From 06928fc1edfbf63a0496843ff4c0c16011cd1444 Mon Sep 17 00:00:00 2001 From: Trygve Laugstøl Date: Mon, 7 Jan 2019 19:25:34 +0100 Subject: wireguard: Do not require both ipv4 and ipv6. --- ansible/files/arius/etc/wireguard/public-wg0.key | 1 + .../files/birgitte/etc/wireguard/public-wg0.key | 1 + ansible/group_vars/all/wireguard_wg0.yml | 23 ++++++++++------------ ansible/roles/wireguard/tasks/main.yml | 19 ++++++++++++++---- 4 files changed, 27 insertions(+), 17 deletions(-) create mode 100644 ansible/files/arius/etc/wireguard/public-wg0.key create mode 100644 ansible/files/birgitte/etc/wireguard/public-wg0.key diff --git a/ansible/files/arius/etc/wireguard/public-wg0.key b/ansible/files/arius/etc/wireguard/public-wg0.key new file mode 100644 index 0000000..5ec9b00 --- /dev/null +++ b/ansible/files/arius/etc/wireguard/public-wg0.key @@ -0,0 +1 @@ +im/vYsW00WC+RVYDurNxhF7K+11+YRl5qPL1WIbkr3g= diff --git a/ansible/files/birgitte/etc/wireguard/public-wg0.key b/ansible/files/birgitte/etc/wireguard/public-wg0.key new file mode 100644 index 0000000..d595dff --- /dev/null +++ b/ansible/files/birgitte/etc/wireguard/public-wg0.key @@ -0,0 +1 @@ +r/eymAwM7HDSJkkWSY2Ec7A+F8AQ7tuL0drD/OI1LyM= diff --git a/ansible/group_vars/all/wireguard_wg0.yml b/ansible/group_vars/all/wireguard_wg0.yml index 4e8238b..c2b79fe 100644 --- a/ansible/group_vars/all/wireguard_wg0.yml +++ b/ansible/group_vars/all/wireguard_wg0.yml @@ -7,22 +7,19 @@ wireguard-wg0: endpoint: trygvis.io listen_port: 51821 peers: all - ipv4: 192.168.60.1 # Generated by https://www.ultratools.com/tools/rangeGenerator - ipv6: fdf3:aad9:a885:0b3b::1 -# birgitte: -# state: present -# ipv4: 192.168.60.2 -# ipv6: fdf3:aad9:a885:0b3b::2 + ipv6: fdf3:aad9:a885:0b3a::1 + birgitte: + state: present + ipv4: 192.168.60.2 + ipv6: fdf3:aad9:a885:0b3a::2 conflatorio: state: present - ipv4: 192.168.60.3 - ipv6: fdf3:aad9:a885:0b3b::3 -# arius: -# state: present -# ipv4: 192.168.60.6 -# ipv6: fdf3:aad9:a885:0b3b::6 + ipv6: fdf3:aad9:a885:0b3a::3 + arius: + state: present + ipv6: fdf3:aad9:a885:0b3a::6 # akili: # state: present # ipv4: 192.168.60.7 -# ipv6: fdf3:aad9:a885:0b3b::7 +# ipv6: fdf3:aad9:a885:0b3a::7 diff --git a/ansible/roles/wireguard/tasks/main.yml b/ansible/roles/wireguard/tasks/main.yml index 9c4cf24..e6167dc 100644 --- a/ansible/roles/wireguard/tasks/main.yml +++ b/ansible/roles/wireguard/tasks/main.yml @@ -1,5 +1,3 @@ -- debug: var=wireguard__state - - tags: - wireguard become: yes @@ -71,10 +69,19 @@ {% set present = not (host.state is defined) or host.state == 'present' %} {% if present and (all_peers or host.endpoint is defined) %} + # {{ hostname }} [WireGuardPeer] PublicKey={{ lookup('file', hostname + '/etc/wireguard/public-{{ wg_net.if }}.key') }} - AllowedIPs={{ "0.0.0.0/0" if host.endpoint is defined else host.ipv4 }} - AllowedIPs={{ "::/0" if host.endpoint is defined else host.ipv6 }} + {% if host.endpoint is defined %} + AllowedIPs={{ "0.0.0.0/0" }} + {% elif host.ipv4 is defined %} + AllowedIPs={{ host.ipv4 }} + {% endif %} + {% if host.endpoint is defined %} + AllowedIPs={{ "::/0" }} + {% elif host.ipv6 is defined %} + AllowedIPs={{ host.ipv6 }} + {% endif %} {% if host.endpoint is defined %} Endpoint={{ host.endpoint }}:{{ host.listen_port }} {% endif %} @@ -92,8 +99,12 @@ Name={{ wg_net.if }} [Network] + {% if wg_net.hosts[ansible_hostname].ipv4 is defined %} Address={{ wg_net.hosts[ansible_hostname].ipv4 }}/{{ wg_net.ipv4_prefix }} + {% endif %} + {% if wg_net.hosts[ansible_hostname].ipv6 is defined %} Address={{ wg_net.hosts[ansible_hostname].ipv6 }}/{{ wg_net.ipv6_prefix }} + {% endif %} - name: UFW allow port when: wg_host.listen_port is defined -- cgit v1.2.3