1 files changed, 53 insertions, 0 deletions

diff --git a/tnet/wg-links-link.yml b/tnet/wg-links-link.yml
new file mode 100644
index 0000000..6f1bb87
--- /dev/null
+++ b/tnet/wg-links-link.yml
@@ -0,0 +1,53 @@
+- notify: systemctl restart systemd-networkd
+  become: yes
+  file:
+    path: "/etc/systemd/network/50-tnet-{{ inventory_hostname }}-{{ item.key }}.netdev"
+    state: absent
+
+- name: "Make netdev for {{ inventory_hostname }} -> {{ item.key }}"
+  notify: systemctl restart systemd-networkd
+  become: yes
+  copy:
+    dest: "/etc/systemd/network/50-tnet-{{ item.key }}.netdev"
+    owner: systemd-network
+    group: adm
+    mode: 0640
+    content: |
+      [NetDev]
+      Name=tnet-{{ item.key }}
+      Kind=wireguard
+      Description=tnet link to {{ item.key }}
+
+      [WireGuard]
+      PrivateKey={{ lookup('community.sops.sops', 'keys/wg-{{ inventory_hostname }}-{{ item.key }}.sops.key') }}
+      {% if item.value.port is defined %}
+      ListenPort={{ item.value.port }}
+      {% endif %}
+
+      [WireGuardPeer]
+      PublicKey={{ lookup('file', 'keys/wg-{{ item.key }}-{{ inventory_hostname }}.pub') }}
+      AllowedIPs=::/0
+      {% if item.value.endpoint is defined %}
+      Endpoint={{ item.value.endpoint }}
+      PersistentKeepalive=60
+      {% endif %}
+
+- notify: systemctl restart systemd-networkd
+  become: yes
+  file:
+    path: "/etc/systemd/network/50-tnet-{{ inventory_hostname }}-{{ item.key }}.network"
+    state: absent
+
+- name: "Make network for {{ inventory_hostname }} -> {{ item.key }}"
+  notify: systemctl restart systemd-networkd
+  become: yes
+  copy:
+    dest: "/etc/systemd/network/50-tnet-{{ item.key }}.network"
+    owner: systemd-network
+    group: adm
+    content: |
+      [Match]
+      Name=tnet-{{ item.key }}
+
+      [Network]
+      Address={{ item.value.address }}/64