wireguard: Do not require both ipv4 and ipv6.

4 files changed, 27 insertions, 17 deletions

diff --git a/ansible/files/arius/etc/wireguard/public-wg0.key b/ansible/files/arius/etc/wireguard/public-wg0.key
new file mode 100644
index 0000000..5ec9b00
--- /dev/null
+++ b/ansible/files/arius/etc/wireguard/public-wg0.key
@@ -0,0 +1 @@
+im/vYsW00WC+RVYDurNxhF7K+11+YRl5qPL1WIbkr3g=
diff --git a/ansible/files/birgitte/etc/wireguard/public-wg0.key b/ansible/files/birgitte/etc/wireguard/public-wg0.key
new file mode 100644
index 0000000..d595dff
--- /dev/null
+++ b/ansible/files/birgitte/etc/wireguard/public-wg0.key
@@ -0,0 +1 @@
+r/eymAwM7HDSJkkWSY2Ec7A+F8AQ7tuL0drD/OI1LyM=
diff --git a/ansible/group_vars/all/wireguard_wg0.yml b/ansible/group_vars/all/wireguard_wg0.yml
index 4e8238b..c2b79fe 100644
--- a/ansible/group_vars/all/wireguard_wg0.yml
+++ b/ansible/group_vars/all/wireguard_wg0.yml
@@ -7,22 +7,19 @@ wireguard-wg0:
       endpoint: trygvis.io
       listen_port: 51821
       peers: all
-      ipv4: 192.168.60.1
       # Generated by https://www.ultratools.com/tools/rangeGenerator
-      ipv6: fdf3:aad9:a885:0b3b::1
-#    birgitte:
-#      state: present
-#      ipv4: 192.168.60.2
-#      ipv6: fdf3:aad9:a885:0b3b::2
+      ipv6: fdf3:aad9:a885:0b3a::1
+    birgitte:
+      state: present
+      ipv4: 192.168.60.2
+      ipv6: fdf3:aad9:a885:0b3a::2
     conflatorio:
       state: present
-      ipv4: 192.168.60.3
-      ipv6: fdf3:aad9:a885:0b3b::3
-#    arius:
-#      state: present
-#      ipv4: 192.168.60.6
-#      ipv6: fdf3:aad9:a885:0b3b::6
+      ipv6: fdf3:aad9:a885:0b3a::3
+    arius:
+      state: present
+      ipv6: fdf3:aad9:a885:0b3a::6
 #    akili:
 #      state: present
 #      ipv4: 192.168.60.7
-#      ipv6: fdf3:aad9:a885:0b3b::7
+#      ipv6: fdf3:aad9:a885:0b3a::7
diff --git a/ansible/roles/wireguard/tasks/main.yml b/ansible/roles/wireguard/tasks/main.yml
index 9c4cf24..e6167dc 100644
--- a/ansible/roles/wireguard/tasks/main.yml
+++ b/ansible/roles/wireguard/tasks/main.yml
@@ -1,5 +1,3 @@
-- debug: var=wireguard__state
-
 - tags:
     - wireguard
   become: yes
@@ -71,10 +69,19 @@
           {% set present = not (host.state is defined) or host.state == 'present' %}
           {% if present and (all_peers or host.endpoint is defined) %}
 
+          # {{ hostname }}
           [WireGuardPeer]
           PublicKey={{ lookup('file', hostname + '/etc/wireguard/public-{{ wg_net.if }}.key') }}
-          AllowedIPs={{ "0.0.0.0/0" if host.endpoint is defined else host.ipv4 }}
-          AllowedIPs={{ "::/0" if host.endpoint is defined else host.ipv6 }}
+          {% if host.endpoint is defined %}
+          AllowedIPs={{ "0.0.0.0/0" }}
+          {% elif host.ipv4 is defined %}
+          AllowedIPs={{ host.ipv4 }}
+          {% endif %}
+          {% if host.endpoint is defined %}
+          AllowedIPs={{ "::/0" }}
+          {% elif host.ipv6 is defined %}
+          AllowedIPs={{ host.ipv6 }}
+          {% endif %}
           {% if host.endpoint is defined %}
           Endpoint={{ host.endpoint }}:{{ host.listen_port }}
           {% endif %}
@@ -92,8 +99,12 @@
           Name={{ wg_net.if }}
 
           [Network]
+          {% if wg_net.hosts[ansible_hostname].ipv4 is defined %}
           Address={{ wg_net.hosts[ansible_hostname].ipv4 }}/{{ wg_net.ipv4_prefix }}
+          {% endif %}
+          {% if wg_net.hosts[ansible_hostname].ipv6 is defined %}
           Address={{ wg_net.hosts[ansible_hostname].ipv6 }}/{{ wg_net.ipv6_prefix }}
+          {% endif %}
 
     - name: UFW allow port
       when: wg_host.listen_port is defined