aboutsummaryrefslogtreecommitdiff
path: root/ansible/roles
diff options
context:
space:
mode:
authorTrygve Laugstøl <trygvis@inamo.no>2019-03-21 12:24:54 +0100
committerTrygve Laugstøl <trygvis@inamo.no>2019-03-21 12:24:54 +0100
commit8b8cb7f3972e8618294e0e9a2b7de500800441c0 (patch)
treed6525d0ad218075dea2807ac213bb1098d22d0de /ansible/roles
parentd3ed6ff83913dd7757f21a70915acd75f1df6140 (diff)
downloadinfra-8b8cb7f3972e8618294e0e9a2b7de500800441c0.tar.gz
infra-8b8cb7f3972e8618294e0e9a2b7de500800441c0.tar.bz2
infra-8b8cb7f3972e8618294e0e9a2b7de500800441c0.tar.xz
infra-8b8cb7f3972e8618294e0e9a2b7de500800441c0.zip
o Adding wg-edipost.
Diffstat (limited to 'ansible/roles')
-rw-r--r--ansible/roles/wireguard/tasks/main.yml11
1 files changed, 10 insertions, 1 deletions
diff --git a/ansible/roles/wireguard/tasks/main.yml b/ansible/roles/wireguard/tasks/main.yml
index e555623..787c67c 100644
--- a/ansible/roles/wireguard/tasks/main.yml
+++ b/ansible/roles/wireguard/tasks/main.yml
@@ -51,6 +51,7 @@
- name: "Make {{ netdev_path }}"
notify: systemctl restart systemd-networkd
tags: wireguard-config
+
copy:
dest: "{{ netdev_path }}"
content: |
@@ -71,7 +72,7 @@
# {{ hostname }}
[WireGuardPeer]
- PublicKey={{ lookup('file', hostname + '/etc/wireguard/public-{{ wg_net.if }}.key') }}
+ PublicKey={{ host.public_key if host.public_key is defined else lookup('file', hostname + '/etc/wireguard/public-{{ wg_net.if }}.key') }}
{% if host.endpoint is defined %}
AllowedIPs={{ "0.0.0.0/0" }}
{% elif host.ipv4 is defined %}
@@ -105,6 +106,14 @@
{% if wg_net.hosts[ansible_hostname].ipv6 is defined %}
Address={{ wg_net.hosts[ansible_hostname].ipv6 }}/{{ wg_net.ipv6_prefix }}
{% endif %}
+ {% if wg_net.shared_routes is defined %}
+
+ {% for route in wg_net.shared_routes %}
+ [Route]
+ Gateway={{ route.gateway }}
+ Destination={{ route.net }}/{{ route.prefix }}
+ {% endfor %}
+ {% endif %}
- name: UFW allow port
when: wg_host.listen_port is defined