aboutsummaryrefslogtreecommitdiffstats
path: root/roles/wireguard/templates/wireguard.conf.j2
blob: ef601868880d542f3b1e40bef002e67fa87d7e37 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
# managed by Ansible
{% set keys = lookup("file", wireguard__local_dir ~ "/" ~ host.inventory_hostname ~ ".keys").splitlines() %}
{% set domain_controller_keys = lookup("file", wireguard__local_dir ~ "/" ~ wireguard__domain_controller ~ ".keys").splitlines() %}
{% set is_domain_controller = host.inventory_hostname == wireguard__domain_controller %}
{% set ipv4_address = host.__ip.internal ~ "/24" if is_domain_controller else host.__ip.internal %}
{% set ipv6_address = "fd00::1/128" if is_domain_controller else "fd00:10:10::" ~ host.__ip.internal.split(".")[3] %}

[Interface]
Address = {{ ipv4_address }}, {{ ipv6_address }}
PrivateKey = {{ keys[0] }}
{% if is_domain_controller %}
ListenPort = {{ wireguard__port }}
{% endif %}

{% if is_domain_controller %}
{% for guest in groups.all %}
{% set guest = hostvars[guest] %}
{% if guest.inventory_hostname not in [wireguard__domain_controller, "localhost"] and guest.__ip.internal %}
{# #}
{% set guest_keys = lookup("file", wireguard__local_dir ~ "/" ~ guest.inventory_hostname ~ ".keys").splitlines() %}
# {{ guest.inventory_hostname }}
[Peer]
PublicKey = {{ guest_keys[1] }}
AllowedIPs = {{ guest.__ip.internal }}/32, fd00:10:10::{{ guest.__ip.internal.split('.')[3] }}/128

{% endif %}
{% endfor %}
{% else %}
[Peer]
PublicKey = {{ domain_controller_keys[1] }}
Endpoint = {{ hostvars[wireguard__domain_controller].__ip.external }}:{{ wireguard__port }}
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = {{ wireguard__persistent_keepalive }}
{% endif %}
remember that computers suck.