PiFrame/ansible-role-wireguard
Archived
1
0
Fork 0
Code Pull requests Releases Activity

add missing options for WG interface definition

Browse source
This commit is contained in:
githubixx 2019-11-05 21:33:07 +01:00
parent a357e5fab1
commit 66fcb48c20
2 changed files with 22 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
README.md
View file

@ -76,13 +76,18 @@ Endpoint = controller01.p.domain.tld:51820
Now this is basically the same as above BUT now the config says: I want to route EVERY traffic originating from my workstation to the endpoint `controller01.p.domain.tld:51820`. If that endpoint can handle the traffic is of course another thing and it's up to you how you configure the endpoint routing ;-)
You can specify further optional settings (they don't have a default and won't be set if not specified besides `wireguard_allowed_ips` as already mentioned) also per host in `host_vars/` (or in your Ansible hosts file if you like):
You can specify further optional settings (they don't have a default and won't be set if not specified besides `wireguard_allowed_ips` as already mentioned) also per host in `host_vars/` (or in your Ansible hosts file if you like). The values for the following variables are just examples and no defaults (for more information and examples see [wg-quick.8](https://git.zx2c4.com/WireGuard/about/src/tools/man/wg-quick.8)):
```
wireguard_allowed_ips: ""
wireguard_endpoint: "host1.domain.tld"
wireguard_persistent_keepalive: "30"
wireguard_dns: "1.1.1.1"
wireguard_fwmark: "1234"
wireguard_mtu: "1492"
wireguard_table: "5000"
wireguard_preup: "..."
wireguard_predown: "..."
wireguard_postup: "..."
wireguard_postdown: "..."
wireguard_save_config: "true"
@ -259,6 +264,7 @@ vpn1:
wireguard_endpoint: nated.exemple.com
wireguard_postup: "iptables -t nat -A POSTROUTING -o ens12 -j MASQUERADE"
wireguard_postdown: "iptables -t nat -D POSTROUTING -o ens12 -j MASQUERADE"
vpn2:
hosts:
multi-wg1: # use a different name, and define ansible_host, to avoid mixing of vars without needing to prefix vars with interface name

15
templates/wg.conf.j2
View file

@ -6,6 +6,21 @@ ListenPort = {{wireguard_port}}
{% if hostvars[inventory_hostname].wireguard_dns is defined %}
DNS = {{hostvars[inventory_hostname].wireguard_dns}}
{% endif %}
{% if hostvars[inventory_hostname].wireguard_fwmark is defined %}
FwMark = {{hostvars[inventory_hostname].wireguard_fwmark}}
{% endif %}
{% if hostvars[inventory_hostname].wireguard_mtu is defined %}
MTU = {{hostvars[inventory_hostname].wireguard_mtu}}
{% endif %}
{% if hostvars[inventory_hostname].wireguard_table is defined %}
Table = {{hostvars[inventory_hostname].wireguard_table}}
{% endif %}
{% if hostvars[inventory_hostname].wireguard_preup is defined %}
PreUp = {{hostvars[inventory_hostname].wireguard_preup}}
{% endif %}
{% if hostvars[inventory_hostname].wireguard_predown is defined %}
PreDown = {{hostvars[inventory_hostname].wireguard_predown}}
{% endif %}
{% if hostvars[inventory_hostname].wireguard_postup is defined %}
PostUp = {{hostvars[inventory_hostname].wireguard_postup}}
{% endif %}