1 files changed, 34 insertions, 0 deletions

diff --git a/roles/wireguard/templates/wireguard.conf.j2 b/roles/wireguard/templates/wireguard.conf.j2
new file mode 100644
index 0000000..91ebf1d
--- /dev/null
+++ b/roles/wireguard/templates/wireguard.conf.j2
@@ -0,0 +1,34 @@
+# managed by Ansible
+{% set keys = lookup("file", wireguard_local_dir ~ "/" ~ host.inventory_hostname ~ ".keys").splitlines() %}
+{% set domain_controller_keys = lookup("file", wireguard_local_dir ~ "/" ~ wireguard_domain_controller ~ ".keys").splitlines() %}
+{% set is_domain_controller = host.inventory_hostname == wireguard_domain_controller %}
+{% set ipv4_address = host.__ip.internal ~ "/24" if is_domain_controller else host.__ip.internal %}
+{% set ipv6_address = "fd00::1/128" if is_domain_controller else "fd00:10:10::" ~ host.__ip.internal.split(".")[3] %}
+
+[Interface]
+Address = {{ ipv4_address }}, {{ ipv6_address }}
+PrivateKey = {{ keys[0] }}
+{% if is_domain_controller %}
+ListenPort = {{ wireguard_port }}
+{% endif %}
+
+{% if is_domain_controller %}
+{% for guest in groups.all %}
+{% set guest = hostvars[guest] %}
+{% if guest.inventory_hostname not in [wireguard_domain_controller, "localhost"] and guest.__ip.internal %}
+{# #}
+{% set guest_keys = lookup("file", wireguard_local_dir ~ "/" ~ guest.inventory_hostname ~ ".keys").splitlines() %}
+# {{ guest.inventory_hostname }}
+[Peer]
+PublicKey = {{ guest_keys[1] }}
+AllowedIPs = {{ guest.__ip.internal }}/32, fd00:10:10::{{ guest.__ip.internal.split('.')[3] }}/128
+
+{% endif %}
+{% endfor %}
+{% else %}
+[Peer]
+PublicKey = {{ domain_controller_keys[1] }}
+Endpoint = {{ hostvars[wireguard_domain_controller].__ip.external }}:{{ wireguard_port }}
+AllowedIPs = 0.0.0.0/0, ::/0
+PersistentKeepalive = {{ wireguard_persistent_keepalive }}
+{% endif %}