Added wg-operator role

README.md

@@ -33,6 +33,14 @@ It's located at:
 
 * https://gitlab.com/neven-miculinic/wg-operator/container_registry
 
+Per tag images:
+
+* registry.gitlab.com/neven-miculinic/wg-operator:<tag>-<arch>
+
+Example:
+
+* registry.gitlab.com/neven-miculinic/wg-operator:v0.1.0-amd64
+
 Per branch images:
 
 registry.gitlab.com/neven-miculinic/wg-operator:<branch-name>-<arch>
@@ -45,3 +53,7 @@ Example:
 * registry.gitlab.com/neven-miculinic/wg-operator:master-amd64
 * registry.gitlab.com/neven-miculinic/wg-operator:master-arm32v7
 * registry.gitlab.com/neven-miculinic/wg-operator:master-arm64v8
+
+# Bare metal deployment
+
+There's ansible role in the `deploy/role` with example playbook in `deploy/playbook.yml`

deploy/playbook.yml

@@ -0,0 +1,3 @@
+- hosts: wireguard
+  roles:
+    - { role: role}

deploy/role/defaults/main.yml

@@ -0,0 +1,20 @@
+wg_operator:
+  user: root
+  install_dir: /usr/local/bin
+  config_dir: "/etc/wg-operator"
+  version: v0.1.0
+  watch_namespace: wg-operator
+  kubeconfig: "/etc/wg-operator/wg-operator.kubeconfig"
+  downloads:
+    x86_64:
+      suffix: amd64
+      checksum:
+        v0.1.0: sha256:6d87eba3902e3f0324620bdfb1d3d1dca160c4af84fe1a6e92b0d852ee2c7b01
+    aarch64:
+      suffix: arm64v8
+      checksum:
+        v0.1.0:  sha256:46f9ce228b74034380ff9daccf817e783534592a868d24bdd99f9214a0c2d55e
+    armv7l:
+      suffix: arm32v7
+      checksum:
+        v0.1.0: sha256:04db4d3fc2878343ad1d67e5eda3b7794c07ea46b35dad8de8f4ee3aae941005

deploy/role/handlers/main.yml

@@ -0,0 +1,5 @@
+- name: wg-operator restart
+  systemd:
+      name: wg-operator
+      daemon_reload: yes
+      state: restarted

deploy/role/tasks/install.yml

@@ -0,0 +1,11 @@
+- name: Install x86-64
+  get_url:
+    url: "{{ download_url }}"
+    dest: "{{ wg_operator.install_dir }}/wg-operator"
+    checksum: "{{ download_checksum }}"
+    mode: 755
+    owner: root
+    group: root
+  vars:
+    download_url: https://github.com/KrakenSystems/wg-operator/releases/download/{{ wg_operator.version }}/wg-operator{{ wg_operator.downloads[ansible_architecture].suffix }}
+    download_checksum: "{{ wg_operator.downloads[ansible_architecture].checksum[wg_operator.version] }}"

deploy/role/tasks/main.yml

@@ -0,0 +1,6 @@
+- import_tasks: install.yml
+  tags:
+  - install
+- import_tasks: systemd.yml
+  tags:
+  - systemd

deploy/role/tasks/systemd.yml

@@ -0,0 +1,26 @@
+- name: "create user"
+  user:
+    name: "{{ wg_operator.user }}"
+    create_home: false
+    state: present
+- name: Config dir
+  file:
+      path: "{{ wg_operator.config_dir }}"
+      group: "{{ wg_operator.user }}"
+      owner: "{{ wg_operator.user }}"
+      state: directory
+      mode: 0755
+- name: Setup systemd service
+  template:
+      dest: /etc/systemd/system/wg-operator.service
+      src: "templates/wg-operator.service.j2"
+      group: root
+      owner: root
+      mode: 0644
+  notify: wg-operator restart
+- name: Start system service
+  systemd:
+      name: wg-operator
+      enabled: true
+      daemon_reload: true
+      state: started

deploy/role/templates/wg-operator.service.j2

@@ -0,0 +1,23 @@
+[Unit]
+Description=wg operator
+Documentation=https://github.com/KrakenSystems/wg-operator
+After=network.target
+
+[Service]
+User={{ wg_operator.user }}
+Type=simple
+Environment=WATCH_NAMESPACE={{ wg_operator.watch_namespace}}
+ExecStart={{ wg_operator.install_dir }}/wg-operator \
+--kubeconfig {{ wg_operator.kubeconfig }} \
+--mode=server \
+--route-metric=200 \
+--wg-interface=wg0 \
+--node-name={{ inventory_hostname }} \
+--wg-private-key-file=/etc/wireguard/wg0.key \
+--sync-config
+
+Restart=always
+RestartSec=10s
+
+[Install]
+WantedBy=multi-user.target