blob: 91ebf1d3f005c960ae8a42660c8a5664f24a2d22 (
plain) (
tree)
|
|
# managed by Ansible
{% set keys = lookup("file", wireguard_local_dir ~ "/" ~ host.inventory_hostname ~ ".keys").splitlines() %}
{% set domain_controller_keys = lookup("file", wireguard_local_dir ~ "/" ~ wireguard_domain_controller ~ ".keys").splitlines() %}
{% set is_domain_controller = host.inventory_hostname == wireguard_domain_controller %}
{% set ipv4_address = host.__ip.internal ~ "/24" if is_domain_controller else host.__ip.internal %}
{% set ipv6_address = "fd00::1/128" if is_domain_controller else "fd00:10:10::" ~ host.__ip.internal.split(".")[3] %}
[Interface]
Address = {{ ipv4_address }}, {{ ipv6_address }}
PrivateKey = {{ keys[0] }}
{% if is_domain_controller %}
ListenPort = {{ wireguard_port }}
{% endif %}
{% if is_domain_controller %}
{% for guest in groups.all %}
{% set guest = hostvars[guest] %}
{% if guest.inventory_hostname not in [wireguard_domain_controller, "localhost"] and guest.__ip.internal %}
{# #}
{% set guest_keys = lookup("file", wireguard_local_dir ~ "/" ~ guest.inventory_hostname ~ ".keys").splitlines() %}
# {{ guest.inventory_hostname }}
[Peer]
PublicKey = {{ guest_keys[1] }}
AllowedIPs = {{ guest.__ip.internal }}/32, fd00:10:10::{{ guest.__ip.internal.split('.')[3] }}/128
{% endif %}
{% endfor %}
{% else %}
[Peer]
PublicKey = {{ domain_controller_keys[1] }}
Endpoint = {{ hostvars[wireguard_domain_controller].__ip.external }}:{{ wireguard_port }}
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = {{ wireguard_persistent_keepalive }}
{% endif %}
|