diff options
author | Trygve Laugstøl <trygvis@inamo.no> | 2020-10-27 22:08:56 +0100 |
---|---|---|
committer | Trygve Laugstøl <trygvis@inamo.no> | 2020-10-27 22:26:52 +0100 |
commit | 8fe199c66d3d2118fc45a2ffa2d994430a91da3e (patch) | |
tree | 09367b7ddd49a9abd2c6e0eaea8919b4b3fa33b3 /ansible/roles | |
parent | 285c587daf298132bc961b26abed1e5870c41e4b (diff) | |
download | infra-8fe199c66d3d2118fc45a2ffa2d994430a91da3e.tar.gz infra-8fe199c66d3d2118fc45a2ffa2d994430a91da3e.tar.bz2 infra-8fe199c66d3d2118fc45a2ffa2d994430a91da3e.tar.xz infra-8fe199c66d3d2118fc45a2ffa2d994430a91da3e.zip |
Adding hash to wireguard.
Diffstat (limited to 'ansible/roles')
-rw-r--r-- | ansible/roles/wireguard/tasks/main.yml | 21 |
1 files changed, 7 insertions, 14 deletions
diff --git a/ansible/roles/wireguard/tasks/main.yml b/ansible/roles/wireguard/tasks/main.yml index d05cec9..a91aea5 100644 --- a/ansible/roles/wireguard/tasks/main.yml +++ b/ansible/roles/wireguard/tasks/main.yml @@ -76,14 +76,15 @@ # {{ hostname }} [WireGuardPeer] PublicKey={{ host.public_key if host.public_key is defined else lookup('file', hostname + '/etc/wireguard/public-{{ wg_net.if }}.key') }} - {% if host.endpoint is defined %} - AllowedIPs={{ "0.0.0.0/0" }} - {% elif host.ipv4 is defined %} + {% if host.allowed_ips is defined %} + {% for h in host.allowed_ips %} + AllowedIPs={{ h }} + {% endfor %} + {% endif %} + {% if host.ipv4 is defined %} AllowedIPs={{ host.ipv4 }} {% endif %} - {% if host.endpoint is defined %} - AllowedIPs={{ "::/0" }} - {% elif host.ipv6 is defined %} + {% if host.ipv6 is defined %} AllowedIPs={{ host.ipv6 }} {% endif %} {% if host.endpoint is defined %} @@ -118,14 +119,6 @@ {% endfor %} {% endif %} - - name: UFW allow port - when: wg_host.listen_port is defined - tags: wireguard-config - ufw: - rule: allow - port: "{{ wg_host.listen_port }}" - proto: udp - - tags: - wireguard become: yes |