wireguard: Do not require both ipv4 and ipv6.

1 files changed, 15 insertions, 4 deletions

diff --git a/ansible/roles/wireguard/tasks/main.yml b/ansible/roles/wireguard/tasks/main.yml
index 9c4cf24..e6167dc 100644
--- a/ansible/roles/wireguard/tasks/main.yml
+++ b/ansible/roles/wireguard/tasks/main.yml
@@ -1,5 +1,3 @@
-- debug: var=wireguard__state
-
 - tags:
     - wireguard
   become: yes
@@ -71,10 +69,19 @@
           {% set present = not (host.state is defined) or host.state == 'present' %}
           {% if present and (all_peers or host.endpoint is defined) %}
 
+          # {{ hostname }}
           [WireGuardPeer]
           PublicKey={{ lookup('file', hostname + '/etc/wireguard/public-{{ wg_net.if }}.key') }}
-          AllowedIPs={{ "0.0.0.0/0" if host.endpoint is defined else host.ipv4 }}
-          AllowedIPs={{ "::/0" if host.endpoint is defined else host.ipv6 }}
+          {% if host.endpoint is defined %}
+          AllowedIPs={{ "0.0.0.0/0" }}
+          {% elif host.ipv4 is defined %}
+          AllowedIPs={{ host.ipv4 }}
+          {% endif %}
+          {% if host.endpoint is defined %}
+          AllowedIPs={{ "::/0" }}
+          {% elif host.ipv6 is defined %}
+          AllowedIPs={{ host.ipv6 }}
+          {% endif %}
           {% if host.endpoint is defined %}
           Endpoint={{ host.endpoint }}:{{ host.listen_port }}
           {% endif %}
@@ -92,8 +99,12 @@
           Name={{ wg_net.if }}
 
           [Network]
+          {% if wg_net.hosts[ansible_hostname].ipv4 is defined %}
           Address={{ wg_net.hosts[ansible_hostname].ipv4 }}/{{ wg_net.ipv4_prefix }}
+          {% endif %}
+          {% if wg_net.hosts[ansible_hostname].ipv6 is defined %}
           Address={{ wg_net.hosts[ansible_hostname].ipv6 }}/{{ wg_net.ipv6_prefix }}
+          {% endif %}
 
     - name: UFW allow port
       when: wg_host.listen_port is defined