From 3bb33db037e735d6a395d803649e88ed36b0d9d6 Mon Sep 17 00:00:00 2001 From: gemini Date: Fri, 27 Feb 2026 10:02:17 +0100 Subject: [PATCH] feat(wireguard_server): Add wstunnel server setup --- roles/wireguard_server/handlers/main.yml | 9 ++-- roles/wireguard_server/tasks/main.yml | 3 ++ roles/wireguard_server/tasks/wstunnel.yml | 56 +++++++++++++++++++++++ 3 files changed, 64 insertions(+), 4 deletions(-) create mode 100644 roles/wireguard_server/tasks/wstunnel.yml diff --git a/roles/wireguard_server/handlers/main.yml b/roles/wireguard_server/handlers/main.yml index 2a68778..e7e190c 100644 --- a/roles/wireguard_server/handlers/main.yml +++ b/roles/wireguard_server/handlers/main.yml @@ -1,6 +1,7 @@ --- -# handlers file for wireguard-server -- name: wireguard-server restart - ansible.builtin.service: - name: wg-quick@wireguardserver +# handlers file for wireguard_server +- name: Restart wstunnel + ansible.builtin.systemd: + name: wstunnel state: restarted + become: true diff --git a/roles/wireguard_server/tasks/main.yml b/roles/wireguard_server/tasks/main.yml index 95931d5..4098843 100644 --- a/roles/wireguard_server/tasks/main.yml +++ b/roles/wireguard_server/tasks/main.yml @@ -1,4 +1,7 @@ --- +- name: WStunnel setup + ansible.builtin.import_tasks: wstunnel.yml + - name: Copy config template: src: ../templates/wireguardserver.conf diff --git a/roles/wireguard_server/tasks/wstunnel.yml b/roles/wireguard_server/tasks/wstunnel.yml new file mode 100644 index 0000000..7c943a3 --- /dev/null +++ b/roles/wireguard_server/tasks/wstunnel.yml @@ -0,0 +1,56 @@ +--- +- name: Check if wstunnel is already installed + ansible.builtin.stat: + path: /usr/local/bin/wstunnel + register: wstunnel_binary + +- name: Download and install wstunnel + when: not wstunnel_binary.stat.exists + block: + - name: Download and unarchive wstunnel package + ansible.builtin.unarchive: + src: https://github.com/erebe/wstunnel/releases/download/v5.1/wstunnel_5.1_linux_amd64.tar.gz + dest: /tmp + remote_src: yes + creates: /tmp/wstunnel + + - name: Move wstunnel binary to /usr/local/bin + ansible.builtin.copy: + src: /tmp/wstunnel + dest: /usr/local/bin/wstunnel + mode: '0755' + remote_src: yes + become: true + + - name: Clean up temporary wstunnel file + ansible.builtin.file: + path: /tmp/wstunnel + state: absent + +- name: Create wstunnel systemd service file + ansible.builtin.copy: + dest: /etc/systemd/system/wstunnel.service + content: | + [Unit] + Description=WSTunnel Server + After=network.target + + [Service] + Type=simple + User=nobody + ExecStart=/usr/local/bin/wstunnel -s 127.0.0.1:8080 -t udp://127.0.0.1:51820 + Restart=always + RestartSec=3 + + [Install] + WantedBy=multi-user.target + become: true + notify: Restart wstunnel + +- name: Ensure wstunnel service is started and enabled + ansible.builtin.systemd: + name: wstunnel + state: started + enabled: yes + daemon_reload: yes + become: true