|
|
|
|
@ -40,52 +40,59 @@ PostDown = {{ wg_postdown }}
|
|
|
|
|
SaveConfig = true
|
|
|
|
|
{% endif %}
|
|
|
|
|
{% for host in ansible_play_hosts %}
|
|
|
|
|
{% if host != inventory_hostname %}
|
|
|
|
|
{% if host != inventory_hostname %}
|
|
|
|
|
|
|
|
|
|
[Peer]
|
|
|
|
|
# {{ host }}
|
|
|
|
|
PublicKey = {{hostvars[host].public_key}}
|
|
|
|
|
{% if hostvars[host].wireguard_allowed_ips is defined %}
|
|
|
|
|
AllowedIPs = {{hostvars[host].wireguard_allowed_ips}}
|
|
|
|
|
{% else %}
|
|
|
|
|
AllowedIPs = {{hostvars[host].wireguard_ip}}/32
|
|
|
|
|
{% endif %}
|
|
|
|
|
{% if hostvars[host].wireguard_persistent_keepalive is defined %}
|
|
|
|
|
PersistentKeepalive = {{hostvars[host].wireguard_persistent_keepalive}}
|
|
|
|
|
{% endif %}
|
|
|
|
|
{% if hostvars[host].wireguard_port is defined and hostvars[host].wireguard_port is number %}
|
|
|
|
|
{% if hostvars[host].wireguard_endpoint is defined and hostvars[host].wireguard_endpoint != "" %}
|
|
|
|
|
Endpoint = {{hostvars[host].wireguard_endpoint}}:{{hostvars[host].wireguard_port}}
|
|
|
|
|
{% else %}
|
|
|
|
|
Endpoint = {{host}}:{{hostvars[host].wireguard_port}}
|
|
|
|
|
{% endif %}
|
|
|
|
|
{% elif hostvars[host].wireguard_endpoint is defined and hostvars[host].wireguard_endpoint != "" %}
|
|
|
|
|
Endpoint = {{hostvars[host].wireguard_endpoint}}:{{wireguard_port}}
|
|
|
|
|
{% elif hostvars[host].wireguard_endpoint == "" %}
|
|
|
|
|
# No endpoint defined for this peer
|
|
|
|
|
{% else %}
|
|
|
|
|
Endpoint = {{host}}:{{wireguard_port}}
|
|
|
|
|
{% endif %}
|
|
|
|
|
{% endif %}
|
|
|
|
|
[Peer]
|
|
|
|
|
# {{ host }}
|
|
|
|
|
PublicKey = {{hostvars[host].public_key}}
|
|
|
|
|
{% if hostvars[host].wireguard_allowed_ips is defined %}
|
|
|
|
|
AllowedIPs = {{hostvars[host].wireguard_allowed_ips}}
|
|
|
|
|
{% else %}
|
|
|
|
|
AllowedIPs = {{hostvars[host].wireguard_ip}}/32
|
|
|
|
|
{% endif %}
|
|
|
|
|
{% if hostvars[host].wireguard_persistent_keepalive is defined %}
|
|
|
|
|
PersistentKeepalive = {{hostvars[host].wireguard_persistent_keepalive}}
|
|
|
|
|
{% endif %}
|
|
|
|
|
{% if (
|
|
|
|
|
hostvars[host].wireguard_dc is defined and
|
|
|
|
|
hostvars[inventory_hostname].wireguard_dc is defined and
|
|
|
|
|
hostvars[inventory_hostname].wireguard_dc['name'] != hostvars[host].wireguard_dc['name']
|
|
|
|
|
)
|
|
|
|
|
%}
|
|
|
|
|
Endpoint = {{hostvars[host].wireguard_dc['endpoint']}}:{{hostvars[host].wireguard_dc['port']}}
|
|
|
|
|
{% elif hostvars[host].wireguard_port is defined and hostvars[host].wireguard_port is number %}
|
|
|
|
|
{% if hostvars[host].wireguard_endpoint is defined and hostvars[host].wireguard_endpoint != "" %}
|
|
|
|
|
