aboutsummaryrefslogtreecommitdiff
path: root/ansible/roles
diff options
context:
space:
mode:
Diffstat (limited to 'ansible/roles')
-rw-r--r--ansible/roles/wireguard/tasks/main.yml21
1 files changed, 7 insertions, 14 deletions
diff --git a/ansible/roles/wireguard/tasks/main.yml b/ansible/roles/wireguard/tasks/main.yml
index d05cec9..a91aea5 100644
--- a/ansible/roles/wireguard/tasks/main.yml
+++ b/ansible/roles/wireguard/tasks/main.yml
@@ -76,14 +76,15 @@
# {{ hostname }}
[WireGuardPeer]
PublicKey={{ host.public_key if host.public_key is defined else lookup('file', hostname + '/etc/wireguard/public-{{ wg_net.if }}.key') }}
- {% if host.endpoint is defined %}
- AllowedIPs={{ "0.0.0.0/0" }}
- {% elif host.ipv4 is defined %}
+ {% if host.allowed_ips is defined %}
+ {% for h in host.allowed_ips %}
+ AllowedIPs={{ h }}
+ {% endfor %}
+ {% endif %}
+ {% if host.ipv4 is defined %}
AllowedIPs={{ host.ipv4 }}
{% endif %}
- {% if host.endpoint is defined %}
- AllowedIPs={{ "::/0" }}
- {% elif host.ipv6 is defined %}
+ {% if host.ipv6 is defined %}
AllowedIPs={{ host.ipv6 }}
{% endif %}
{% if host.endpoint is defined %}
@@ -118,14 +119,6 @@
{% endfor %}
{% endif %}
- - name: UFW allow port
- when: wg_host.listen_port is defined
- tags: wireguard-config
- ufw:
- rule: allow
- port: "{{ wg_host.listen_port }}"
- proto: udp
-
- tags:
- wireguard
become: yes