-
Notifications
You must be signed in to change notification settings - Fork 185
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support use of wireguard-go on non-OS X platforms #103
Comments
(I'm going to spend a bit of time experimenting on getting this working.) |
Applying this to 5178a9a seems to have done the trick for me, I have a working connection between my module-using local system and remote wireguard-go-using OpenVZ system! This is obviously pretty rough: it presupposes an apt-based system, uses an unofficial PPA for Go, and could definitely be better Ansible, but I'm unblocked at least! diff --git a/defaults/main.yml b/defaults/main.yml
index fea6eec..b3c98fb 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -24,6 +24,8 @@ wireguard_conf_group: "{{ 'root' if not ansible_os_family == 'Darwin' else 'whee
# The default mode of the wg.conf file
wireguard_conf_mode: 0600
+wireguard_use_wireguard_go: false
+
#######################################
# Settings only relevant for Ubuntu
diff --git a/tasks/main.yml b/tasks/main.yml
index 9f0a42a..6264ab1 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -25,7 +25,7 @@
failed_when: wireguard__register_module_enabled is failure
tags:
- wg-install
- when: not ansible_os_family == 'Darwin'
+ when: not ansible_os_family == 'Darwin' and not wireguard_use_wireguard_go
- block:
# Key handling [[[1
diff --git a/tasks/setup-ubuntu.yml b/tasks/setup-ubuntu.yml
index c25b724..003cd06 100644
--- a/tasks/setup-ubuntu.yml
+++ b/tasks/setup-ubuntu.yml
@@ -22,6 +22,7 @@
- wg-install
when:
- ansible_lsb.major_release is version('19.10', '<')
+ - not wireguard_use_wireguard_go
- name: (Ubuntu) Ensure WireGuard DKMS package is removed
apt:
@@ -31,9 +32,70 @@
tags:
- wg-install
+# TODO: Could likely just do wireguard-tools?
- name: (Ubuntu) Install wireguard package
apt:
name: "wireguard"
state: present
tags:
- wg-install
+
+# TODO: No need for this on more recent Ubuntu releases
+- name: "(Ubuntu | wireguard-go) Add PPA for Go 1.16"
+ apt_repository:
+ repo: ppa:longsleep/golang-backports
+ when:
+ - wireguard_use_wireguard_go
+
+- name: (Ubuntu | wireguard-go) Install packages required to compile wireguard-go
+ apt:
+ name:
+ - golang-go
+ - make
+ - unzip
+ when:
+ - wireguard_use_wireguard_go
+
+- name: (Ubuntu | wireguard-go) Download wireguard-go source
+ get_url:
+ url: https://git.zx2c4.com/wireguard-go/snapshot/wireguard-go-0.0.20201118.zip
+ dest: /tmp/wireguard-go.zip
+ when:
+ - wireguard_use_wireguard_go
+
+- name: (Ubuntu | wireguard-go) Create working directory
+ file:
+ state: directory
+ path: /tmp/wireguard-go/src
+ when:
+ - wireguard_use_wireguard_go
+
+- name: (Ubuntu | wireguard-go) Unzip wireguard-go source
+ unarchive:
+ src: /tmp/wireguard-go.zip
+ dest: /tmp/wireguard-go/src
+ remote_src: true
+ when:
+ - wireguard_use_wireguard_go
+
+- name: (Ubuntu | wireguard-go) Move archive contents to predictable path
+ shell: mv /tmp/wireguard-go/src/wireguard-go-*/* /tmp/wireguard-go/
+ args:
+ creates: /tmp/wireguard-go/main.go
+ when:
+ - wireguard_use_wireguard_go
+
+- name: (Ubuntu | wireguard-go) Build wireguard-go
+ command: make
+ args:
+ chdir: /tmp/wireguard-go
+ creates: /tmp/wireguard-go/wireguard-go
+ when:
+ - wireguard_use_wireguard_go
+
+- name: (Ubuntu | wireguard-go) Install wireguard-go to /usr/local
+ command: mv /tmp/wireguard-go/wireguard-go /usr/local/bin/
+ args:
+ creates: /usr/local/bin/wireguard-go
+ when:
+ - wireguard_use_wireguard_go |
Well, to be honest I don't think it makes sense to compile So instead of If someone defines ``wireguard_go_binary_src That's my 2 cents for now 😉 |
Thanks for the thoughtful review, much appreciated! Yep, I agree that compilation on-host is unnecessary (in the majority of cases, at least) and that removing it would simplify matters substantially. |
Not all Linux hosts have access to their kernel (e.g. LXD containers, OpenVZ guests) to load a kernel module. For such environments, wireguard-go is required: it would be great if this role could provide such support.
The text was updated successfully, but these errors were encountered: