aboutsummaryrefslogtreecommitdiffstats
path: root/roles/wireguard/templates
diff options
context:
space:
mode:
Diffstat (limited to 'roles/wireguard/templates')
-rw-r--r--roles/wireguard/templates/hostname.j28
-rw-r--r--roles/wireguard/templates/wireguard.conf.j234
2 files changed, 42 insertions, 0 deletions
diff --git a/roles/wireguard/templates/hostname.j2 b/roles/wireguard/templates/hostname.j2
new file mode 100644
index 0000000..aca3b03
--- /dev/null
+++ b/roles/wireguard/templates/hostname.j2
@@ -0,0 +1,8 @@
+inet 10.10.0.1 255.255.255.0
+inet6 fd00:10:10::1
+#!/usr/local/bin/wireguard-go -f tun0 &
+!/usr/local/bin/wg setconf tun0 /etc/wireguard/{{ global.dcontroller }}.conf
+!/bin/sleep 2
+!/sbin/route add -inet 10.10.0.0/24 10.10.0.1
+!/bin/sleep 2
+!/sbin/route add -inet6 fd00:10:10::/64 fd00:10:10::1
diff --git a/roles/wireguard/templates/wireguard.conf.j2 b/roles/wireguard/templates/wireguard.conf.j2
new file mode 100644
index 0000000..91ebf1d
--- /dev/null
+++ b/roles/wireguard/templates/wireguard.conf.j2
@@ -0,0 +1,34 @@
+# managed by Ansible
+{% set keys = lookup("file", wireguard_local_dir ~ "/" ~ host.inventory_hostname ~ ".keys").splitlines() %}
+{% set domain_controller_keys = lookup("file", wireguard_local_dir ~ "/" ~ wireguard_domain_controller ~ ".keys").splitlines() %}
+{% set is_domain_controller = host.inventory_hostname == wireguard_domain_controller %}
+{% set ipv4_address = host.__ip.internal ~ "/24" if is_domain_controller else host.__ip.internal %}
+{% set ipv6_address = "fd00::1/128" if is_domain_controller else "fd00:10:10::" ~ host.__ip.internal.split(".")[3] %}
+
+[Interface]
+Address = {{ ipv4_address }}, {{ ipv6_address }}
+PrivateKey = {{ keys[0] }}
+{% if is_domain_controller %}
+ListenPort = {{ wireguard_port }}
+{% endif %}
+
+{% if is_domain_controller %}
+{% for guest in groups.all %}
+{% set guest = hostvars[guest] %}
+{% if guest.inventory_hostname not in [wireguard_domain_controller, "localhost"] and guest.__ip.internal %}
+{# #}
+{% set guest_keys = lookup("file", wireguard_local_dir ~ "/" ~ guest.inventory_hostname ~ ".keys").splitlines() %}
+# {{ guest.inventory_hostname }}
+[Peer]
+PublicKey = {{ guest_keys[1] }}
+AllowedIPs = {{ guest.__ip.internal }}/32, fd00:10:10::{{ guest.__ip.internal.split('.')[3] }}/128
+
+{% endif %}
+{% endfor %}
+{% else %}
+[Peer]
+PublicKey = {{ domain_controller_keys[1] }}
+Endpoint = {{ hostvars[wireguard_domain_controller].__ip.external }}:{{ wireguard_port }}
+AllowedIPs = 0.0.0.0/0, ::/0
+PersistentKeepalive = {{ wireguard_persistent_keepalive }}
+{% endif %}
remember that computers suck.