From 8b8cb7f3972e8618294e0e9a2b7de500800441c0 Mon Sep 17 00:00:00 2001 From: Trygve Laugstøl Date: Thu, 21 Mar 2019 12:24:54 +0100 Subject: o Adding wg-edipost. --- ansible/group_vars/all/wireguard_wg-edipost.yml | 12 +++++++++++- ansible/inventory | 5 +++++ ansible/roles/wireguard/tasks/main.yml | 11 ++++++++++- 3 files changed, 26 insertions(+), 2 deletions(-) diff --git a/ansible/group_vars/all/wireguard_wg-edipost.yml b/ansible/group_vars/all/wireguard_wg-edipost.yml index 449f031..72e4977 100644 --- a/ansible/group_vars/all/wireguard_wg-edipost.yml +++ b/ansible/group_vars/all/wireguard_wg-edipost.yml @@ -1,7 +1,17 @@ wireguard-wg-edipost: if: wg-edipost ipv4_prefix: 24 + shared_routes: + - gateway: 192.168.200.136 + net: 192.168.100.0 + prefix: 24 + hosts: conflatorio: state: present - ipv4: 192.168.100.2 + ipv4: 192.168.200.138 + edipost-wg: + public_key: VWEMk20CI5RJohjnar4HicuaZbj3d1aoewvQNorWITs= + endpoint: 77.106.183.85 + listen_port: 51820 + peers: all diff --git a/ansible/inventory b/ansible/inventory index 1824e7f..1b47071 100644 --- a/ansible/inventory +++ b/ansible/inventory @@ -162,4 +162,9 @@ all: arius: conflatorio: + wireguard_edipost: + hosts: + arius: + conflatorio: + # vim: set filetype=yaml: diff --git a/ansible/roles/wireguard/tasks/main.yml b/ansible/roles/wireguard/tasks/main.yml index e555623..787c67c 100644 --- a/ansible/roles/wireguard/tasks/main.yml +++ b/ansible/roles/wireguard/tasks/main.yml @@ -51,6 +51,7 @@ - name: "Make {{ netdev_path }}" notify: systemctl restart systemd-networkd tags: wireguard-config + copy: dest: "{{ netdev_path }}" content: | @@ -71,7 +72,7 @@ # {{ hostname }} [WireGuardPeer] - PublicKey={{ lookup('file', hostname + '/etc/wireguard/public-{{ wg_net.if }}.key') }} + PublicKey={{ host.public_key if host.public_key is defined else lookup('file', hostname + '/etc/wireguard/public-{{ wg_net.if }}.key') }} {% if host.endpoint is defined %} AllowedIPs={{ "0.0.0.0/0" }} {% elif host.ipv4 is defined %} @@ -105,6 +106,14 @@ {% if wg_net.hosts[ansible_hostname].ipv6 is defined %} Address={{ wg_net.hosts[ansible_hostname].ipv6 }}/{{ wg_net.ipv6_prefix }} {% endif %} + {% if wg_net.shared_routes is defined %} + + {% for route in wg_net.shared_routes %} + [Route] + Gateway={{ route.gateway }} + Destination={{ route.net }}/{{ route.prefix }} + {% endfor %} + {% endif %} - name: UFW allow port when: wg_host.listen_port is defined -- cgit v1.2.3