diff options
Diffstat (limited to 'ansible/roles')
-rw-r--r-- | ansible/roles/wireguard/tasks/main.yml | 21 |
1 files changed, 7 insertions, 14 deletions
diff --git a/ansible/roles/wireguard/tasks/main.yml b/ansible/roles/wireguard/tasks/main.yml index d05cec9..a91aea5 100644 --- a/ansible/roles/wireguard/tasks/main.yml +++ b/ansible/roles/wireguard/tasks/main.yml @@ -76,14 +76,15 @@ # {{ hostname }} [WireGuardPeer] PublicKey={{ host.public_key if host.public_key is defined else lookup('file', hostname + '/etc/wireguard/public-{{ wg_net.if }}.key') }} - {% if host.endpoint is defined %} - AllowedIPs={{ "0.0.0.0/0" }} - {% elif host.ipv4 is defined %} + {% if host.allowed_ips is defined %} + {% for h in host.allowed_ips %} + AllowedIPs={{ h }} + {% endfor %} + {% endif %} + {% if host.ipv4 is defined %} AllowedIPs={{ host.ipv4 }} {% endif %} - {% if host.endpoint is defined %} - AllowedIPs={{ "::/0" }} - {% elif host.ipv6 is defined %} + {% if host.ipv6 is defined %} AllowedIPs={{ host.ipv6 }} {% endif %} {% if host.endpoint is defined %} @@ -118,14 +119,6 @@ {% endfor %} {% endif %} - - name: UFW allow port - when: wg_host.listen_port is defined - tags: wireguard-config - ufw: - rule: allow - port: "{{ wg_host.listen_port }}" - proto: udp - - tags: - wireguard become: yes |