2022-10-11 07:32:13 +00:00
|
|
|
#jinja2: lstrip_blocks: True
|
|
|
|
# {{ ansible_managed }}
|
|
|
|
[Interface]
|
|
|
|
## {{ inventory_hostname }}
|
|
|
|
Address = {{ wireguard_address }}
|
|
|
|
PrivateKey = {{ wireguard_private_key }}
|
|
|
|
ListenPort = {{ wireguard_port }}
|
|
|
|
{% if wireguard_dns is defined %}
|
|
|
|
DNS = {{ wireguard_dns }}
|
|
|
|
{% endif %}
|
|
|
|
{% if wireguard_fwmark is defined %}
|
|
|
|
FwMark = {{ wireguard_fwmark }}
|
|
|
|
{% endif %}
|
|
|
|
{% if wireguard_mtu is defined %}
|
|
|
|
MTU = {{ wireguard_mtu }}
|
|
|
|
{% endif %}
|
|
|
|
{% if wireguard_table is defined %}
|
|
|
|
Table = {{ wireguard_table }}
|
|
|
|
{% endif %}
|
|
|
|
{% for wg_preup in wireguard_preup %}
|
|
|
|
PreUp = {{ wg_preup }}
|
|
|
|
{% endfor %}
|
|
|
|
{% for wg_postup in wireguard_postup %}
|
|
|
|
PostUp = {{ wg_postup }}
|
|
|
|
{% endfor %}
|
|
|
|
{% for wg_predown in wireguard_predown %}
|
|
|
|
PreDown = {{ wg_predown }}
|
|
|
|
{% endfor %}
|
|
|
|
{% for wg_postdown in wireguard_postdown %}
|
|
|
|
PostDown = {{ wg_postdown }}
|
|
|
|
{% endfor %}
|
|
|
|
SaveConfig = false
|
|
|
|
{% for host in wireguard_peers %}
|
|
|
|
{% if host != inventory_hostname %}
|
|
|
|
|
|
|
|
[Peer]
|
|
|
|
## {{ host }}
|
|
|
|
PublicKey = {{ hostvars[host].__wireguard_public_key }}
|
2022-10-11 19:47:54 +00:00
|
|
|
{% if hostvars[host].wireguard_allowed_ips | length > 0 %}
|
|
|
|
AllowedIPs = {{ hostvars[host].wireguard_allowed_ips | join(",") }}
|
2022-10-11 07:32:13 +00:00
|
|
|
{% else %}
|
|
|
|
AllowedIPs = {{ hostvars[host].wireguard_address.split('/')[0] }}/32
|
|
|
|
{% endif %}
|
|
|
|
{% if hostvars[host].wireguard_persistent_keepalive is defined %}
|
|
|
|
PersistentKeepalive = {{ hostvars[host].wireguard_persistent_keepalive }}
|
|
|
|
{% endif %}
|
2022-10-11 07:48:42 +00:00
|
|
|
{% if hostvars[host].wireguard_endpoint is not defined or not hostvars[host].wireguard_endpoint %}
|
2022-10-11 07:32:13 +00:00
|
|
|
Endpoint = {{ hostvars[host].wireguard_endpoint | default(host) }}:{{ hostvars[host].wireguard_port | default(wireguard_port) }}
|
|
|
|
{% endif %}
|
|
|
|
{% endif %}
|
|
|
|
{% endfor %}
|
|
|
|
{% if wireguard_peers_unmanaged | length > 0 %}
|
|
|
|
|
|
|
|
# Peers not managed by Ansible
|
|
|
|
{% for peer in wireguard_peers_unmanaged %}
|
|
|
|
[Peer]
|
|
|
|
# {{ peer.name }}
|
|
|
|
PublicKey = {{ peer.public_key }}
|
|
|
|
{% if peer.preshared_key is defined %}
|
|
|
|
PresharedKey = {{ peer.preshared_key }}
|
|
|
|
{% endif %}
|
2022-10-11 19:47:54 +00:00
|
|
|
{% if peer.allowed_ips | length > 0 %}
|
|
|
|
AllowedIPs = {{ peer.allowed_ips | join(",") }}
|
2022-10-11 07:32:13 +00:00
|
|
|
{% endif %}
|
|
|
|
{% if peer.endpoint is defined %}
|
|
|
|
Endpoint = {{ peer.endpoint }}
|
|
|
|
{% endif %}
|
|
|
|
{% if peer.persistent_keepalive is defined %}
|
|
|
|
PersistentKeepalive = {{ peer.persistent_keepalive }}
|
|
|
|
{% endif %}
|
|
|
|
{% endfor %}
|
|
|
|
{% endif %}
|