Install and download wireguard-ui

.github/FUNDING.yml

@@ -0,0 +1,4 @@
+---
+
+github: [do1jlr]
+liberapay: l3d

.github/dependabot.yml

@@ -0,0 +1,14 @@
+---
+# See https://docs.github.com/en/github/administering-a-repository/configuration-options-for-dependency-updates
+version: 2
+updates:
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+
+  - package-ecosystem: "gitsubmodule"
+    directory: "/"
+    schedule:
+      interval: "weekly"

.github/workflows/ansible-linting-check.yml

@@ -0,0 +1,22 @@
+---
+name: Ansible Lint check
+
+# yamllint disable-line rule:truthy
+on: [push, pull_request]
+
+jobs:
+  build:
+    name: Ansible Lint
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout git repo
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+          fetch-depth: 0
+
+      - name: Run ansible-lint
+        uses: ansible-actions/ansible-lint-action@v1.0.3
+        with:
+          target: "./"

.github/workflows/galaxy.yml

@@ -0,0 +1,22 @@
+---
+name: Galaxy release
+
+# yamllint disable-line rule:truthy
+on:
+  release:
+    types: ['created']
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'checkout git repo'
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+          fetch-depth: 0
+
+      - name: "Publish Ansible"
+        uses: ansible/ansible-publish-action@v1.0.0
+        with:
+          api_key: "${{ secrets.GALAXY_API_KEY }}"

.github/workflows/j2lint-check.yml

@@ -0,0 +1,22 @@
+---
+name: Jinja2 Linting check
+
+# yamllint disable-line rule:truthy
+on: [push, pull_request]
+
+jobs:
+  build:
+    name: Jinja2 Linting
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout git repo
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+          fetch-depth: 0
+
+      - name: Run j2lint
+        uses: ansible-actions/j2lint-action@v0.0.1
+        with:
+          target: "./"

.github/workflows/yamllint-check.yml

@@ -0,0 +1,22 @@
+---
+name: Yamllint check
+
+# yamllint disable-line rule:truthy
+on: [push, pull_request]
+
+jobs:
+  build:
+    name: Yamllint
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout git repo
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+          fetch-depth: 0
+
+      - name: Run yamllint
+        uses: ansible-actions/yamllint-action@v0.0.2
+        with:
+          target: "./"

README.md

@@ -1,2 +1,4 @@
 # ansible_collections_wireguard
 Ansible Collection to configure wireguard
+
+Work in Progress

galaxy.yml

@@ -0,0 +1,63 @@
+---
+### REQUIRED
+# The namespace of the collection. This can be a company/brand/organization or product namespace under which all
+# content lives. May only contain alphanumeric lowercase characters and underscores. Namespaces cannot start with
+# underscores or numbers and cannot contain consecutive underscores
+namespace: l3d
+
+# The name of the collection. Has the same character restrictions as 'namespace'
+name: wireguard
+
+# The version of the collection. Must be compatible with semantic versioning
+version: 1.0.0
+
+# The path to the Markdown (.md) readme file. This path is relative to the root of the collection
+readme: README.md
+
+# A list of the collection's content authors. Can be just the name or in the format 'Full Name <email> (url)
+# @nicks:irc/im.site#channel'
+authors:
+  - L3D <l3d@c3woc.de>
+
+
+### OPTIONAL but strongly recommended
+# A short summary description of the collection
+description: Ansible Collection to install and configure wireguard-ui
+
+# Either a single license or a list of licenses for content inside of a collection. Ansible Galaxy currently only
+# accepts L(SPDX,https://spdx.org/licenses/) licenses. This key is mutually exclusive with 'license_file'
+license:
+  - MIT
+
+# A list of tags you want to associate with the collection for indexing/searching. A tag name has the same character
+# requirements as 'namespace' and 'name'
+tags:
+  - wireguard
+  - wireguard-ui
+  - linux
+
+# Collections that this collection requires to be installed for it to be usable. The key of the dict is the
+# collection label 'namespace.name'. The value is a version range
+# L(specifiers,https://python-semanticversion.readthedocs.io/en/latest/#requirement-specification). Multiple version
+# range specifiers can be set and are separated by ','
+dependencies:
+  "community.general": ">=9.5.0,<11.0.0"
+
+# The URL of the originating SCM repository
+repository: https://github.com/roles-ansible/ansible_collection_wireguard.git
+
+# The URL to the homepage of the collection/project
+homepage: https://ansible.l3d.space/#l3d.wireguard
+
+# A list of file glob-like patterns used to filter any files or directories that should not be included in the build
+# artifact. A pattern is matched from the relative path of the file or directory of the collection directory. This
+# uses 'fnmatch' to match the files or directories. Some directories and files like 'galaxy.yml', '*.pyc', '*.retry',
+# and '.git' are always filtered. Mutually exclusive with 'manifest'
+build_ignore: []
+
+# A dict controlling use of manifest directives used in building the collection artifact. The key 'directives' is a
+# list of MANIFEST.in style
+# L(directives,https://packaging.python.org/en/latest/guides/using-manifest-in/#manifest-in-commands). The key
+# 'omit_default_directives' is a boolean that controls whether the default directives are used. Mutually exclusive
+# with 'build_ignore'
+# manifest: null

