kpfleming.systemd_networkd.wireguard role – Manages systemd-networkd WireGuard tunnel virtual network devices.

Note

This role is part of the kpfleming.systemd_networkd collection (version 24.1.1).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it use: ansible-galaxy collection install kpfleming.systemd_networkd.

To use it in a playbook, specify: kpfleming.systemd_networkd.wireguard.

Entry point main – Manages systemd-networkd WireGuard tunnel virtual network devices.

Synopsis

• This role will create (or update) three items in /etc/systemd/network for each specified tunnel: 1) A drop-in directory for the underlying network 2) A .netdev file for the tunnel device 3) A .conf file in the drop-in directory connecting the tunnel device to the underlying network

• Detailed descriptions of parameters and their behavior can be found in ‘man systemd.netdev’.

• Sets fact named ‘systemd_networkd_wireguard_changed’ to either true or false to indicate whether any changes were made.

Parameters

Parameter	Comments
suppress_reload boolean	Suppress the reloading of systemd-networkd if changes are made. Choices: false ← (default) true
suppress_restart boolean	Suppress the restarting of systemd-networkd if changes are made to the netdev configuration. Choices: false ← (default) true
systemd_root string	Root path of filesystem containing systemd-networkd configuration files. Default: ""
wireguards list / elements=dictionary / required	Attributes of the interfaces to be managed.
firewall_mark integer	Mark to be set on outgoing packets from this interface.
listen_port integer	UDP Port to listen for incoming traffic. If not specified, a port will be chosen based on the interface name.
match dictionary	Matching attributes of the network device.
system dictionary	System-specific attributes to be matched.
architecture string	Match system architecture.
credential string	Match service credential.
firmware string	Match system firmware.
host string	Match hostname or machine ID.
kernel_command_line string	Match kernel command line option presence.
kernel_version string	Match kernel version expression.
virtualization string	Match virtualization type.
name string / required	Name of the network device.
netdev dictionary	Attributes of the tunnel network device.
mac_address string	MAC address to use on the device.
mtu_bytes string	The MTU for the tunnel.
peers list / elements=dictionary / required	Attributes of the peers for the tunnel.
allowed_ips list / elements=string / required	Addresses, with optional netmasks, which the peer is allowed to use for sending traffic, and for which traffic will be sent to the peer.
endpoint string	Initial address and port to be used for traffic to this peer.
name string	Name of the peer (will only be used as a comment in the configuration file).
persistent_keepalive integer	Interval, in seconds, to send empty-but-authenticated packets to this peer.
preshared_key string	Base64-encoded preshared key with the peer.
preshared_key_file path	Path to file containing a base64-encoded preshared key with the peer.
public_key string / required	Base64-encoded public key of the peer.
route_metric integer	Metric value for routes added when route_table is specified. Overrides the setting from the tunnel, if specified.
route_table string	Route table name (from networkd.conf), number, or predefined name (“default”, “main”, or “local”). Overrides the setting from the tunnel, if specified.
private_key string	Base64-encoded private key.
private_key_file path	Path to file containing a base64-encoded private key.
route_metric integer	Metric value for routes added when route_table is specified.
route_table string	Route table name (from networkd.conf), number, or predefined name (“default”, “main”, or “local”).
underlying_name string	The underlying network.

Collection links

• Issue Tracker
• Repository (Sources)