homeserver-iac/roles/wireguard/templates/client.conf.j2

[Interface]
# device's address in the VPN
Address = {{ item.addr }}
# device privkey
PrivateKey = {{ item.priv_key }}
DNS = {{ hostvars[groups["bastion"][0]].vpn_ip }}

[Peer]
# server stuff
PublicKey = {{ wireguard_secret.servers[groups["bastion"][0]].pub }}
Endpoint = {{ wireguard.ip.server_public }}:{{ wireguard.ip.port }}

# allow traffic for all subnets into the VPN
AllowedIPs = 0.0.0.0/0
roles/wireguard: implemented 2024-06-16 15:05:12 -04:00			`[Interface]`
			`# device's address in the VPN`
			`Address = {{ item.addr }}`
			`# device privkey`
			`PrivateKey = {{ item.priv_key }}`
wireguard: use vpn for bastion-fleet comms supposedly fleet will be more secure this way 2024-06-16 21:32:52 -04:00			`DNS = {{ hostvars[groups["bastion"][0]].vpn_ip }}`
roles/wireguard: implemented 2024-06-16 15:05:12 -04:00
			`[Peer]`
			`# server stuff`
wireguard: use vpn for bastion-fleet comms supposedly fleet will be more secure this way 2024-06-16 21:32:52 -04:00			`PublicKey = {{ wireguard_secret.servers[groups["bastion"][0]].pub }}`
roles/wireguard: implemented 2024-06-16 15:05:12 -04:00			`Endpoint = {{ wireguard.ip.server_public }}:{{ wireguard.ip.port }}`

			`# allow traffic for all subnets into the VPN`
			`AllowedIPs = 0.0.0.0/0`