aboutsummaryrefslogtreecommitdiff
path: root/ansible/roles/wireguard
diff options
context:
space:
mode:
Diffstat (limited to 'ansible/roles/wireguard')
-rw-r--r--ansible/roles/wireguard/tasks/main.yml11
1 files changed, 10 insertions, 1 deletions
diff --git a/ansible/roles/wireguard/tasks/main.yml b/ansible/roles/wireguard/tasks/main.yml
index e555623..787c67c 100644
--- a/ansible/roles/wireguard/tasks/main.yml
+++ b/ansible/roles/wireguard/tasks/main.yml
@@ -51,6 +51,7 @@
- name: "Make {{ netdev_path }}"
notify: systemctl restart systemd-networkd
tags: wireguard-config
+
copy:
dest: "{{ netdev_path }}"
content: |
@@ -71,7 +72,7 @@
# {{ hostname }}
[WireGuardPeer]
- PublicKey={{ lookup('file', hostname + '/etc/wireguard/public-{{ wg_net.if }}.key') }}
+ PublicKey={{ host.public_key if host.public_key is defined else lookup('file', hostname + '/etc/wireguard/public-{{ wg_net.if }}.key') }}
{% if host.endpoint is defined %}
AllowedIPs={{ "0.0.0.0/0" }}
{% elif host.ipv4 is defined %}
@@ -105,6 +106,14 @@
{% if wg_net.hosts[ansible_hostname].ipv6 is defined %}
Address={{ wg_net.hosts[ansible_hostname].ipv6 }}/{{ wg_net.ipv6_prefix }}
{% endif %}
+ {% if wg_net.shared_routes is defined %}
+
+ {% for route in wg_net.shared_routes %}
+ [Route]
+ Gateway={{ route.gateway }}
+ Destination={{ route.net }}/{{ route.prefix }}
+ {% endfor %}
+ {% endif %}
- name: UFW allow port
when: wg_host.listen_port is defined