From c72bba3be432c661788d93a8cb40defba213a226 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Romain=20Gon=C3=A7alves?= <me@rgoncalves.se>
Date: Sun, 12 Dec 2021 14:52:04 +0000
Subject: roles/wireguard: Daemon hang with shell module

Using the raw module is a workaround for having wg-quick working in
background.
---
 roles/wireguard/tasks/cron.yml    |  5 +++++
 roles/wireguard/tasks/main.yml    | 11 ++++++++---
 roles/wireguard/tasks/service.yml | 16 +++++++++-------
 3 files changed, 22 insertions(+), 10 deletions(-)
 create mode 100644 roles/wireguard/tasks/cron.yml

diff --git a/roles/wireguard/tasks/cron.yml b/roles/wireguard/tasks/cron.yml
new file mode 100644
index 0000000..482b34f
--- /dev/null
+++ b/roles/wireguard/tasks/cron.yml
@@ -0,0 +1,5 @@
+- name: add cronjob for keepalive
+  ansible.builtin.cron:
+    name: keepalive network traffic to domain controller
+    user: nobody
+    job: ping -c 1 {{ hostvars[wireguard_domain_controller].__ip.external }}
diff --git a/roles/wireguard/tasks/main.yml b/roles/wireguard/tasks/main.yml
index 9f1d01d..d1ff496 100644
--- a/roles/wireguard/tasks/main.yml
+++ b/roles/wireguard/tasks/main.yml
@@ -25,10 +25,15 @@
     name: wireguard-tools
     state: present
 
-- name: include service configuration for server
+- name: include service configuration for hosts
   include_tasks: service.yml
   when: inventory_hostname == wireguard_domain_controller
 
-- name: include service configuration for hosts
-  include_tasks: service.yml
+- name: include service configuration for server
+  include_tasks: "{{ task }}"
   when: inventory_hostname != wireguard_domain_controller
+  loop_control:
+    loop_var: task
+  loop:
+    - service.yml
+    - cron.yml
diff --git a/roles/wireguard/tasks/service.yml b/roles/wireguard/tasks/service.yml
index d1a1007..37f3cec 100644
--- a/roles/wireguard/tasks/service.yml
+++ b/roles/wireguard/tasks/service.yml
@@ -10,11 +10,13 @@
   when: ansible_distribution == "OpenBSD"
 
 - name: restart wireguard interface
-  command: wg-quick "{{ item }}" "{{ wireguard_domain_controller }}"
-  ignore_errors: true
-  loop:
-    - down
-    - up
-  loop_control:
-    pause: 5
+  raw: |
+    wg-quick down {{ wireguard_domain_controller }}
+    sleep {{ 10 | random(start=1) }}
+    wg-quick up {{ wireguard_domain_controller }}
   when: ansible_distribution == "OpenBSD"
+  register: result
+
+- name: show wireguard output
+  debug:
+    var: result
-- 
cgit v1.2.3