}
|
||||
interface-name={{ nmconnection.interface_name }}
|
||||
permissions=
|
||||
|
||||
{% if nmconnection.type is 'wifi' %}
|
||||
[wifi]
|
||||
mode={{ nmconnection.wifi.mode | default('infrastructure') }}
|
||||
ssid={{ nmconnection.wifi.ssid }}
|
||||
cloned-mac-address={{ nmconnection.wifi.cloned_mac_address | default('random') }}
|
||||
|
||||
[wifi-security]
|
||||
{% if nmconnection.wifi.key_mgmt is 'wep %}
|
||||
auth-alg={{ nmconnection.wifi.auth_alg }}
|
||||
{% else %}
|
||||
auth-alg=open
|
||||
{% endif %}
|
||||
key-mgmt={{ nmconnection.wifi.key_mgmt }}
|
||||
{% if nmconnection.wifi.key_mgmt is 'wpa-psk' %}
|
||||
psk={{ nmconnection.wifi.psk }}
|
||||
psk-flags=0
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
{% if nmconnection.type is 'wireguard %}
|
||||
[wireguard]
|
||||
private-key={{ nmconnection.wireguard.private_key }}
|
||||
{% if nmconnection.wireguard.listen_port is defined %}
|
||||
listen-port={{ nmconnection.wireguard.listen_port }}
|
||||
{% endif %}
|
||||
fwmark={{ wgpeer.fwmark | default(0) }}
|
||||
|
||||
{% for wgpeer in nmconnection.wireguard.peers %}
|
||||
[wireguard-peer.{{ wgpeer.public_key }}]
|
||||
{% if wgpeer.endpoint is defined %}
|
||||
endpoint={{ wgpeer.endpoint }}
|
||||
{% endif %}
|
||||
persistent-keepalive={{ wgpeer.persistent_keepalive | default(0) }}
|
||||
allowed-ips={{ wgpeer.allowed_ips | join(',') }}
|
||||
{% if wgpeer.preshared_key is defined %}
|
||||
preshared-key={{ wgpeer.preshared_key }}
|
||||
preshared-key-flags=0
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
[ipv4]
|
||||
dns-search=
|
||||
method=disabled
|
||||
|
||||
[ipv6]
|
||||
addr-gen-mode=stable-privacy
|
||||
dns-search=
|
||||
method=ignore
|
||||
|
||||
[proxy]
|
|
@ -0,0 +1 @@
|
|||
---
|
Loading…
Reference in New Issue