Endpoint = {{hostvars[host].wireguard_endpoint}}:{{hostvars[host].wireguard_port}}
|
|
|
|
|
{% else %}
|
|
|
|
|
Endpoint = {{host}}:{{hostvars[host].wireguard_port}}
|
|
|
|
|
{% endif %}
|
|
|
|
|
{% elif hostvars[host].wireguard_endpoint is defined and hostvars[host].wireguard_endpoint != "" %}
|
|
|
|
|
Endpoint = {{hostvars[host].wireguard_endpoint}}:{{wireguard_port}}
|
|
|
|
|
{% elif hostvars[host].wireguard_endpoint == "" %}
|
|
|
|
|
# No endpoint defined for this peer
|
|
|
|
|
{% else %}
|
|
|
|
|
Endpoint = {{host}}:{{wireguard_port}}
|
|
|
|
|
{% endif %}
|
|
|
|
|
{% endif %}
|
|
|
|
|
{% endfor %}
|
|
|
|
|
{% if wireguard_unmanaged_peers is defined %}
|
|
|
|
|
|
|
|
|
|
# Peers not managed by ansible from wireguard_unmanaged_peers
|
|
|
|
|
{% for peer in wireguard_unmanaged_peers.keys() %}
|
|
|
|
|
[Peer]
|
|
|
|
|
# {{ peer }}
|
|
|
|
|
PublicKey = {{ wireguard_unmanaged_peers[peer].public_key }}
|
|
|
|
|
{% if wireguard_unmanaged_peers[peer].preshared_key is defined %}
|
|
|
|
|
PresharedKey = {{ wireguard_unmanaged_peers[peer].preshared_key }}
|
|
|
|
|
{% endif %}
|
|
|
|
|
{% if wireguard_unmanaged_peers[peer].allowed_ips is defined %}
|
|
|
|
|
AllowedIPs = {{ wireguard_unmanaged_peers[peer].allowed_ips }}
|
|
|
|
|
{% endif %}
|
|
|
|
|
{% if wireguard_unmanaged_peers[peer].endpoint is defined %}
|
|
|
|
|
Endpoint = {{ wireguard_unmanaged_peers[peer].endpoint }}
|
|
|
|
|
{% endif %}
|
|
|
|
|
{% if wireguard_unmanaged_peers[peer].persistent_keepalive is defined %}
|
|
|
|
|
PersistentKeepalive = {{ wireguard_unmanaged_peers[peer].persistent_keepalive }}
|
|
|
|
|
{% endif %}
|
|
|
|
|
{% endfor %}
|
|
|
|
|
# Peers not managed by Ansible from "wireguard_unmanaged_peers" variable
|
|
|
|
|
{% for peer in wireguard_unmanaged_peers.keys() %}
|
|
|
|
|
[Peer]
|
|
|
|
|
# {{ peer }}
|
|
|
|
|
PublicKey = {{ wireguard_unmanaged_peers[peer].public_key }}
|
|
|
|
|
{% if wireguard_unmanaged_peers[peer].preshared_key is defined %}
|
|
|
|
|
PresharedKey = {{ wireguard_unmanaged_peers[peer].preshared_key }}
|
|
|
|
|
{% endif %}
|
|
|
|
|
{% if wireguard_unmanaged_peers[peer].allowed_ips is defined %}
|
|
|
|
|
AllowedIPs = {{ wireguard_unmanaged_peers[peer].allowed_ips }}
|
|
|
|
|
{% endif %}
|
|
|
|
|
{% if wireguard_unmanaged_peers[peer].endpoint is defined %}
|
|
|
|
|
Endpoint = {{ wireguard_unmanaged_peers[peer].endpoint }}
|
|
|
|
|
{% endif %}
|
|
|
|
|
{% if wireguard_unmanaged_peers[peer].persistent_keepalive is defined %}
|
|
|
|
|
PersistentKeepalive = {{ wireguard_unmanaged_peers[peer].persistent_keepalive }}
|
|
|
|
|
{% endif %}
|
|
|
|
|
{% endfor %}
|
|
|
|
|
{% endif %}
|
|
|
|
|
|
Robert Wimmer
4 years ago
committed by