Enabling skip of wg kernel module based on task, or documented role v…

…ariable (#200)
githubixx · Apr 22, 2024 · a1bc781 · a1bc781
1 parent f281bcf
commit a1bc781
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -215,6 +215,12 @@ wireguard_interface_restart: false
 # Set to "false" if package cache should not be updated (only relevant if
 # the package manager in question supports this option)
 wireguard_update_cache: "true"
+
+# Normally the role installs and activates the wireguard kernel module where
+# appropriate.  In some cases we might not be able load kernel modules, like
+# unprivileged LXC guests.  If you set this to false you have to ensure
+# the wireguard module is available in the kernel!
+wireguard_install_kernel_module: true
 ```
 
 There are also a few Linux distribution specific settings:

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -74,6 +74,12 @@ wireguard_interface_restart: false
 # the package manager in question supports this option)
 wireguard_update_cache: "true"
 
+# Normally the role installs and activates the wireguard kernel module where
+# appropriate.  In some cases we might not be able load kernel modules, like
+# unprivileged LXC guests.  If you set this to false you have to ensure
+# the wireguard module is available in the kernel!
+wireguard_install_kernel_module: true
+
 #######################################
 # Settings only relevant for:
 # - Ubuntu

diff --git a/tasks/main.yml b/tasks/main.yml
@@ -31,7 +31,10 @@
   failed_when: wireguard__register_module_enabled is failure
   tags:
     - wg-install
-  when: not ansible_os_family == 'Darwin'
+    - wg-install-kernel-module
+  when:
+    - not ansible_os_family == 'Darwin'
+    - wireguard_install_kernel_module
 
 - name: Set default for WireGuard interface restart behavior
   ansible.builtin.set_fact: