initial commit
This commit is contained in:
commit
cc47859428
7 changed files with 147 additions and 0 deletions
61
README.md
Normal file
61
README.md
Normal file
|
@ -0,0 +1,61 @@
|
|||
Network Manager Role
|
||||
====================
|
||||
|
||||
Configure system connections managed by NetworkManager by templating the
|
||||
`nmconnection` files. Right now, only `wireguard` and `wifi` connection
|
||||
types are supported.
|
||||
|
||||
Requirements
|
||||
------------
|
||||
|
||||
The role doesn't install anything currently, so NetworkManager should already be installed, including the `nmcli` cli tool.
|
||||
|
||||
Role Variables
|
||||
--------------
|
||||
|
||||
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
|
||||
|
||||
Dependencies
|
||||
------------
|
||||
|
||||
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
|
||||
|
||||
Example Playbook
|
||||
----------------
|
||||
|
||||
```yaml
|
||||
- hosts: all
|
||||
roles:
|
||||
- network-manager
|
||||
vars:
|
||||
network_manager_connections:
|
||||
- id: home-wifi
|
||||
uuid: 851139a3-54b5-4736-8dc0-f04d4b9de366
|
||||
type: wifi
|
||||
interface_name: wlan0
|
||||
wifi:
|
||||
ssid: home-wifi
|
||||
key_mgmt: wpa-psk
|
||||
psk: "secret wifi passphrase"
|
||||
- id: wireguard
|
||||
uuid: 3ecc827f-2dfb-4972-885b-98f6316e7d2f
|
||||
type: wireguard
|
||||
interface_name: wg0
|
||||
wireguard:
|
||||
# generate with `wg genkey > privkey`
|
||||
private_key: UJHMW7viOL4zEbTSW8t1tHnGzAEqHv7bIYfHeYyLsWg=
|
||||
listen_port: 45678 # optional
|
||||
peers:
|
||||
# generate with `wg pubkey < privkey > pubkey`
|
||||
- public_key: K5juPTGX3f6ZVwOh4rFYBHtMUPeJHdOWbleMo4l9Ynw=
|
||||
endpoint: 1.2.3.4:56789 # optional
|
||||
allowed_ips:
|
||||
- "0.0.0.0/0"
|
||||
- "::0/0"
|
||||
# generate with `wg genpsk > presharedkey`, optional
|
||||
preshared_key: 9keMl5YXH/rVzdpvJx/lRsyeKVnC7bqlKljTxJ+BJs4=
|
||||
|
||||
License
|
||||
-------
|
||||
|
||||
AGPL-3.0-only
|
1
defaults/main.yml
Normal file
1
defaults/main.yml
Normal file
|
@ -0,0 +1 @@
|
|||
---
|
4
handlers/main.yml
Normal file
4
handlers/main.yml
Normal file
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
- name: reload network manager
|
||||
command: "nmcli reload"
|
||||
become: yes
|
12
meta/main.yml
Normal file
12
meta/main.yml
Normal file
|
@ -0,0 +1,12 @@
|
|||
galaxy_info:
|
||||
author: Jan Christian Grünhage
|
||||
description: Managing NetworkManager system-connections
|
||||
issue_tracker_url: https://git.jcg.re/ansible-roles/network-manager/issues
|
||||
|
||||
license: AGPL-3.0-only
|
||||
|
||||
min_ansible_version: 2.5
|
||||
|
||||
galaxy_tags: []
|
||||
|
||||
dependencies: []
|
10
tasks/main.yml
Normal file
10
tasks/main.yml
Normal file
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
- name: template connection files
|
||||
template:
|
||||
src: nmconnection.j2
|
||||
dest: "/etc/NetworkManager/system-connections/{{ nmconnection.id }}.nmconnection
|
||||
mode: "600"
|
||||
loop: "{{ network_manager_connections }}"
|
||||
loop_control:
|
||||
loop_var: 'nmconnection'
|
||||
notify: "reload network manager"
|
58
templates/nmconnection.j2
Normal file
58
templates/nmconnection.j2
Normal file
|
@ -0,0 +1,58 @@
|
|||
[connection]
|
||||
id={{ nmconnection.id }}
|
||||
uuid={{ nmconnection.uuid }}
|
||||
type={{ nmconnection.type }}
|
||||
interface-name={{ nmconnection.interface_name }}
|
||||
permissions=
|
||||
|
||||
{% if nmconnection.type is 'wifi' %}
|
||||
[wifi]
|
||||
mode={{ nmconnection.wifi.mode | default('infrastructure') }}
|
||||
ssid={{ nmconnection.wifi.ssid }}
|
||||
cloned-mac-address={{ nmconnection.wifi.cloned_mac_address | default('random') }}
|
||||
|
||||
[wifi-security]
|
||||
{% if nmconnection.wifi.key_mgmt is 'wep %}
|
||||
auth-alg={{ nmconnection.wifi.auth_alg }}
|
||||
{% else %}
|
||||
auth-alg=open
|
||||
{% endif %}
|
||||
key-mgmt={{ nmconnection.wifi.key_mgmt }}
|
||||
{% if nmconnection.wifi.key_mgmt is 'wpa-psk' %}
|
||||
psk={{ nmconnection.wifi.psk }}
|
||||
psk-flags=0
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
{% if nmconnection.type is 'wireguard %}
|
||||
[wireguard]
|
||||
private-key={{ nmconnection.wireguard.private_key }}
|
||||
{% if nmconnection.wireguard.listen_port is defined %}
|
||||
listen-port={{ nmconnection.wireguard.listen_port }}
|
||||
{% endif %}
|
||||
fwmark={{ wgpeer.fwmark | default(0) }}
|
||||
|
||||
{% for wgpeer in nmconnection.wireguard.peers %}
|
||||
[wireguard-peer.{{ wgpeer.public_key }}]
|
||||
{% if wgpeer.endpoint is defined %}
|
||||
endpoint={{ wgpeer.endpoint }}
|
||||
{% endif %}
|
||||
persistent-keepalive={{ wgpeer.persistent_keepalive | default(0) }}
|
||||
allowed-ips={{ wgpeer.allowed_ips | join(',') }}
|
||||
{% if wgpeer.preshared_key is defined %}
|
||||
preshared-key={{ wgpeer.preshared_key }}
|
||||
preshared-key-flags=0
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
[ipv4]
|
||||
dns-search=
|
||||
method=disabled
|
||||
|
||||
[ipv6]
|
||||
addr-gen-mode=stable-privacy
|
||||
dns-search=
|
||||
method=ignore
|
||||
|
||||
[proxy]
|
1
vars/main.yml
Normal file
1
vars/main.yml
Normal file
|
@ -0,0 +1 @@
|
|||
---
|
Loading…
Reference in a new issue