From 497df05480517b6250e1779726870166e5e1d7a1 Mon Sep 17 00:00:00 2001
From: Neven Miculinic <neven.miculinic@gmail.com>
Date: Tue, 7 May 2019 13:54:01 +0200
Subject: [PATCH] Added wg-operator role

---
 README.md                                    | 12 +++++++++
 deploy/playbook.yml                          |  3 +++
 deploy/role/defaults/main.yml                | 20 +++++++++++++++
 deploy/role/handlers/main.yml                |  5 ++++
 deploy/role/tasks/install.yml                | 11 +++++++++
 deploy/role/tasks/main.yml                   |  6 +++++
 deploy/role/tasks/systemd.yml                | 26 ++++++++++++++++++++
 deploy/role/templates/wg-operator.service.j2 | 23 +++++++++++++++++
 8 files changed, 106 insertions(+)
 create mode 100644 deploy/playbook.yml
 create mode 100644 deploy/role/defaults/main.yml
 create mode 100644 deploy/role/handlers/main.yml
 create mode 100644 deploy/role/tasks/install.yml
 create mode 100644 deploy/role/tasks/main.yml
 create mode 100644 deploy/role/tasks/systemd.yml
 create mode 100644 deploy/role/templates/wg-operator.service.j2

diff --git a/README.md b/README.md
index 9a753418..3d210d22 100644
--- a/README.md
+++ b/README.md
@@ -33,6 +33,14 @@ It's located at:
 
 * https://gitlab.com/neven-miculinic/wg-operator/container_registry
 
+Per tag images:
+
+* registry.gitlab.com/neven-miculinic/wg-operator:<tag>-<arch>
+
+Example:
+
+* registry.gitlab.com/neven-miculinic/wg-operator:v0.1.0-amd64
+
 Per branch images:
 
 registry.gitlab.com/neven-miculinic/wg-operator:<branch-name>-<arch>
@@ -45,3 +53,7 @@ Example:
 * registry.gitlab.com/neven-miculinic/wg-operator:master-amd64
 * registry.gitlab.com/neven-miculinic/wg-operator:master-arm32v7
 * registry.gitlab.com/neven-miculinic/wg-operator:master-arm64v8
+
+# Bare metal deployment
+
+There's ansible role in the `deploy/role` with example playbook in `deploy/playbook.yml`
diff --git a/deploy/playbook.yml b/deploy/playbook.yml
new file mode 100644
index 00000000..e6179665
--- /dev/null
+++ b/deploy/playbook.yml
@@ -0,0 +1,3 @@
+- hosts: wireguard
+  roles:
+    - { role: role}
diff --git a/deploy/role/defaults/main.yml b/deploy/role/defaults/main.yml
new file mode 100644
index 00000000..8ce365ac
--- /dev/null
+++ b/deploy/role/defaults/main.yml
@@ -0,0 +1,20 @@
+wg_operator:
+  user: root
+  install_dir: /usr/local/bin
+  config_dir: "/etc/wg-operator"
+  version: v0.1.0
+  watch_namespace: wg-operator
+  kubeconfig: "/etc/wg-operator/wg-operator.kubeconfig"
+  downloads:
+    x86_64:
+      suffix: amd64
+      checksum:
+        v0.1.0: sha256:6d87eba3902e3f0324620bdfb1d3d1dca160c4af84fe1a6e92b0d852ee2c7b01
+    aarch64:
+      suffix: arm64v8
+      checksum:
+        v0.1.0:  sha256:46f9ce228b74034380ff9daccf817e783534592a868d24bdd99f9214a0c2d55e
+    armv7l:
+      suffix: arm32v7
+      checksum:
+        v0.1.0: sha256:04db4d3fc2878343ad1d67e5eda3b7794c07ea46b35dad8de8f4ee3aae941005
diff --git a/deploy/role/handlers/main.yml b/deploy/role/handlers/main.yml
new file mode 100644
index 00000000..391afc66
--- /dev/null
+++ b/deploy/role/handlers/main.yml
@@ -0,0 +1,5 @@
+- name: wg-operator restart
+  systemd:
+      name: wg-operator
+      daemon_reload: yes
+      state: restarted
diff --git a/deploy/role/tasks/install.yml b/deploy/role/tasks/install.yml
new file mode 100644
index 00000000..af724175
--- /dev/null
+++ b/deploy/role/tasks/install.yml
@@ -0,0 +1,11 @@
+- name: Install x86-64
+  get_url:
+    url: "{{ download_url }}"
+    dest: "{{ wg_operator.install_dir }}/wg-operator"
+    checksum: "{{ download_checksum }}"
+    mode: 755
+    owner: root
+    group: root
+  vars:
+    download_url: https://github.com/KrakenSystems/wg-operator/releases/download/{{ wg_operator.version }}/wg-operator{{ wg_operator.downloads[ansible_architecture].suffix }}
+    download_checksum: "{{ wg_operator.downloads[ansible_architecture].checksum[wg_operator.version] }}"
diff --git a/deploy/role/tasks/main.yml b/deploy/role/tasks/main.yml
new file mode 100644
index 00000000..8548f87d
--- /dev/null
+++ b/deploy/role/tasks/main.yml
@@ -0,0 +1,6 @@
+- import_tasks: install.yml
+  tags:
+  - install
+- import_tasks: systemd.yml
+  tags:
+  - systemd
diff --git a/deploy/role/tasks/systemd.yml b/deploy/role/tasks/systemd.yml
new file mode 100644
index 00000000..06d06423
--- /dev/null
+++ b/deploy/role/tasks/systemd.yml
@@ -0,0 +1,26 @@
+- name: "create user"
+  user:
+    name: "{{ wg_operator.user }}"
+    create_home: false
+    state: present
+- name: Config dir
+  file:
+      path: "{{ wg_operator.config_dir }}"
+      group: "{{ wg_operator.user }}"
+      owner: "{{ wg_operator.user }}"
+      state: directory
+      mode: 0755
+- name: Setup systemd service
+  template:
+      dest: /etc/systemd/system/wg-operator.service
+      src: "templates/wg-operator.service.j2"
+      group: root
+      owner: root
+      mode: 0644
+  notify: wg-operator restart
+- name: Start system service
+  systemd:
+      name: wg-operator
+      enabled: true
+      daemon_reload: true
+      state: started
diff --git a/deploy/role/templates/wg-operator.service.j2 b/deploy/role/templates/wg-operator.service.j2
new file mode 100644
index 00000000..910a90cb
--- /dev/null
+++ b/deploy/role/templates/wg-operator.service.j2
@@ -0,0 +1,23 @@
+[Unit]
+Description=wg operator
+Documentation=https://github.com/KrakenSystems/wg-operator
+After=network.target
+
+[Service]
+User={{ wg_operator.user }}
+Type=simple
+Environment=WATCH_NAMESPACE={{ wg_operator.watch_namespace}}
+ExecStart={{ wg_operator.install_dir }}/wg-operator \
+--kubeconfig {{ wg_operator.kubeconfig }} \
+--mode=server \
+--route-metric=200 \
+--wg-interface=wg0 \
+--node-name={{ inventory_hostname }} \
+--wg-private-key-file=/etc/wireguard/wg0.key \
+--sync-config
+
+Restart=always
+RestartSec=10s
+
+[Install]
+WantedBy=multi-user.target