diff options
Diffstat (limited to 'tnet/wg-links-link.yml')
-rw-r--r-- | tnet/wg-links-link.yml | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/tnet/wg-links-link.yml b/tnet/wg-links-link.yml new file mode 100644 index 0000000..4b8729f --- /dev/null +++ b/tnet/wg-links-link.yml @@ -0,0 +1,41 @@ +- name: "Make netdev for {{ inventory_hostname }} -> {{ item.key }}" +# notify: systemctl restart systemd-networkd + become: yes + copy: + dest: "/etc/systemd/network/50-tnet-{{ item.key }}.netdev" + owner: systemd-network + group: adm + mode: 0640 + content: | + [NetDev] + Name=tnet-{{ item.key }} + Kind=wireguard + Description=tnet link to {{ item.key }} + + [WireGuard] + PrivateKey={{ lookup('community.sops.sops', 'keys/wg-{{ inventory_hostname }}-{{ item.key }}.sops.key') }} + {% if item.value.port is defined %} + ListenPort={{ item.value.port }} + {% endif %} + + [WireGuardPeer] + PublicKey={{ lookup('file', 'keys/wg-{{ item.key }}-{{ inventory_hostname }}.pub') }} + AllowedIPs=::/0 + {% if item.value.remote is defined %} + Endpoint={{ item.value.remote }} + PersistentKeepalive=60 + {% endif %} + +- name: "Make network for {{ inventory_hostname }} -> {{ item.key }}" +# notify: systemctl restart systemd-networkd + become: yes + copy: + dest: "/etc/systemd/network/50-tnet-{{ item.key }}.network" + owner: systemd-network + group: adm + content: | + [Match] + Name=tnet-{{ item.key }} + + [Network] + Address={{ item.value.address }}/127 |