diff options
Diffstat (limited to 'roles/wireguard/templates')
-rw-r--r-- | roles/wireguard/templates/hostname.j2 | 8 | ||||
-rw-r--r-- | roles/wireguard/templates/wireguard.conf.j2 | 34 |
2 files changed, 42 insertions, 0 deletions
diff --git a/roles/wireguard/templates/hostname.j2 b/roles/wireguard/templates/hostname.j2 new file mode 100644 index 0000000..aca3b03 --- /dev/null +++ b/roles/wireguard/templates/hostname.j2 @@ -0,0 +1,8 @@ +inet 10.10.0.1 255.255.255.0 +inet6 fd00:10:10::1 +#!/usr/local/bin/wireguard-go -f tun0 & +!/usr/local/bin/wg setconf tun0 /etc/wireguard/{{ global.dcontroller }}.conf +!/bin/sleep 2 +!/sbin/route add -inet 10.10.0.0/24 10.10.0.1 +!/bin/sleep 2 +!/sbin/route add -inet6 fd00:10:10::/64 fd00:10:10::1 diff --git a/roles/wireguard/templates/wireguard.conf.j2 b/roles/wireguard/templates/wireguard.conf.j2 new file mode 100644 index 0000000..91ebf1d --- /dev/null +++ b/roles/wireguard/templates/wireguard.conf.j2 @@ -0,0 +1,34 @@ +# managed by Ansible +{% set keys = lookup("file", wireguard_local_dir ~ "/" ~ host.inventory_hostname ~ ".keys").splitlines() %} +{% set domain_controller_keys = lookup("file", wireguard_local_dir ~ "/" ~ wireguard_domain_controller ~ ".keys").splitlines() %} +{% set is_domain_controller = host.inventory_hostname == wireguard_domain_controller %} +{% set ipv4_address = host.__ip.internal ~ "/24" if is_domain_controller else host.__ip.internal %} +{% set ipv6_address = "fd00::1/128" if is_domain_controller else "fd00:10:10::" ~ host.__ip.internal.split(".")[3] %} + +[Interface] +Address = {{ ipv4_address }}, {{ ipv6_address }} +PrivateKey = {{ keys[0] }} +{% if is_domain_controller %} +ListenPort = {{ wireguard_port }} +{% endif %} + +{% if is_domain_controller %} +{% for guest in groups.all %} +{% set guest = hostvars[guest] %} +{% if guest.inventory_hostname not in [wireguard_domain_controller, "localhost"] and guest.__ip.internal %} +{# #} +{% set guest_keys = lookup("file", wireguard_local_dir ~ "/" ~ guest.inventory_hostname ~ ".keys").splitlines() %} +# {{ guest.inventory_hostname }} +[Peer] +PublicKey = {{ guest_keys[1] }} +AllowedIPs = {{ guest.__ip.internal }}/32, fd00:10:10::{{ guest.__ip.internal.split('.')[3] }}/128 + +{% endif %} +{% endfor %} +{% else %} +[Peer] +PublicKey = {{ domain_controller_keys[1] }} +Endpoint = {{ hostvars[wireguard_domain_controller].__ip.external }}:{{ wireguard_port }} +AllowedIPs = 0.0.0.0/0, ::/0 +PersistentKeepalive = {{ wireguard_persistent_keepalive }} +{% endif %} |