From 8fe199c66d3d2118fc45a2ffa2d994430a91da3e Mon Sep 17 00:00:00 2001 From: Trygve Laugstøl Date: Tue, 27 Oct 2020 22:08:56 +0100 Subject: Adding hash to wireguard. --- ansible/roles/wireguard/tasks/main.yml | 21 +++++++-------------- 1 file changed, 7 insertions(+), 14 deletions(-) (limited to 'ansible/roles') diff --git a/ansible/roles/wireguard/tasks/main.yml b/ansible/roles/wireguard/tasks/main.yml index d05cec9..a91aea5 100644 --- a/ansible/roles/wireguard/tasks/main.yml +++ b/ansible/roles/wireguard/tasks/main.yml @@ -76,14 +76,15 @@ # {{ hostname }} [WireGuardPeer] PublicKey={{ host.public_key if host.public_key is defined else lookup('file', hostname + '/etc/wireguard/public-{{ wg_net.if }}.key') }} - {% if host.endpoint is defined %} - AllowedIPs={{ "0.0.0.0/0" }} - {% elif host.ipv4 is defined %} + {% if host.allowed_ips is defined %} + {% for h in host.allowed_ips %} + AllowedIPs={{ h }} + {% endfor %} + {% endif %} + {% if host.ipv4 is defined %} AllowedIPs={{ host.ipv4 }} {% endif %} - {% if host.endpoint is defined %} - AllowedIPs={{ "::/0" }} - {% elif host.ipv6 is defined %} + {% if host.ipv6 is defined %} AllowedIPs={{ host.ipv6 }} {% endif %} {% if host.endpoint is defined %} @@ -118,14 +119,6 @@ {% endfor %} {% endif %} - - name: UFW allow port - when: wg_host.listen_port is defined - tags: wireguard-config - ufw: - rule: allow - port: "{{ wg_host.listen_port }}" - proto: udp - - tags: - wireguard become: yes -- cgit v1.2.3