Adding hash to wireguard.

1 files changed, 7 insertions, 14 deletions

diff --git a/ansible/roles/wireguard/tasks/main.yml b/ansible/roles/wireguard/tasks/main.yml
index d05cec9..a91aea5 100644
--- a/ansible/roles/wireguard/tasks/main.yml
+++ b/ansible/roles/wireguard/tasks/main.yml
@@ -76,14 +76,15 @@
           # {{ hostname }}
           [WireGuardPeer]
           PublicKey={{ host.public_key if host.public_key is defined else lookup('file', hostname + '/etc/wireguard/public-{{ wg_net.if }}.key') }}
-          {% if host.endpoint is defined %}
-          AllowedIPs={{ "0.0.0.0/0" }}
-          {% elif host.ipv4 is defined %}
+          {% if host.allowed_ips is defined %}
+          {% for h in host.allowed_ips %}
+          AllowedIPs={{ h }}
+          {% endfor %}
+          {% endif %}
+          {% if host.ipv4 is defined %}
           AllowedIPs={{ host.ipv4 }}
           {% endif %}
-          {% if host.endpoint is defined %}
-          AllowedIPs={{ "::/0" }}
-          {% elif host.ipv6 is defined %}
+          {% if host.ipv6 is defined %}
           AllowedIPs={{ host.ipv6 }}
           {% endif %}
           {% if host.endpoint is defined %}
@@ -118,14 +119,6 @@
           {% endfor %}
           {% endif %}
 
-    - name: UFW allow port
-      when: wg_host.listen_port is defined
-      tags: wireguard-config
-      ufw:
-        rule: allow
-        port: "{{ wg_host.listen_port }}"
-        proto: udp
-
 - tags:
     - wireguard
   become: yes