ansible.fftdf.supernode/roles/21-install-wireguard/templates/wg.conf.j2

34 lines
1.3 KiB
Plaintext
Raw Normal View History

2022-05-08 19:32:16 +00:00
#jinja2: lstrip_blocks:"True",trim_blocks:"True"
# {{ ansible_managed }}
# PublicKey: {{ wireguard__register_public_key.stdout }}
[Interface]
# {{ inventory_hostname }}
Address = {{ wireguard_address }}
PrivateKey = {{ wireguard_private_key }}
ListenPort = {{ wireguard_port }}
2023-03-12 20:40:59 +00:00
MTU = 1355
2022-05-08 19:32:16 +00:00
2023-03-02 20:45:46 +00:00
PostUp = ip rule add fwmark 0x4 table 42 && iptables -t mangle -A PREROUTING -s 10.255.0.0/16 ! -d 10.0.0.0/8 -j MARK --set-mark 4 && ip route add default via 172.16.7.1 table 42
2023-03-02 19:25:22 +00:00
2022-05-08 19:32:16 +00:00
{% if wireguard_unmanaged_peers is defined %}
# Peers not managed by Ansible from "wireguard_unmanaged_peers" variable
{% for peer in wireguard_unmanaged_peers.keys() %}
[Peer]
# {{ peer }}
PublicKey = {{ wireguard_unmanaged_peers[peer].public_key }}
{% if wireguard_unmanaged_peers[peer].preshared_key is defined %}
PresharedKey = {{ wireguard_unmanaged_peers[peer].preshared_key }}
{% endif %}
{% if wireguard_unmanaged_peers[peer].allowed_ips is defined %}
AllowedIPs = {{ wireguard_unmanaged_peers[peer].allowed_ips }}
{% endif %}
{% if wireguard_unmanaged_peers[peer].endpoint is defined %}
Endpoint = {{ wireguard_unmanaged_peers[peer].endpoint }}
{% endif %}
{% if wireguard_unmanaged_peers[peer].persistent_keepalive is defined %}
PersistentKeepalive = {{ wireguard_unmanaged_peers[peer].persistent_keepalive }}
{% endif %}
{% endfor %}
{% endif %}