commit cc478594289e8c47f4fb2183c4941e434e86b17d Author: Jan Christian Grünhage Date: Mon Apr 13 12:18:15 2020 +0200 initial commit diff --git a/README.md b/README.md new file mode 100644 index 0000000..18048a7 --- /dev/null +++ b/README.md @@ -0,0 +1,61 @@ +Network Manager Role +==================== + +Configure system connections managed by NetworkManager by templating the +`nmconnection` files. Right now, only `wireguard` and `wifi` connection +types are supported. + +Requirements +------------ + +The role doesn't install anything currently, so NetworkManager should already be installed, including the `nmcli` cli tool. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +```yaml +- hosts: all + roles: + - network-manager + vars: + network_manager_connections: + - id: home-wifi + uuid: 851139a3-54b5-4736-8dc0-f04d4b9de366 + type: wifi + interface_name: wlan0 + wifi: + ssid: home-wifi + key_mgmt: wpa-psk + psk: "secret wifi passphrase" + - id: wireguard + uuid: 3ecc827f-2dfb-4972-885b-98f6316e7d2f + type: wireguard + interface_name: wg0 + wireguard: + # generate with `wg genkey > privkey` + private_key: UJHMW7viOL4zEbTSW8t1tHnGzAEqHv7bIYfHeYyLsWg= + listen_port: 45678 # optional + peers: + # generate with `wg pubkey < privkey > pubkey` + - public_key: K5juPTGX3f6ZVwOh4rFYBHtMUPeJHdOWbleMo4l9Ynw= + endpoint: 1.2.3.4:56789 # optional + allowed_ips: + - "0.0.0.0/0" + - "::0/0" + # generate with `wg genpsk > presharedkey`, optional + preshared_key: 9keMl5YXH/rVzdpvJx/lRsyeKVnC7bqlKljTxJ+BJs4= + +License +------- + +AGPL-3.0-only diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1 @@ +--- diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..833c6a9 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,4 @@ +--- +- name: reload network manager + command: "nmcli reload" + become: yes diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..88f6d72 --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,12 @@ +galaxy_info: + author: Jan Christian Grünhage + description: Managing NetworkManager system-connections + issue_tracker_url: https://git.jcg.re/ansible-roles/network-manager/issues + + license: AGPL-3.0-only + + min_ansible_version: 2.5 + + galaxy_tags: [] + +dependencies: [] diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..e5f667e --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,10 @@ +--- +- name: template connection files + template: + src: nmconnection.j2 + dest: "/etc/NetworkManager/system-connections/{{ nmconnection.id }}.nmconnection + mode: "600" + loop: "{{ network_manager_connections }}" + loop_control: + loop_var: 'nmconnection' + notify: "reload network manager" diff --git a/templates/nmconnection.j2 b/templates/nmconnection.j2 new file mode 100644 index 0000000..3feacaf --- /dev/null +++ b/templates/nmconnection.j2 @@ -0,0 +1,58 @@ +[connection] +id={{ nmconnection.id }} +uuid={{ nmconnection.uuid }} +type={{ nmconnection.type }} +interface-name={{ nmconnection.interface_name }} +permissions= + +{% if nmconnection.type is 'wifi' %} +[wifi] +mode={{ nmconnection.wifi.mode | default('infrastructure') }} +ssid={{ nmconnection.wifi.ssid }} +cloned-mac-address={{ nmconnection.wifi.cloned_mac_address | default('random') }} + +[wifi-security] +{% if nmconnection.wifi.key_mgmt is 'wep %} +auth-alg={{ nmconnection.wifi.auth_alg }} +{% else %} +auth-alg=open +{% endif %} +key-mgmt={{ nmconnection.wifi.key_mgmt }} +{% if nmconnection.wifi.key_mgmt is 'wpa-psk' %} +psk={{ nmconnection.wifi.psk }} +psk-flags=0 +{% endif %} +{% endif %} + +{% if nmconnection.type is 'wireguard %} +[wireguard] +private-key={{ nmconnection.wireguard.private_key }} +{% if nmconnection.wireguard.listen_port is defined %} +listen-port={{ nmconnection.wireguard.listen_port }} +{% endif %} +fwmark={{ wgpeer.fwmark | default(0) }} + +{% for wgpeer in nmconnection.wireguard.peers %} +[wireguard-peer.{{ wgpeer.public_key }}] +{% if wgpeer.endpoint is defined %} +endpoint={{ wgpeer.endpoint }} +{% endif %} +persistent-keepalive={{ wgpeer.persistent_keepalive | default(0) }} +allowed-ips={{ wgpeer.allowed_ips | join(',') }} +{% if wgpeer.preshared_key is defined %} +preshared-key={{ wgpeer.preshared_key }} +preshared-key-flags=0 +{% endif %} +{% endfor %} +{% endif %} + +[ipv4] +dns-search= +method=disabled + +[ipv6] +addr-gen-mode=stable-privacy +dns-search= +method=ignore + +[proxy] diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/vars/main.yml @@ -0,0 +1 @@ +---