diff options
| author | Trygve Laugstøl <trygvis@inamo.no> | 2019-03-21 12:24:54 +0100 |
|---|---|---|
| committer | Trygve Laugstøl <trygvis@inamo.no> | 2019-03-21 12:24:54 +0100 |
| commit | 8b8cb7f3972e8618294e0e9a2b7de500800441c0 (patch) | |
| tree | d6525d0ad218075dea2807ac213bb1098d22d0de /ansible/roles | |
| parent | d3ed6ff83913dd7757f21a70915acd75f1df6140 (diff) | |
| download | infra-8b8cb7f3972e8618294e0e9a2b7de500800441c0.tar.gz infra-8b8cb7f3972e8618294e0e9a2b7de500800441c0.tar.bz2 infra-8b8cb7f3972e8618294e0e9a2b7de500800441c0.tar.xz infra-8b8cb7f3972e8618294e0e9a2b7de500800441c0.zip | |
o Adding wg-edipost.
Diffstat (limited to 'ansible/roles')
| -rw-r--r-- | ansible/roles/wireguard/tasks/main.yml | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/ansible/roles/wireguard/tasks/main.yml b/ansible/roles/wireguard/tasks/main.yml index e555623..787c67c 100644 --- a/ansible/roles/wireguard/tasks/main.yml +++ b/ansible/roles/wireguard/tasks/main.yml @@ -51,6 +51,7 @@ - name: "Make {{ netdev_path }}" notify: systemctl restart systemd-networkd tags: wireguard-config + copy: dest: "{{ netdev_path }}" content: | @@ -71,7 +72,7 @@ # {{ hostname }} [WireGuardPeer] - PublicKey={{ lookup('file', hostname + '/etc/wireguard/public-{{ wg_net.if }}.key') }} + PublicKey={{ host.public_key if host.public_key is defined else lookup('file', hostname + '/etc/wireguard/public-{{ wg_net.if }}.key') }} {% if host.endpoint is defined %} AllowedIPs={{ "0.0.0.0/0" }} {% elif host.ipv4 is defined %} @@ -105,6 +106,14 @@ {% if wg_net.hosts[ansible_hostname].ipv6 is defined %} Address={{ wg_net.hosts[ansible_hostname].ipv6 }}/{{ wg_net.ipv6_prefix }} {% endif %} + {% if wg_net.shared_routes is defined %} + + {% for route in wg_net.shared_routes %} + [Route] + Gateway={{ route.gateway }} + Destination={{ route.net }}/{{ route.prefix }} + {% endfor %} + {% endif %} - name: UFW allow port when: wg_host.listen_port is defined |