28 lines
926 B
Django/Jinja
28 lines
926 B
Django/Jinja
[Interface]
|
|
Address = {{ vpn_ip }}/32
|
|
PrivateKey = {{ wireguard_secret.servers[inventory_hostname].priv }}
|
|
ListenPort = {{ wireguard.ip.port }}
|
|
|
|
{% if "bastion" in group_names %}
|
|
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o {{ net_interface }} -j MASQUERADE
|
|
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o {{ net_interface }} -j MASQUERADE
|
|
{% endif %}
|
|
SaveConfig = false
|
|
|
|
{% for server_peer in wireguard_secret.servers %}
|
|
{% if not server_peer == inventory_hostname %}
|
|
[Peer]
|
|
PublicKey = {{ wireguard_secret.servers[server_peer].pub }}
|
|
AllowedIPs = {{ hostvars[server_peer]["vpn_ip"] }}
|
|
Endpoint = {{ hostvars[server_peer]["local_ip"] }}:{{ wireguard.ip.port }}
|
|
{% endif %}
|
|
{% endfor %}
|
|
|
|
{% if "bastion" in group_names %}
|
|
{% for peer in wireguard_secret.clients %}
|
|
[Peer]
|
|
PublicKey = {{ peer.pub_key }}
|
|
AllowedIPs = {{ peer.addr }}
|
|
{% endfor %}
|
|
{% endif %}
|