aboutsummaryrefslogtreecommitdiff
path: root/ansible/roles
diff options
context:
space:
mode:
authorTrygve Laugstøl <trygvis@inamo.no>2020-10-27 22:08:56 +0100
committerTrygve Laugstøl <trygvis@inamo.no>2020-10-27 22:26:52 +0100
commit8fe199c66d3d2118fc45a2ffa2d994430a91da3e (patch)
tree09367b7ddd49a9abd2c6e0eaea8919b4b3fa33b3 /ansible/roles
parent285c587daf298132bc961b26abed1e5870c41e4b (diff)
downloadinfra-8fe199c66d3d2118fc45a2ffa2d994430a91da3e.tar.gz
infra-8fe199c66d3d2118fc45a2ffa2d994430a91da3e.tar.bz2
infra-8fe199c66d3d2118fc45a2ffa2d994430a91da3e.tar.xz
infra-8fe199c66d3d2118fc45a2ffa2d994430a91da3e.zip
Adding hash to wireguard.
Diffstat (limited to 'ansible/roles')
-rw-r--r--ansible/roles/wireguard/tasks/main.yml21
1 files changed, 7 insertions, 14 deletions
diff --git a/ansible/roles/wireguard/tasks/main.yml b/ansible/roles/wireguard/tasks/main.yml
index d05cec9..a91aea5 100644
--- a/ansible/roles/wireguard/tasks/main.yml
+++ b/ansible/roles/wireguard/tasks/main.yml
@@ -76,14 +76,15 @@
# {{ hostname }}
[WireGuardPeer]
PublicKey={{ host.public_key if host.public_key is defined else lookup('file', hostname + '/etc/wireguard/public-{{ wg_net.if }}.key') }}
- {% if host.endpoint is defined %}
- AllowedIPs={{ "0.0.0.0/0" }}
- {% elif host.ipv4 is defined %}
+ {% if host.allowed_ips is defined %}
+ {% for h in host.allowed_ips %}
+ AllowedIPs={{ h }}
+ {% endfor %}
+ {% endif %}
+ {% if host.ipv4 is defined %}
AllowedIPs={{ host.ipv4 }}
{% endif %}
- {% if host.endpoint is defined %}
- AllowedIPs={{ "::/0" }}
- {% elif host.ipv6 is defined %}
+ {% if host.ipv6 is defined %}
AllowedIPs={{ host.ipv6 }}
{% endif %}
{% if host.endpoint is defined %}
@@ -118,14 +119,6 @@
{% endfor %}
{% endif %}
- - name: UFW allow port
- when: wg_host.listen_port is defined
- tags: wireguard-config
- ufw:
- rule: allow
- port: "{{ wg_host.listen_port }}"
- proto: udp
-
- tags:
- wireguard
become: yes