aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTrygve Laugstøl <trygvis@inamo.no>2019-03-21 12:24:54 +0100
committerTrygve Laugstøl <trygvis@inamo.no>2019-03-21 12:24:54 +0100
commit8b8cb7f3972e8618294e0e9a2b7de500800441c0 (patch)
treed6525d0ad218075dea2807ac213bb1098d22d0de
parentd3ed6ff83913dd7757f21a70915acd75f1df6140 (diff)
downloadinfra-8b8cb7f3972e8618294e0e9a2b7de500800441c0.tar.gz
infra-8b8cb7f3972e8618294e0e9a2b7de500800441c0.tar.bz2
infra-8b8cb7f3972e8618294e0e9a2b7de500800441c0.tar.xz
infra-8b8cb7f3972e8618294e0e9a2b7de500800441c0.zip
o Adding wg-edipost.
-rw-r--r--ansible/group_vars/all/wireguard_wg-edipost.yml12
-rw-r--r--ansible/inventory5
-rw-r--r--ansible/roles/wireguard/tasks/main.yml11
3 files changed, 26 insertions, 2 deletions
diff --git a/ansible/group_vars/all/wireguard_wg-edipost.yml b/ansible/group_vars/all/wireguard_wg-edipost.yml
index 449f031..72e4977 100644
--- a/ansible/group_vars/all/wireguard_wg-edipost.yml
+++ b/ansible/group_vars/all/wireguard_wg-edipost.yml
@@ -1,7 +1,17 @@
wireguard-wg-edipost:
if: wg-edipost
ipv4_prefix: 24
+ shared_routes:
+ - gateway: 192.168.200.136
+ net: 192.168.100.0
+ prefix: 24
+
hosts:
conflatorio:
state: present
- ipv4: 192.168.100.2
+ ipv4: 192.168.200.138
+ edipost-wg:
+ public_key: VWEMk20CI5RJohjnar4HicuaZbj3d1aoewvQNorWITs=
+ endpoint: 77.106.183.85
+ listen_port: 51820
+ peers: all
diff --git a/ansible/inventory b/ansible/inventory
index 1824e7f..1b47071 100644
--- a/ansible/inventory
+++ b/ansible/inventory
@@ -162,4 +162,9 @@ all:
arius:
conflatorio:
+ wireguard_edipost:
+ hosts:
+ arius:
+ conflatorio:
+
# vim: set filetype=yaml:
diff --git a/ansible/roles/wireguard/tasks/main.yml b/ansible/roles/wireguard/tasks/main.yml
index e555623..787c67c 100644
--- a/ansible/roles/wireguard/tasks/main.yml
+++ b/ansible/roles/wireguard/tasks/main.yml
@@ -51,6 +51,7 @@
- name: "Make {{ netdev_path }}"
notify: systemctl restart systemd-networkd
tags: wireguard-config
+
copy:
dest: "{{ netdev_path }}"
content: |
@@ -71,7 +72,7 @@
# {{ hostname }}
[WireGuardPeer]
- PublicKey={{ lookup('file', hostname + '/etc/wireguard/public-{{ wg_net.if }}.key') }}
+ PublicKey={{ host.public_key if host.public_key is defined else lookup('file', hostname + '/etc/wireguard/public-{{ wg_net.if }}.key') }}
{% if host.endpoint is defined %}
AllowedIPs={{ "0.0.0.0/0" }}
{% elif host.ipv4 is defined %}
@@ -105,6 +106,14 @@
{% if wg_net.hosts[ansible_hostname].ipv6 is defined %}
Address={{ wg_net.hosts[ansible_hostname].ipv6 }}/{{ wg_net.ipv6_prefix }}
{% endif %}
+ {% if wg_net.shared_routes is defined %}
+
+ {% for route in wg_net.shared_routes %}
+ [Route]
+ Gateway={{ route.gateway }}
+ Destination={{ route.net }}/{{ route.prefix }}
+ {% endfor %}
+ {% endif %}
- name: UFW allow port
when: wg_host.listen_port is defined