diff --git a/roles/wireguard/tasks/main.yml b/roles/wireguard/tasks/main.yml
index 4e38762..7e1fbc1 100644
--- a/roles/wireguard/tasks/main.yml
+++ b/roles/wireguard/tasks/main.yml
@@ -8,7 +8,8 @@
- "{{ wireguard_pki_path }}/preshared"
- "{{ wireguard_pki_path }}/private"
- "{{ wireguard_pki_path }}/public"
- - "{{ wireguard_config_path }}"
+ - "{{ wireguard_config_path }}/apple/ios"
+ - "{{ wireguard_config_path }}/apple/macos"
delegate_to: localhost
become: false
@@ -51,6 +52,13 @@
vars:
index: "{{ item.0 }}"
+ - include_tasks: mobileconfig.yml
+ loop:
+ - ios
+ - macos
+ loop_control:
+ loop_var: system
+
- name: Generate QR codes
shell: >
umask 077;
diff --git a/roles/wireguard/tasks/mobileconfig.yml b/roles/wireguard/tasks/mobileconfig.yml
new file mode 100644
index 0000000..0e192b4
--- /dev/null
+++ b/roles/wireguard/tasks/mobileconfig.yml
@@ -0,0 +1,10 @@
+---
+- name: WireGuard apple mobileconfig generated
+ template:
+ src: mobileconfig.j2
+ dest: "{{ wireguard_config_path }}/apple/{{ system }}/{{ item.1 }}.mobileconfig"
+ mode: "0600"
+ with_indexed_items: "{{ wireguard_users }}"
+ when: item.1 in users
+ vars:
+ index: "{{ item.0 }}"
diff --git a/roles/wireguard/templates/mobileconfig.j2 b/roles/wireguard/templates/mobileconfig.j2
new file mode 100644
index 0000000..6c3f33e
--- /dev/null
+++ b/roles/wireguard/templates/mobileconfig.j2
@@ -0,0 +1,25 @@
+#jinja2:lstrip_blocks: True
+
+
+
+
+ PayloadContent
+
+ {% include 'vpn-dict.j2' %}
+
+ PayloadDisplayName
+ AlgoVPN {{ algo_server_name }} WireGuard
+ PayloadIdentifier
+ donut.local.{{ 500000 | random | to_uuid | upper }}
+ PayloadOrganization
+ AlgoVPN
+ PayloadRemovalDisallowed
+
+ PayloadType
+ Configuration
+ PayloadUUID
+ {{ 400000 | random | to_uuid | upper }}
+ PayloadVersion
+ 1
+
+
diff --git a/roles/wireguard/templates/vpn-dict.j2 b/roles/wireguard/templates/vpn-dict.j2
new file mode 100644
index 0000000..6444df9
--- /dev/null
+++ b/roles/wireguard/templates/vpn-dict.j2
@@ -0,0 +1,94 @@
+
+ IPv4
+
+ OverridePrimary
+ 1
+
+ PayloadDescription
+ Configures VPN settings
+ PayloadDisplayName
+ {{ algo_server_name }}
+ PayloadIdentifier
+ com.apple.vpn.managed.{{ algo_server_name + system | to_uuid | upper }}
+ PayloadType
+ com.apple.vpn.managed
+ PayloadUUID
+ {{ algo_server_name + system | to_uuid | upper }}
+ PayloadVersion
+ 1
+ Proxies
+
+ HTTPEnable
+ 0
+ HTTPSEnable
+ 0
+
+ UserDefinedName
+ AlgoVPN {{ algo_server_name }}
+ VPN
+
+ OnDemandEnabled
+ {{ 1 if algo_ondemand_wifi or algo_ondemand_cellular else 0 }}
+ OnDemandRules
+
+ {% if algo_ondemand_wifi or algo_ondemand_cellular %}
+ {% if algo_ondemand_wifi_exclude|b64decode != '_null' %}
+ {% set WIFI_EXCLUDE_LIST = (algo_ondemand_wifi_exclude|b64decode|string).split(',') %}
+
+ Action
+ Disconnect
+ InterfaceTypeMatch
+ WiFi
+ SSIDMatch
+
+ {% for network_name in WIFI_EXCLUDE_LIST %}
+ {{ network_name|e }}
+ {% endfor %}
+
+
+ {% endif %}
+
+ Action
+ {% if algo_ondemand_wifi %}
+ Connect
+ {% else %}
+ Disconnect
+ {% endif %}
+ InterfaceTypeMatch
+ WiFi
+ URLStringProbe
+ http://captive.apple.com/hotspot-detect.html
+
+
+ Action
+ {% if algo_ondemand_cellular %}
+ Connect
+ {% else %}
+ Disconnect
+ {% endif %}
+ InterfaceTypeMatch
+ Cellular
+ URLStringProbe
+ http://captive.apple.com/hotspot-detect.html
+
+ {% endif %}
+
+ Action
+ {{ 'Disconnect' if algo_ondemand_wifi or algo_ondemand_cellular else 'Connect' }}
+
+
+ AuthenticationMethod
+ Password
+ RemoteAddress
+ {{ IP_subject_alt_name }}:{{ wireguard_port }}
+
+ VPNSubType
+ com.wireguard.{{ system }}
+ VPNType
+ VPN
+ VendorConfig
+
+ WgQuickConfig
+ {{- lookup('template', 'client.conf.j2') | indent(8) }}
+
+