19.0.0

• POTENTIALLY BREAKING

  • treat empty wireguard_endpoint as "no endpoint" (no hostname fallback). New behavior: if a peer explicitly sets wireguard_endpoint: "", the template will not fall back to inventory_hostname for Endpoint = ... anymore. Instead it emits a comment no endpoint…. This is a behavior change, but it aligns with the documented contract in README: "setting wireguard_endpoint to an empty string means 'this peer has no endpoint'". Practically, it fixes a real bug: because wireguard_port is always defined via role defaults, the old logic almost always took the wireguard_port is defined branch and would generate Endpoint = <inventory_hostname>:51820 even when wireguard_endpoint: "". That contradicts README and breaks setups where inventory hostnames aren’t resolvable from peers. Who is affected? Only users who were (intentionally or accidentally) relying on the old incorrect behavior where wireguard_endpoint: "" still produced an endpoint via hostname fallback. Those users should instead omit wireguard_endpoint (to get hostname fallback) or set it to a real hostname/IP. Implemented in fix(template): prevent hostname fallback when wireguard_endpoint is empty (contribution by @madic-creates) and Netplan: treat empty wireguard_endpoint as - no endpoint - (no hostname fallback)

• MOLECULE

  • add Molecule scenario for wireguard_endpoint is set to empty #231

18.3.0

• OTHER

  • Fix for modern PVE installations (PR #226 - contribution by @pavlozt)
  • replace injected ansible_* facts usage with ansible_facts[...] (prepares for ansible-core 2.24 where INJECT_FACTS_AS_VARS default changes)

• FEATURE

  • optionally flush handlers at the end of the role via wireguard_flush_handlers (Issue #124)

• MOLECULE

  • replace Vagrant box alvistack/debian-13 -> cloud-image/debian-13
  • replace Vagrant box opensuse/Leap-15.6.x86_64 -> alvistack/opensuse-leap-15.6

18.2.0

• FEATURE
  • add a spoke mode for nodes that should only peer with the hub while keeping the default full-mesh behavior unchanged. See wireguard_as_spoke variable and Molecule spoke-hub example (PR #222 - contribution by @eyebrowkang).

18.1.0

• OTHER

  • fix issues when running with ansible-core >= 2.19.0 (Issue #219 / PR #220 - contribution by @jonathanplatzer)
  • replace ansible_managed variable with internal wireguard__ansible_managed variable. Reason: DEFAULT_MANAGED_STR option is deprecated in Ansible 2.19. The ansible_managed variable can be set just like any other variable, or a different variable can be used. At the end for now nothing changes for the user of this role as the output string Ansible managed will stay the same.

• MOLECULE

  • Molecule: update netplan scenario
  • Molecule: update single-server scenario

18.0.0

• BREAKING

  • removed support for CentOS 7 (reached end of life)
  • removed support for Ubuntu 20.04 (reached end of life)
  • removed support for Fedora 39/40 (reached end of life)
  • removed support for openSUSE Leap 15.5 (reached end of life)

• FEATURE

  • add support for Debian 13 (Trixie)
  • add support for Fedora 42

• OTHER

  • remove unneeded task for Ubuntu 19.10
  • defaults/main.yml: add noqa jinja[spacing] to ignore ansible-lint warning
  • replace ansible.builtin.yum with ansible.builtin.dnf
  • update .gitignore

17.1.0

• FIXES

  • add missing wg-config tag (Issue #211)
  • hide peers with empty endpoints (Issue #101 - contribution by @Miroka96)

• FEATURE

  • add support for Fedora 40
  • add Netplan support for Ubuntu (contribution by @kbcz1989)

• OTHER

  • update .yamllint
  • fix ansible-lint issues
  • update .gitignore

17.0.0

• BREAKING

  • removed support for openSUSE 15.4 (reached end of life)

• FEATURE

  • add support for Ubuntu 24.04
  • add support for openSUSE 15.6

• MOLECULE

  • remove outdated Proxmox code
  • replace Vagrant box rockylinux/9 with bento/rockylinux-9
  • use ansible.builtin.package for AlmaLinux
  • remove AlmaLinux 8, Rocky Linux 8 and CentOS 7 (outdated Python makes it hard to test with Ansible)

16.0.2

• OTHER
  • revert change in .github/workflows/release.yml

16.0.0

• BREAKING

  • removed support for Fedora 37/38 (reached end of life)

• FEATURE

  • add support for Fedora 39
  • introduce wireguard_conf_backup variable to keep track of configuration changes. Default to false. (contribution by @shk3bq4d)
  • introduce wireguard_install_kernel_module. Allows to skip loading the wireguard kernel module. Default to true (which was the previous behavior). (contribution by @gregorydlogan)

• Molecule

  • use different IP addresses
  • use generic Vagrant boxes for Rocky Linux
  • use alvistack Vagrant boxes for Ubuntu
  • use official Rocky Linux 9 Vagrant box
  • use official AlmaLinux Vagrant boxes
  • move memory and cpus parameter to Vagrant boxes

15.0.0

What's Changed

Breaking:

• removed support for Ubuntu 18.04 (reached end of life)
• removed support for Fedora 36 (reached end of life)

Feature:

• add support for Fedora 37
• add support for Fedora 38
• add support for openSUSE 15.5
• add support for Debian 12
• prefix host name comment with Name = for wg-info in WireGuard interface configuration (contribution by @tarag)

Molecule:

• rename kvm scenario to default
• rename kvm-single-server scenario to single-server
• upgrade OS and reboot in prepare before converge for Almalinux

Other:

• fix ansible-lint issues

15.0.0 by @githubixx in #197

New Contributors

• @donat-b made their first contribution in #188
• @tarag made their first contribution in #153

Full Changelog: 14.0.0...15.0.0