aboutsummaryrefslogtreecommitdiff
path: root/ansible/roles/wireguard
diff options
context:
space:
mode:
authorTrygve Laugstøl <trygvis@inamo.no>2019-01-07 19:25:34 +0100
committerTrygve Laugstøl <trygvis@inamo.no>2019-01-07 19:25:34 +0100
commit06928fc1edfbf63a0496843ff4c0c16011cd1444 (patch)
tree9e68e0e9adaa8c9d92b6716eb234f71a1aff6da4 /ansible/roles/wireguard
parentee411778da0ff99808a8ee257c718dcb24739a7f (diff)
downloadinfra-06928fc1edfbf63a0496843ff4c0c16011cd1444.tar.gz
infra-06928fc1edfbf63a0496843ff4c0c16011cd1444.tar.bz2
infra-06928fc1edfbf63a0496843ff4c0c16011cd1444.tar.xz
infra-06928fc1edfbf63a0496843ff4c0c16011cd1444.zip
wireguard: Do not require both ipv4 and ipv6.
Diffstat (limited to 'ansible/roles/wireguard')
-rw-r--r--ansible/roles/wireguard/tasks/main.yml19
1 files changed, 15 insertions, 4 deletions
diff --git a/ansible/roles/wireguard/tasks/main.yml b/ansible/roles/wireguard/tasks/main.yml
index 9c4cf24..e6167dc 100644
--- a/ansible/roles/wireguard/tasks/main.yml
+++ b/ansible/roles/wireguard/tasks/main.yml
@@ -1,5 +1,3 @@
-- debug: var=wireguard__state
-
- tags:
- wireguard
become: yes
@@ -71,10 +69,19 @@
{% set present = not (host.state is defined) or host.state == 'present' %}
{% if present and (all_peers or host.endpoint is defined) %}
+ # {{ hostname }}
[WireGuardPeer]
PublicKey={{ lookup('file', hostname + '/etc/wireguard/public-{{ wg_net.if }}.key') }}
- AllowedIPs={{ "0.0.0.0/0" if host.endpoint is defined else host.ipv4 }}
- AllowedIPs={{ "::/0" if host.endpoint is defined else host.ipv6 }}
+ {% if host.endpoint is defined %}
+ AllowedIPs={{ "0.0.0.0/0" }}
+ {% elif host.ipv4 is defined %}
+ AllowedIPs={{ host.ipv4 }}
+ {% endif %}
+ {% if host.endpoint is defined %}
+ AllowedIPs={{ "::/0" }}
+ {% elif host.ipv6 is defined %}
+ AllowedIPs={{ host.ipv6 }}
+ {% endif %}
{% if host.endpoint is defined %}
Endpoint={{ host.endpoint }}:{{ host.listen_port }}
{% endif %}
@@ -92,8 +99,12 @@
Name={{ wg_net.if }}
[Network]
+ {% if wg_net.hosts[ansible_hostname].ipv4 is defined %}
Address={{ wg_net.hosts[ansible_hostname].ipv4 }}/{{ wg_net.ipv4_prefix }}
+ {% endif %}
+ {% if wg_net.hosts[ansible_hostname].ipv6 is defined %}
Address={{ wg_net.hosts[ansible_hostname].ipv6 }}/{{ wg_net.ipv6_prefix }}
+ {% endif %}
- name: UFW allow port
when: wg_host.listen_port is defined