roles/wireguard: Daemon hang with shell module

Using the raw module is a workaround for having wg-quick working in
background.

3 files changed, 22 insertions, 10 deletions

diff --git a/roles/wireguard/tasks/cron.yml b/roles/wireguard/tasks/cron.yml
new file mode 100644
index 0000000..482b34f
--- /dev/null
+++ b/roles/wireguard/tasks/cron.yml
@@ -0,0 +1,5 @@
+- name: add cronjob for keepalive
+  ansible.builtin.cron:
+    name: keepalive network traffic to domain controller
+    user: nobody
+    job: ping -c 1 {{ hostvars[wireguard_domain_controller].__ip.external }}
diff --git a/roles/wireguard/tasks/main.yml b/roles/wireguard/tasks/main.yml
index 9f1d01d..d1ff496 100644
--- a/roles/wireguard/tasks/main.yml
+++ b/roles/wireguard/tasks/main.yml
@@ -25,10 +25,15 @@
     name: wireguard-tools
     state: present
 
-- name: include service configuration for server
+- name: include service configuration for hosts
   include_tasks: service.yml
   when: inventory_hostname == wireguard_domain_controller
 
-- name: include service configuration for hosts
-  include_tasks: service.yml
+- name: include service configuration for server
+  include_tasks: "{{ task }}"
   when: inventory_hostname != wireguard_domain_controller
+  loop_control:
+    loop_var: task
+  loop:
+    - service.yml
+    - cron.yml
diff --git a/roles/wireguard/tasks/service.yml b/roles/wireguard/tasks/service.yml
index d1a1007..37f3cec 100644
--- a/roles/wireguard/tasks/service.yml
+++ b/roles/wireguard/tasks/service.yml
@@ -10,11 +10,13 @@
   when: ansible_distribution == "OpenBSD"
 
 - name: restart wireguard interface
-  command: wg-quick "{{ item }}" "{{ wireguard_domain_controller }}"
-  ignore_errors: true
-  loop:
-    - down
-    - up
-  loop_control:
-    pause: 5
+  raw: |
+    wg-quick down {{ wireguard_domain_controller }}
+    sleep {{ 10 | random(start=1) }}
+    wg-quick up {{ wireguard_domain_controller }}
   when: ansible_distribution == "OpenBSD"
+  register: result
+
+- name: show wireguard output
+  debug:
+    var: result