diff options
| author | Trygve Laugstøl <trygvis@inamo.no> | 2019-03-21 12:24:54 +0100 |
|---|---|---|
| committer | Trygve Laugstøl <trygvis@inamo.no> | 2019-03-21 12:24:54 +0100 |
| commit | 8b8cb7f3972e8618294e0e9a2b7de500800441c0 (patch) | |
| tree | d6525d0ad218075dea2807ac213bb1098d22d0de | |
| parent | d3ed6ff83913dd7757f21a70915acd75f1df6140 (diff) | |
| download | infra-8b8cb7f3972e8618294e0e9a2b7de500800441c0.tar.gz infra-8b8cb7f3972e8618294e0e9a2b7de500800441c0.tar.bz2 infra-8b8cb7f3972e8618294e0e9a2b7de500800441c0.tar.xz infra-8b8cb7f3972e8618294e0e9a2b7de500800441c0.zip | |
o Adding wg-edipost.
| -rw-r--r-- | ansible/group_vars/all/wireguard_wg-edipost.yml | 12 | ||||
| -rw-r--r-- | ansible/inventory | 5 | ||||
| -rw-r--r-- | ansible/roles/wireguard/tasks/main.yml | 11 |
3 files changed, 26 insertions, 2 deletions
diff --git a/ansible/group_vars/all/wireguard_wg-edipost.yml b/ansible/group_vars/all/wireguard_wg-edipost.yml index 449f031..72e4977 100644 --- a/ansible/group_vars/all/wireguard_wg-edipost.yml +++ b/ansible/group_vars/all/wireguard_wg-edipost.yml @@ -1,7 +1,17 @@ wireguard-wg-edipost: if: wg-edipost ipv4_prefix: 24 + shared_routes: + - gateway: 192.168.200.136 + net: 192.168.100.0 + prefix: 24 + hosts: conflatorio: state: present - ipv4: 192.168.100.2 + ipv4: 192.168.200.138 + edipost-wg: + public_key: VWEMk20CI5RJohjnar4HicuaZbj3d1aoewvQNorWITs= + endpoint: 77.106.183.85 + listen_port: 51820 + peers: all diff --git a/ansible/inventory b/ansible/inventory index 1824e7f..1b47071 100644 --- a/ansible/inventory +++ b/ansible/inventory @@ -162,4 +162,9 @@ all: arius: conflatorio: + wireguard_edipost: + hosts: + arius: + conflatorio: + # vim: set filetype=yaml: diff --git a/ansible/roles/wireguard/tasks/main.yml b/ansible/roles/wireguard/tasks/main.yml index e555623..787c67c 100644 --- a/ansible/roles/wireguard/tasks/main.yml +++ b/ansible/roles/wireguard/tasks/main.yml @@ -51,6 +51,7 @@ - name: "Make {{ netdev_path }}" notify: systemctl restart systemd-networkd tags: wireguard-config + copy: dest: "{{ netdev_path }}" content: | @@ -71,7 +72,7 @@ # {{ hostname }} [WireGuardPeer] - PublicKey={{ lookup('file', hostname + '/etc/wireguard/public-{{ wg_net.if }}.key') }} + PublicKey={{ host.public_key if host.public_key is defined else lookup('file', hostname + '/etc/wireguard/public-{{ wg_net.if }}.key') }} {% if host.endpoint is defined %} AllowedIPs={{ "0.0.0.0/0" }} {% elif host.ipv4 is defined %} @@ -105,6 +106,14 @@ {% if wg_net.hosts[ansible_hostname].ipv6 is defined %} Address={{ wg_net.hosts[ansible_hostname].ipv6 }}/{{ wg_net.ipv6_prefix }} {% endif %} + {% if wg_net.shared_routes is defined %} + + {% for route in wg_net.shared_routes %} + [Route] + Gateway={{ route.gateway }} + Destination={{ route.net }}/{{ route.prefix }} + {% endfor %} + {% endif %} - name: UFW allow port when: wg_host.listen_port is defined |