From c70e33e629a853ae526eff27e4689505645532db Mon Sep 17 00:00:00 2001
From: dogeystamp <dogeystamp@disroot.org>
Date: Mon, 17 Jun 2024 17:48:29 -0400
Subject: [PATCH] wireguard: clean up

- make variables less clunky
- make docker-compose run after wireguard (this seems janky right now)
---
 group_vars/all/50-vars.yml                           | 2 ++
 roles/containers/templates/docker-compose.service.j2 | 5 +++++
 roles/wireguard/defaults/main.yml                    | 5 ++++-
 roles/wireguard/handlers/main.yml                    | 2 +-
 roles/wireguard/tasks/main.yml                       | 2 +-
 roles/wireguard/templates/server.conf.j2             | 2 +-
 6 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/group_vars/all/50-vars.yml b/group_vars/all/50-vars.yml
index 9e31dbe..6edf8e8 100644
--- a/group_vars/all/50-vars.yml
+++ b/group_vars/all/50-vars.yml
@@ -45,4 +45,6 @@ escalation_method: doas
 enable_connection: yes
 
 # use a wireguard network between bastion and fleet host for the reverse proxy
+# see roles/wireguard/defaults/main.yml for further config settings
 wireguard_services: true
+wireguard_interface: "wg0"
diff --git a/roles/containers/templates/docker-compose.service.j2 b/roles/containers/templates/docker-compose.service.j2
index 89af0ba..274e588 100644
--- a/roles/containers/templates/docker-compose.service.j2
+++ b/roles/containers/templates/docker-compose.service.j2
@@ -1,7 +1,12 @@
 [Unit]
 Description=Services manager with docker-compose
+{% if wireguard_services %}
+Requires=docker.service wg-quick@{{ wireguard_interface }}.service
+After=docker.service wg-quick@{{ wireguard_interface }}.service
+{% else %}
 Requires=docker.service
 After=docker.service
+{% endif %}
 
 [Service]
 User=docker
diff --git a/roles/wireguard/defaults/main.yml b/roles/wireguard/defaults/main.yml
index 25e0e08..9c031cf 100644
--- a/roles/wireguard/defaults/main.yml
+++ b/roles/wireguard/defaults/main.yml
@@ -6,10 +6,13 @@
 
 # also see group_vars/all/00-secret-template.yml
 
+# this key is defined in group_vars/all/50-vars.yml
+# it's duplicated here just in case
+wireguard_interface: "wg0"
+
 wireguard:
   dns_servers:
     - "{{ dns_forward }}"
-  interface: "wg0"
   ip:
     # cidr range in tunnel
     cidr: "10.66.77.0/24"
diff --git a/roles/wireguard/handlers/main.yml b/roles/wireguard/handlers/main.yml
index 0277d67..e910fa1 100644
--- a/roles/wireguard/handlers/main.yml
+++ b/roles/wireguard/handlers/main.yml
@@ -2,7 +2,7 @@
 
 - name: Start wireguard
   systemd:
-    name: "wg-quick@{{ wireguard.interface }}.service"
+    name: "wg-quick@{{ wireguard_interface }}.service"
     enabled: yes
     daemon_reload: yes
     state: restarted
diff --git a/roles/wireguard/tasks/main.yml b/roles/wireguard/tasks/main.yml
index b34277c..45e8874 100644
--- a/roles/wireguard/tasks/main.yml
+++ b/roles/wireguard/tasks/main.yml
@@ -28,7 +28,7 @@
 - name: Deploy wireguard server config
   template:
     src: server.conf.j2
-    dest: "/etc/wireguard/{{ wireguard.interface }}.conf"
+    dest: "/etc/wireguard/{{ wireguard_interface }}.conf"
     owner: root
     group: root
     mode: 0600
diff --git a/roles/wireguard/templates/server.conf.j2 b/roles/wireguard/templates/server.conf.j2
index ea3b466..ec1edca 100644
--- a/roles/wireguard/templates/server.conf.j2
+++ b/roles/wireguard/templates/server.conf.j2
@@ -1,5 +1,5 @@
 [Interface]
-Address = {{ hostvars[inventory_hostname]["vpn_ip"] }}/32
+Address = {{ vpn_ip }}/32
 PrivateKey = {{ wireguard_secret.servers[inventory_hostname].priv }}
 ListenPort = {{ wireguard.ip.port }}