Add interface options (#30)

* add missing options for WG interface definition

* fix typo

* add host comments to WG config file

* remove IP forwarding again

* fix README
unmanaged-hosts
Robert Wimmer 5 years ago committed by GitHub
parent a357e5fab1
commit 7fcc0b22a0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -27,7 +27,7 @@ see [CHANGELOG.md](https://github.com/githubixx/ansible-role-wireguard/blob/mast
Role Variables Role Variables
-------------- --------------
Those variables can be changed in `group_vars/`: These variables can be changed in `group_vars/`:
``` ```
# Directory to store WireGuard configuration on the remote hosts # Directory to store WireGuard configuration on the remote hosts
@ -76,13 +76,18 @@ Endpoint = controller01.p.domain.tld:51820
Now this is basically the same as above BUT now the config says: I want to route EVERY traffic originating from my workstation to the endpoint `controller01.p.domain.tld:51820`. If that endpoint can handle the traffic is of course another thing and it's up to you how you configure the endpoint routing ;-) Now this is basically the same as above BUT now the config says: I want to route EVERY traffic originating from my workstation to the endpoint `controller01.p.domain.tld:51820`. If that endpoint can handle the traffic is of course another thing and it's up to you how you configure the endpoint routing ;-)
You can specify further optional settings (they don't have a default and won't be set if not specified besides `wireguard_allowed_ips` as already mentioned) also per host in `host_vars/` (or in your Ansible hosts file if you like): You can specify further optional settings (they don't have a default and won't be set if not specified besides `wireguard_allowed_ips` as already mentioned) also per host in `host_vars/` (or in your Ansible hosts file if you like). The values for the following variables are just examples and no defaults (for more information and examples see [wg-quick.8](https://git.zx2c4.com/WireGuard/about/src/tools/man/wg-quick.8)):
``` ```
wireguard_allowed_ips: "" wireguard_allowed_ips: ""
wireguard_endpoint: "host1.domain.tld" wireguard_endpoint: "host1.domain.tld"
wireguard_persistent_keepalive: "30" wireguard_persistent_keepalive: "30"
wireguard_dns: "1.1.1.1" wireguard_dns: "1.1.1.1"
wireguard_fwmark: "1234"
wireguard_mtu: "1492"
wireguard_table: "5000"
wireguard_preup: "..."
wireguard_predown: "..."
wireguard_postup: "..." wireguard_postup: "..."
wireguard_postdown: "..." wireguard_postdown: "..."
wireguard_save_config: "true" wireguard_save_config: "true"
@ -259,6 +264,7 @@ vpn1:
wireguard_endpoint: nated.exemple.com wireguard_endpoint: nated.exemple.com
wireguard_postup: "iptables -t nat -A POSTROUTING -o ens12 -j MASQUERADE" wireguard_postup: "iptables -t nat -A POSTROUTING -o ens12 -j MASQUERADE"
wireguard_postdown: "iptables -t nat -D POSTROUTING -o ens12 -j MASQUERADE" wireguard_postdown: "iptables -t nat -D POSTROUTING -o ens12 -j MASQUERADE"
vpn2: vpn2:
hosts: hosts:
multi-wg1: # use a different name, and define ansible_host, to avoid mixing of vars without needing to prefix vars with interface name multi-wg1: # use a different name, and define ansible_host, to avoid mixing of vars without needing to prefix vars with interface name

@ -1,11 +1,27 @@
#jinja2: lstrip_blocks:"True",trim_blocks:"True" #jinja2: lstrip_blocks:"True",trim_blocks:"True"
[Interface] [Interface]
# {{ inventory_hostname }}
Address = {{hostvars[inventory_hostname].wireguard_address}} Address = {{hostvars[inventory_hostname].wireguard_address}}
PrivateKey = {{private_key}} PrivateKey = {{private_key}}
ListenPort = {{wireguard_port}} ListenPort = {{wireguard_port}}
{% if hostvars[inventory_hostname].wireguard_dns is defined %} {% if hostvars[inventory_hostname].wireguard_dns is defined %}
DNS = {{hostvars[inventory_hostname].wireguard_dns}} DNS = {{hostvars[inventory_hostname].wireguard_dns}}
{% endif %} {% endif %}
{% if hostvars[inventory_hostname].wireguard_fwmark is defined %}
FwMark = {{hostvars[inventory_hostname].wireguard_fwmark}}
{% endif %}
{% if hostvars[inventory_hostname].wireguard_mtu is defined %}
MTU = {{hostvars[inventory_hostname].wireguard_mtu}}
{% endif %}
{% if hostvars[inventory_hostname].wireguard_table is defined %}
Table = {{hostvars[inventory_hostname].wireguard_table}}
{% endif %}
{% if hostvars[inventory_hostname].wireguard_preup is defined %}
PreUp = {{hostvars[inventory_hostname].wireguard_preup}}
{% endif %}
{% if hostvars[inventory_hostname].wireguard_predown is defined %}
PreDown = {{hostvars[inventory_hostname].wireguard_predown}}
{% endif %}
{% if hostvars[inventory_hostname].wireguard_postup is defined %} {% if hostvars[inventory_hostname].wireguard_postup is defined %}
PostUp = {{hostvars[inventory_hostname].wireguard_postup}} PostUp = {{hostvars[inventory_hostname].wireguard_postup}}
{% endif %} {% endif %}
@ -19,6 +35,7 @@ SaveConfig = true
{% if host != inventory_hostname %} {% if host != inventory_hostname %}
[Peer] [Peer]
# {{ host }}
PublicKey = {{hostvars[host].public_key}} PublicKey = {{hostvars[host].public_key}}
{% if hostvars[host].wireguard_allowed_ips is defined %} {% if hostvars[host].wireguard_allowed_ips is defined %}
AllowedIPs = {{hostvars[host].wireguard_allowed_ips}} AllowedIPs = {{hostvars[host].wireguard_allowed_ips}}
@ -37,7 +54,7 @@ SaveConfig = true
{% elif hostvars[host].wireguard_endpoint is defined and hostvars[host].wireguard_endpoint != "" %} {% elif hostvars[host].wireguard_endpoint is defined and hostvars[host].wireguard_endpoint != "" %}
Endpoint = {{hostvars[host].wireguard_endpoint}}:{{wireguard_port}} Endpoint = {{hostvars[host].wireguard_endpoint}}:{{wireguard_port}}
{% elif hostvars[host].wireguard_endpoint == "" %} {% elif hostvars[host].wireguard_endpoint == "" %}
# No endpoint defined # No endpoint defined for this peer
{% else %} {% else %}
Endpoint = {{host}}:{{wireguard_port}} Endpoint = {{host}}:{{wireguard_port}}
{% endif %} {% endif %}

Loading…
Cancel
Save