meta/runtime.yml

@@ -0,0 +1,2 @@
+---
+requires_ansible: '>=2.17.4'

roles/wireguardui/defaults/main.yml

@@ -0,0 +1,5 @@
+---
+wireguardui__version: 'latest'
+
+# Optional perform simple Versionscheck
+submodules_versioncheck: false

roles/wireguardui/tasks/download.yml

@@ -0,0 +1,46 @@
+---
+- name: Dependency block
+  block:
+    - name: Update apt cache
+      become: true
+      ansible.builtin.apt:
+        cache_valid_time: 3600
+        update_cache: true
+      register: _pre_update_apt_cache
+      until: _pre_update_apt_cache is succeeded
+      when:
+        - ansible_pkg_mgr == "apt"
+
+    - name: Install dependencies
+      become: true
+      ansible.builtin.package:
+        name: "{{ item }}"
+        state: present
+      with_items: "{{ wireguardui__dependencies }}"
+
+- name: Create temporary directory
+  become: true
+  ansible.builtin.tempfile:
+    state: directory
+    suffix: wireguardui
+  register: wireguardui__tmp
+  when: (not ansible_check_mode and (wireguardui__active_version.stdout[1:] != wireguardui__version_target))
+
+- name: Download wireguard-ui
+  become: true
+  ansible.builtin.get_url:
+    url: "{{ wireguardui__dl_url }}/{{ wireguardui__filename }}"
+    checksum: "md5:{{ wireguardui__dl_url }}/{{ wireguardui__filename }}.md5"
+    dest: "{{ wireguardui__tmp.path }}/{{ wireguardui__filename }}"
+    mode: '0640'
+    owner: 'root'
+    group: 'root'
+  when: (not ansible_check_mode and (wireguardui__active_version.stdout[1:] != wireguardui__version_target))
+
+- name: Unarchive wireguardui
+  become: true
+  ansible.builtin.unarchive:
+    src: "{{ wireguardui__tmp.path }}/{{ wireguardui__filename }}"
+    dest: '/usr/local/bin'
+    remote_src: true
+  when: (not ansible_check_mode and (wireguardui__active_version.stdout[1:] != wireguardui__version_target))

roles/wireguardui/tasks/main.yml

@@ -0,0 +1,13 @@
+---
+- name: Run simple versionscheck (optional)
+  ansible.builtin.include_tasks:
+    file: 'versioncheck.yml'
+  when: submodules_versioncheck | bool
+
+- name: Set version for wireguard-ui
+  ansible.builtin.include_tasks:
+    file: 'set_version.yml'
+
+- name: Download wireguard-ui
+  ansible.builtin.include_tasks:
+    file: 'download.yml'

