From 8fe199c66d3d2118fc45a2ffa2d994430a91da3e Mon Sep 17 00:00:00 2001
From: Trygve Laugstøl <trygvis@inamo.no>
Date: Tue, 27 Oct 2020 22:08:56 +0100
Subject: Adding hash to wireguard.

---
 ansible/roles/wireguard/tasks/main.yml | 21 +++++++--------------
 1 file changed, 7 insertions(+), 14 deletions(-)

(limited to 'ansible/roles')

diff --git a/ansible/roles/wireguard/tasks/main.yml b/ansible/roles/wireguard/tasks/main.yml
index d05cec9..a91aea5 100644
--- a/ansible/roles/wireguard/tasks/main.yml
+++ b/ansible/roles/wireguard/tasks/main.yml
@@ -76,14 +76,15 @@
           # {{ hostname }}
           [WireGuardPeer]
           PublicKey={{ host.public_key if host.public_key is defined else lookup('file', hostname + '/etc/wireguard/public-{{ wg_net.if }}.key') }}
-          {% if host.endpoint is defined %}
-          AllowedIPs={{ "0.0.0.0/0" }}
-          {% elif host.ipv4 is defined %}
+          {% if host.allowed_ips is defined %}
+          {% for h in host.allowed_ips %}
+          AllowedIPs={{ h }}
+          {% endfor %}
+          {% endif %}
+          {% if host.ipv4 is defined %}
           AllowedIPs={{ host.ipv4 }}
           {% endif %}
-          {% if host.endpoint is defined %}
-          AllowedIPs={{ "::/0" }}
-          {% elif host.ipv6 is defined %}
+          {% if host.ipv6 is defined %}
           AllowedIPs={{ host.ipv6 }}
           {% endif %}
           {% if host.endpoint is defined %}
@@ -118,14 +119,6 @@
           {% endfor %}
           {% endif %}
 
-    - name: UFW allow port
-      when: wg_host.listen_port is defined
-      tags: wireguard-config
-      ufw:
-        rule: allow
-        port: "{{ wg_host.listen_port }}"
-        proto: udp
-
 - tags:
     - wireguard
   become: yes
-- 
cgit v1.2.3