roles/wireguardui/tasks/set_version.yml

@@ -0,0 +1,60 @@
+---
+- name: "Check wireguard-ui installed version"
+  ansible.builtin.shell: |
+    set -eo pipefail
+    {{ wireguardui__full_executable_path }} -wg-conf-template /dev/invalid | grep 'App Version' | cut -d ' ' -f 3
+  args:
+    executable: /bin/bash
+  register: wireguardui__active_version
+  changed_when: false
+  failed_when: false
+
+- name: Optionally print wireguardui__active_version
+  ansible.builtin.debug:
+    msg: "{{ wireguardui__active_version.stdout }}"
+    verbosity: 1
+
+- name: "Determine 'latest' version release"
+  when: wireguardui__version == "latest"
+  block:
+    - name: "Get latest gitea release metadata"
+      ansible.builtin.uri:
+        url: https://api.github.com/repos/ngoduykhanh/wireguard-ui/releases/latest
+        return_content: true
+      register: wiregardui__remote_metadata
+      become: false
+      when: not ansible_check_mode
+
+    - name: "Fail if running in check mode without versions set."
+      ansible.builtin.fail:
+        msg: |
+          "You are running this playbook in check mode:
+          Please set the wireguard-ui version with the variable 'wireguardui__version', because the URI module cannot detect the latest version in this mode."
+      when: ansible_check_mode and (wireguardui__version == 'latest')
+
+    - name: "Set fact latest wireguard-ui release"
+      ansible.builtin.set_fact:
+        wireguardui__remote_version: "{{ wiregardui__remote_metadata.json.tag_name[1:] }}"
+      when: not ansible_check_mode
+
+    - name: "Set wireguard-ui version target (latest)"
+      ansible.builtin.set_fact:
+        wireguardui__version_target: "{{ wireguardui__remote_version }}"
+      when: not ansible_check_mode
+
+- name: "Set wireguard-ui version target {{ wireguardui__version }}"
+  ansible.builtin.set_fact:
+    wireguardui__version_target: "{{ wireguardui__version }}"
+  when: wireguardui__version != "latest"
+
+- name: 'Assert that remote version is higher'
+  ansible.builtin.assert:
+    that:
+      - wireguardui__active_version is version(wireguardui__remote_version, 'lt')
+    fail_msg: ERROR - Remote version is lower then current version!
+  when: wireguardui__version == "latest" and wireguardui__active_version.stderr == "" | bool
+
+- name: "Generate gitea download URL"
+  ansible.builtin.set_fact:
+    wireguardui__dl_url: "https://github.com/ngoduykhanh/wireguard-ui/releases/download/v{{ wireguardui__version_target }}"
+    wireguardui__filename: "wireguard-ui-v{{ wireguardui__version_target }}-linux-{{ wireguardui__arch }}.tar.gz"

roles/wireguardui/tasks/versioncheck.yml

@@ -0,0 +1,44 @@
+---
+# Copyright (c) 2021 L3D <l3d@c3woc.de>
+# this file is released with the MIT license.
+# License: https://github.com/roles-ansible/ansible_role_template/blob/main/LICENSE
+- name: Create directory for versionscheck
+  become: true
+  ansible.builtin.file:
+    path: '/etc/.ansible-version'
+    state: directory
+    mode: "0755"
+  when: packages__submodules_versioncheck | bool
+
+- name: Check playbook version
+  become: true
+  ansible.builtin.slurp:
+    src: "/etc/.ansible-version/{{ packages__playbook_version_path }}"
+  register: playbook_version
+  when: packages__submodules_versioncheck | bool
+  failed_when: false
+
+- name: Print remote role version  # noqa: H500
+  ansible.builtin.debug:
+    msg: "Remote role version: {{ playbook_version.content | default('Y3VycmVudGx5IG5vdCBkZXBsb3llZAo=') | b64decode | string }}"
+  when: packages__submodules_versioncheck | bool
+
+- name: Print locale role version  # noqa: H500
+  ansible.builtin.debug:
+    msg: "Local role version: '{{ packages__playbook_version_number | string }}'."
+  when: packages__submodules_versioncheck | bool
+
+- name: Check if your version is outdated
+  ansible.builtin.fail:
+    msg: "Your ansible module has the version '{{ packages__playbook_version_number }}' and is outdated. You need to update it!"
+  when:
+    - playbook_version.content|default("Mgo=")|b64decode|int - 1 >= packages__playbook_version_number|int and packages__submodules_versioncheck | bool
+
+- name: Write new version to remote disk
+  become: true
+  ansible.builtin.copy:
+    content: "{{ packages__playbook_version_number }}"
+    dest: "/etc/.ansible-version/{{ packages__playbook_version_path }}"
+    mode: '0644'
+  when: packages__submodules_versioncheck | bool
+  tags: skip_ansible_lint_template-instead-of-copy

roles/wireguardui/vars/main.yml

@@ -0,0 +1,17 @@
+---
+wireguardui__dependencies: []
+
+wireguardui__full_executable_path: '/usr/local/bin/wireguard-ui'
+
+wireguardui__go_arch_map:
+  i386: '386'
+  x86_64: 'amd64'
+  aarch64: 'arm64'
+  armv7l: 'arm'
+  armv6l: 'arm'
+  armv5l: 'arm'
+
+wireguardui__arch: "{{ wireguardui__go_arch_map[ansible_architecture] | default(ansible_architecture) }}"
+
+packages__playbook_version_number: 3
+packages__playbook_version_path: 'l3d.wireguard.wireguardui.version'